onlyoffice / kubernetes-docs Goto Github PK

Use default storage class according to output

# kubectl get sc
standard (default)   k8s.io/minikube-hostpath                          Delete          Immediate           false                  25m

Exectutet all command and got in result:

Containers hangup on ContainerCreating

Seems nfs mount is reason:

# kubectl describe pods converter-79c7ff8c89-8lnpv
Mounting command: systemd-run
Mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b --scope -- mount -t nfs -o vers=3 10.106.252.253:/export/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b
Output: Running scope as unit: run-r88e121c8cd7b45f59cfdda7eab24b50b.scope
mount: /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
  Warning  FailedMount  17m  kubelet, lobashov-minikube  MountVolume.SetUp failed for volume "pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b" : mount failed: exit status 32

If we have license for 1000 connection and deploy two docservice nodes - this cluster handle 2000 connection

This mechanism need to be redone

15#15: *26 open() "/var/www/onlyoffice/documentserver/sdkjs/common/Images/content_controls/[email protected]" failed (13: Permission denied),

This is what the proxy images currently return, is it possible that they have been wrongly build? B/c those are static files in the container itself, but they have permission on the ds user and not the nginx user running the whole thing. Seems like this image wasn't tested.

Due to the way that ArgoCD converts the Helm hooks this chart fails to deploy in ArgoCD. In the chart on this page one can see the helm.sh/hook: pre-upgrade get converted to a argocd.argoproj.io/hook: PreSync which gets executed on every sync. ArgoCD under the hood does not use helm in the way one would think. It's likely that other GitOps tools will have similar issues. This causes the job pre-upgrade to be executed on first run before the PVC it needs is created. It get's stuck in a progressing state and will not complete unless you selectively sync everything except the two applications.

Started example service and randomly created some files

Seems that each refresh of example page I have three ranom state:

1. one docx file
2. one docx, one xlsx file
3. no files at all
   

Steps to reproduc:

1. Upload attached rtf to ONLYOFFICE Community , connected to kube-documentserver
2. ONLYOFFICE Community askes to convert this file to docx, agree
3. Open resulting docx in DocumentEditor
4. Save As -> Docx from DocumentEditor

Problem is not reproduce on Centos based machine with rpm DocumentServer via DocumentServer test example

01068.zip

OpenShift uses RBAC policies by default to define and apply permissions.
OpenShift users who do not have the cluster admin role added may have problems deploying manifests that use various actions (verbs: "get", "list", "create", etc.) on resources ("pods", "deployments", "statefulsets", "endpoints", etc.).
These problems are usually related to the fact that the user does not have rights to perform the requested actions.
To fix this, without giving the user the cluster admin role, you can create a role with the required actions on the resources, and then bind it to the user. Read more here.

When I upload a file in a format that needs converting (eg: .odt, .odp...) I receive an error:

I tried modifying the DS_URL in example.yaml configmap but nothing seems to work

Hi all,

we have an instance with 2 docservice replica and 2 nextcloud replica (all stuff is deployed with onlyoffice and nextcloud helmcharts)
onlyoffice become unhealthy after some delay and no edition can continue to work.

2 extracts from onlyoffice logs :

nodeJS - sendServerRequest error: url = https://box.mydomain.com/apps/onlyoffice/track?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ…;data = {"key":"1743264896","status":3,"users":["oc992s7o213w_*.*@*.*.fr"],"actions":[{"type":0,"userid":"oc992s7o213w_*.*@*.*.fr"}],"lastsave":"2024-05-07T11:24:40.000Z","notmodified":false,"token":"eyJhbGci…"} Error: Error response: statusCode:400; headers:{"server":"nginx/1.25.4","date":"Tue, 07 May 2024 12:26:57 GMT","content-type":"application/json; charset=utf-8","content-length":"27","set-cookie":["oc_sessionPassphrase=LA4Q9…; path=/; secure; HttpOnly; SameSite=Lax","__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict","oc992s7o213w=2113bb256dd0…; path=/; secure; HttpOnly; SameSite=Lax","da2677c5e2708…=1fa0282a5b1b207…; path=/; HttpOnly; Secure; SameSite=None"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","pragma":"no-cache","x-request-id":"hvducjxZmavEXHF1QTM8","cache-control":"no-cache, no-store, must-revalidate","content-security-policy":"default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'","feature-policy":"autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'","x-robots-tag":"noindex, nofollow, noindex, nofollow","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-download-options":"noopen","x-frame-options":"SAMEORIGIN","x-permitted-cross-domain-policies":"none","x-xss-protection":"1; mode=block","connection":"close"}; body:
…
sqlQuery error sqlCommand: INSERT INTO task_result (tenant, id, status, statu: error: duplicate key value violates unique constraint "task_result_pkey"
…

it worked well before with one replica on each side.

any idea ?

regards

Heylo,

I am quite new to onlyoffice galaxy and only deployed it as docker-compose deployment (install.sh script) for testing. As an permament solution I would like to move to kubernetes instead and tried out this helm deployment, but can't get out of the example view and can't save anything. Is this deployment usable as standalone or just supposed to be integrated into an application or eg. the community server?

In that case I would likely have to build a complete workspace deployment, so community, documents, (mail) and control-panel umbrella chart?

As the documents server image can use an integreated rabbitmq and postgres, these don't have to be deployed if just one instance of the document server is running? So as an idea, rebuild the docker deployment as an helm chart? (no-ha and so on, i know)

Sorry for the maybe obvious and blunt questions.

Thanks for any feedback,
Jakob

Hello guys,

I am very interested on the changes that you implement on feature/release-7.0.1.
Do you have a planned release date for this branch?
Do you also plan to package the chart and deploy it in a helm repo? This would be of great help. Otherwise I always need to checkout the sources and package it myself.
Additionally is there a roadmap of future changes to the helm chart?

Thanks in advance.

Best regards,
Martin

Hello,
We are using S3 as persistence storage for DocumentServer. For extraconf parameters this guide leads us to use ConfigMap. Is there another way to handle those secrets to not store them in ConfigMap as plaintext? Its not very secure when you are using IaC and need to store "local.json" with extraconf params in Git as well.

{
    "storage": {
                  "name": "storage-s3",
                  "fs": {
                          "folderPath": "",
                          "urlExpires": 900,
                          "secretString": "XXXXXXXXXXX"
                  },
                  "region": "us-west-2",
                  "endpoint": "https://s3.us-west-2.amazonaws.com/",
                  "bucketName": "XXXXXXXXXX",
                  "storageFolderName": "files",
                  "urlExpires": 604800,
                  "accessKeyId": "AKIAXXXXyyyyyyy",
                  "secretAccessKey": "XXXXXyyyyy",
                  "sslEnabled": false,
                  "s3ForcePathStyle": false,
                  "externalHost": ""
    }
}

Thank you in advance

Commands like

helm install nfs-server stable/nfs-server-provisioner \
  --set persistence.enabled=true \
  --set persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set persistence.size=PERSISTENT_SIZE

helm install rabbitmq stable/rabbitmq

helm install redis stable/redis \
  --set cluster.enabled=false \
  --set usePassword=false

helm install postgresql stable/postgresql \
  --set initdbScriptsConfigMap=init-db-scripts \
  --set postgresqlDatabase=postgres \
  --set persistence.size=8Gi

show warning WARNING: This chart is deprecated

Not sure how this is critical, but sometime in future we may lose those dependencies

Maybe related to #11

Hi, I can't figure out how to add custom fonts for a kubernetes deployment.

The documentation always refers to building a new image https://github.com/ONLYOFFICE/Kubernetes-Docs/tree/master?tab=readme-ov-file#8-add-custom-fonts but it's for a new complete image of onlyoffice, how can I build a new image for docs-converter only?

Thank you for your help

I am deploying onlyoffice in kubernetes using argo-cd.
While this is working fine in a lab environment where the external postgresql server accepts unencrypted connections, it is not working in prod env where the hosted postgresql only accepts tls connections.

So when I try to deploy the docservice containers do not come up, and I always see this error:
[2023-06-12T10:12:22.336] [WARN] [docId] [userId] nodeJS - sqlQuery error sqlCommand: SELECT column_name FROM information_schema.COLUMNS: error: pg_hba.conf rejects connection for host "10.7.226.14", user "onlyoffice", database "onlyoffice", no encryption

The information I found is that I have to set ssl in pgPoolExtraOptions to true - and I can confirm that with a small nodejs test script that with ssl set to false I get the same error there, and ssl set to true works.

So I created a configmap accordingly that ends up in docservice container like this:
sh-4.2$ cat /etc/onlyoffice/documentserver/local.json { "sql": { "pgPoolExtraOptions": { "ssl": true }}}
and added in values passed by argo-cd to helm:
values: | extraConf: configMap: local-config

But when I try to deploy I still get the same error. What is the correct format for this configmap?

Hello,

Our Openshift cluster rejects anything that doesn't have resources.limits.memory set; currently that means that install/upgrade/rollback/delete jobs don't work for us. It would be nice to add the option to specify resources for the jobs.

Cheers,
Arthur

Hello,

I followed documentation to deploy prometheus-statsd-exporter and enable metrics in Onlyoffice helm as shown here:
https://github.com/ONLYOFFICE/Kubernetes-Docs?tab=readme-ov-file#6-deploy-statsd-exporter
https://github.com/ONLYOFFICE/Kubernetes-Docs?tab=readme-ov-file#52-metrics-deployment-optional

But I'm unable to see any metrics appear in prometheus-statsd-exporter.
I even tried to add statsd config to a local.json confimap just in case but nothing seems to work.

Here is my values.yaml:

metrics:
  enabled: true
  host: observability-prometheus-statsd-exporter.observability
  port: "8125"
  prefix: onlyoffice.demoa.

Here is my local.json (but if I understand I shouldn't have to use this):

{{- if .Values.extraConf.configMap }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Values.extraConf.configMap }}
  namespace: {{ include "ds.namespace" . | quote }}
  {{- if .Values.commonLabels }}
  labels:
    {{- include "ds.labels.commonLabels" . | trim | nindent 4 }}
  {{- end }}
data:
  local.json: |-
    {
    {{- if .Values.metrics.enabled }}
      "statsd": {
        "useMetrics": true,
        "host": "{{ .Values.metrics.host }}",
        "port": "{{ .Values.metrics.port }}",
        "prefix": "{{.Values.metrics.prefix }}"
      },
    {{- end }}
      "services": {
        "CoAuthoring": {
          "autoAssembly": {
            "enable": true,
            "interval": "0m",
            "step": "0m"
          }
        }
      }
    }

{{- end }}

Any idea on what I may have missed here?

Thanks for the help.

Aurélien

I have followed the Helm install.

The trouble is with the files directory in the PVC

ls -la /var/lib/onlyoffice/documentserver/App_Data/cache/
total 12K
drwxr-xr-x 3 ds ds 4.0K Jun 15 08:33 .
drwxr-xr-x 4 ds ds 4.0K Jun 15 08:33 ..
drwxr-xr-x 8 root root 4.0K Jul 1 09:40 files

The converter can't write the cache files

I've bypassed that with an initContainer to chown the directory, but it's temporary because I've edited the deployment directly in the cluster, and it's "hacky".

Do I miss something ?

If some pod have a lot of perforamnce load currently only way to add more power - manually spinup some more nodes.

Need support of autoscaling

In current version of instruction license file should be placed inside config
https://github.com/ONLYOFFICE/kube-documentserver/blob/master/README.md#1-deploy-onlyoffice-documentserver-license

If license file is multile (which is allowed by DocumentServer) it's looks like this:

Which is very hard to read. And not sure if working at all

Need to add ability to read (or any command line example how to read) license file directly to config)

Currently some password stored in plain text in
https://github.com/ONLYOFFICE/kube-documentserver/blob/master/configmaps/documentserver.yaml#L7

Need to use k8s secrets

on values.yaml, you cannot use multiline annotations, as it failed yaml syntax. It is required for example with HAProxy ingress controller to add multiple headers.

ingress:
  enabled: true
  annotations:
    haproxy.org/response-set-header: |
      X-Content-Type-Options "nosniff"
      Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Error: Failed to render chart: exit status 1: Error: YAML parse error on docs/templates/ingresses/documentserver.yaml: error converting YAML to JSON: yaml: line 12: could not find expected ':'

Syntax error is here : https://github.com/ONLYOFFICE/Kubernetes-Docs/blob/master/templates/ingresses/documentserver.yaml#L12
I guess correct template should be (to be tested) :

  annotations:
    {{- range $key, $value := .Values.ingress.annotations }}
    {{ $key }}: {{- $value | toYaml | nindent 4 }}
    {{- end }}

Source: https://stackoverflow.com/questions/50951124/multiline-string-to-a-variable-in-a-helm-template

I have installed the whole stack as it was advised in the readme. After that, I added a let's encrypt certificate manually to the ingress and turned off the rejectUnauthorized flag by mounting it the default.json file as a ConfigMap. Afterward I set hostAliases to the docservice, converter and the nextcloud deployment so they can resolve the hostname.
Everything was fine and I was able to connect the nextcloud to the documentserver and I created a docx file but as I open it the following error appears in the logs of docservice container:

[2022-01-31T16:06:41.318] [ERROR] nodeJS - sendServerRequest error: docId = 2064873878;url = https://cloud.mydomain.com/apps/onlyoffice/track?doc=eyJ0eXAiOmZpbGVJZCI6MjY5LCJmaWxlUGF0aCI6IlwvRG9jdW1lbnQuZG9jeCIsInNoYXJlVG9rZW4iOm51bGwsImFjdGlvbiI6InRyYWNrIn0.mIAPa0jDYqvzojVaXXtr1IYkUipVaEh-3WbUG7aBGQA;data = {"key":"2064873878","status":2,"url":"https://documentserver.mydomain.com/cache/files/2064873878_1811/output.docx/output.docx?md5=PsPlPZyEMDGqxrkV6PBIwA&expires=1643646102&filename=output.docx","history":{},"users":["ocjsd52tu6j7_admin"],"actions":[{"type":0,"userid":"ocjsd_admin"}],"lastsave":"2022-01-31T15:35:08.000Z","notmodified":false,"filetype":"docx"}
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)

See details here.

For example:
https://github.com/helm/charts/tree/master/stable/rabbitmq-ha
https://github.com/helm/charts/tree/master/stable/redis-ha
https://github.com/helm/charts/tree/master/stable/postgresql