onlyoffice / kubernetes-docs Goto Github PK
View Code? Open in Web Editor NEWONLYOFFICE Docs for Kubernetes
Home Page: https://onlyoffice.com
License: Apache License 2.0
ONLYOFFICE Docs for Kubernetes
Home Page: https://onlyoffice.com
License: Apache License 2.0
Use default
storage class according to output
# kubectl get sc
standard (default) k8s.io/minikube-hostpath Delete Immediate false 25m
Exectutet all command and got in result:
Containers hangup on ContainerCreating
Seems nfs mount is reason:
# kubectl describe pods converter-79c7ff8c89-8lnpv
Mounting command: systemd-run
Mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b --scope -- mount -t nfs -o vers=3 10.106.252.253:/export/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b
Output: Running scope as unit: run-r88e121c8cd7b45f59cfdda7eab24b50b.scope
mount: /var/lib/kubelet/pods/30066470-e9bc-4cbc-86db-93581f571b21/volumes/kubernetes.io~nfs/pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
Warning FailedMount 17m kubelet, lobashov-minikube MountVolume.SetUp failed for volume "pvc-66216c1b-f7f5-4afc-8d23-904f02ae843b" : mount failed: exit status 32
If we have license for 1000 connection and deploy two docservice
nodes - this cluster handle 2000 connection
This mechanism need to be redone
15#15: *26 open() "/var/www/onlyoffice/documentserver/sdkjs/common/Images/content_controls/[email protected]" failed (13: Permission denied),
This is what the proxy images currently return, is it possible that they have been wrongly build? B/c those are static files in the container itself, but they have permission on the ds user and not the nginx user running the whole thing. Seems like this image wasn't tested.
Due to the way that ArgoCD converts the Helm hooks this chart fails to deploy in ArgoCD. In the chart on this page one can see the helm.sh/hook: pre-upgrade
get converted to a argocd.argoproj.io/hook: PreSync
which gets executed on every sync. ArgoCD under the hood does not use helm in the way one would think. It's likely that other GitOps tools will have similar issues. This causes the job pre-upgrade
to be executed on first run before the PVC it needs is created. It get's stuck in a progressing state and will not complete unless you selectively sync everything except the two applications.
Steps to reproduc:
Problem is not reproduce on Centos based machine with rpm DocumentServer via DocumentServer test example
OpenShift uses RBAC policies by default to define and apply permissions.
OpenShift users who do not have the cluster admin role added may have problems deploying manifests that use various actions (verbs: "get", "list", "create", etc.) on resources ("pods", "deployments", "statefulsets", "endpoints", etc.).
These problems are usually related to the fact that the user does not have rights to perform the requested actions.
To fix this, without giving the user the cluster admin role, you can create a role with the required actions on the resources, and then bind it to the user. Read more here.
Hi all,
we have an instance with 2 docservice replica and 2 nextcloud replica (all stuff is deployed with onlyoffice and nextcloud helmcharts)
onlyoffice become unhealthy after some delay and no edition can continue to work.
2 extracts from onlyoffice logs :
nodeJS - sendServerRequest error: url = https://box.mydomain.com/apps/onlyoffice/track?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ…;data = {"key":"1743264896","status":3,"users":["oc992s7o213w_*.*@*.*.fr"],"actions":[{"type":0,"userid":"oc992s7o213w_*.*@*.*.fr"}],"lastsave":"2024-05-07T11:24:40.000Z","notmodified":false,"token":"eyJhbGci…"} Error: Error response: statusCode:400; headers:{"server":"nginx/1.25.4","date":"Tue, 07 May 2024 12:26:57 GMT","content-type":"application/json; charset=utf-8","content-length":"27","set-cookie":["oc_sessionPassphrase=LA4Q9…; path=/; secure; HttpOnly; SameSite=Lax","__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict","oc992s7o213w=2113bb256dd0…; path=/; secure; HttpOnly; SameSite=Lax","da2677c5e2708…=1fa0282a5b1b207…; path=/; HttpOnly; Secure; SameSite=None"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","pragma":"no-cache","x-request-id":"hvducjxZmavEXHF1QTM8","cache-control":"no-cache, no-store, must-revalidate","content-security-policy":"default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'","feature-policy":"autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'","x-robots-tag":"noindex, nofollow, noindex, nofollow","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-download-options":"noopen","x-frame-options":"SAMEORIGIN","x-permitted-cross-domain-policies":"none","x-xss-protection":"1; mode=block","connection":"close"}; body:
…
sqlQuery error sqlCommand: INSERT INTO task_result (tenant, id, status, statu: error: duplicate key value violates unique constraint "task_result_pkey"
…
it worked well before with one replica on each side.
any idea ?
regards
Heylo,
I am quite new to onlyoffice galaxy and only deployed it as docker-compose deployment (install.sh script) for testing. As an permament solution I would like to move to kubernetes instead and tried out this helm deployment, but can't get out of the example view and can't save anything. Is this deployment usable as standalone or just supposed to be integrated into an application or eg. the community server?
In that case I would likely have to build a complete workspace deployment, so community, documents, (mail) and control-panel umbrella chart?
As the documents server image can use an integreated rabbitmq and postgres, these don't have to be deployed if just one instance of the document server is running? So as an idea, rebuild the docker deployment as an helm chart? (no-ha and so on, i know)
Sorry for the maybe obvious and blunt questions.
Thanks for any feedback,
Jakob
Hello guys,
I am very interested on the changes that you implement on feature/release-7.0.1.
Do you have a planned release date for this branch?
Do you also plan to package the chart and deploy it in a helm repo? This would be of great help. Otherwise I always need to checkout the sources and package it myself.
Additionally is there a roadmap of future changes to the helm chart?
Thanks in advance.
Best regards,
Martin
Hello,
We are using S3 as persistence storage for DocumentServer. For extraconf parameters this guide leads us to use ConfigMap. Is there another way to handle those secrets to not store them in ConfigMap as plaintext? Its not very secure when you are using IaC and need to store "local.json" with extraconf params in Git as well.
{
"storage": {
"name": "storage-s3",
"fs": {
"folderPath": "",
"urlExpires": 900,
"secretString": "XXXXXXXXXXX"
},
"region": "us-west-2",
"endpoint": "https://s3.us-west-2.amazonaws.com/",
"bucketName": "XXXXXXXXXX",
"storageFolderName": "files",
"urlExpires": 604800,
"accessKeyId": "AKIAXXXXyyyyyyy",
"secretAccessKey": "XXXXXyyyyy",
"sslEnabled": false,
"s3ForcePathStyle": false,
"externalHost": ""
}
}
Thank you in advance
Commands like
helm install nfs-server stable/nfs-server-provisioner \
--set persistence.enabled=true \
--set persistence.storageClass=PERSISTENT_STORAGE_CLASS \
--set persistence.size=PERSISTENT_SIZE
helm install rabbitmq stable/rabbitmq
helm install redis stable/redis \
--set cluster.enabled=false \
--set usePassword=false
helm install postgresql stable/postgresql \
--set initdbScriptsConfigMap=init-db-scripts \
--set postgresqlDatabase=postgres \
--set persistence.size=8Gi
show warning WARNING: This chart is deprecated
Not sure how this is critical, but sometime in future we may lose those dependencies
Maybe related to #11
Hi, I can't figure out how to add custom fonts for a kubernetes deployment.
The documentation always refers to building a new image https://github.com/ONLYOFFICE/Kubernetes-Docs/tree/master?tab=readme-ov-file#8-add-custom-fonts but it's for a new complete image of onlyoffice, how can I build a new image for docs-converter only?
Thank you for your help
I am deploying onlyoffice in kubernetes using argo-cd.
While this is working fine in a lab environment where the external postgresql server accepts unencrypted connections, it is not working in prod env where the hosted postgresql only accepts tls connections.
So when I try to deploy the docservice containers do not come up, and I always see this error:
[2023-06-12T10:12:22.336] [WARN] [docId] [userId] nodeJS - sqlQuery error sqlCommand: SELECT column_name FROM information_schema.COLUMNS: error: pg_hba.conf rejects connection for host "10.7.226.14", user "onlyoffice", database "onlyoffice", no encryption
The information I found is that I have to set ssl in pgPoolExtraOptions to true - and I can confirm that with a small nodejs test script that with ssl set to false I get the same error there, and ssl set to true works.
So I created a configmap accordingly that ends up in docservice container like this:
sh-4.2$ cat /etc/onlyoffice/documentserver/local.json { "sql": { "pgPoolExtraOptions": { "ssl": true }}}
and added in values passed by argo-cd to helm:
values: | extraConf: configMap: local-config
But when I try to deploy I still get the same error. What is the correct format for this configmap?
Hello,
Our Openshift cluster rejects anything that doesn't have resources.limits.memory
set; currently that means that install/upgrade/rollback/delete jobs don't work for us. It would be nice to add the option to specify resources
for the jobs.
Cheers,
Arthur
Hello,
I followed documentation to deploy prometheus-statsd-exporter and enable metrics in Onlyoffice helm as shown here:
https://github.com/ONLYOFFICE/Kubernetes-Docs?tab=readme-ov-file#6-deploy-statsd-exporter
https://github.com/ONLYOFFICE/Kubernetes-Docs?tab=readme-ov-file#52-metrics-deployment-optional
But I'm unable to see any metrics appear in prometheus-statsd-exporter.
I even tried to add statsd config to a local.json confimap just in case but nothing seems to work.
Here is my values.yaml:
metrics:
enabled: true
host: observability-prometheus-statsd-exporter.observability
port: "8125"
prefix: onlyoffice.demoa.
Here is my local.json (but if I understand I shouldn't have to use this):
{{- if .Values.extraConf.configMap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.extraConf.configMap }}
namespace: {{ include "ds.namespace" . | quote }}
{{- if .Values.commonLabels }}
labels:
{{- include "ds.labels.commonLabels" . | trim | nindent 4 }}
{{- end }}
data:
local.json: |-
{
{{- if .Values.metrics.enabled }}
"statsd": {
"useMetrics": true,
"host": "{{ .Values.metrics.host }}",
"port": "{{ .Values.metrics.port }}",
"prefix": "{{.Values.metrics.prefix }}"
},
{{- end }}
"services": {
"CoAuthoring": {
"autoAssembly": {
"enable": true,
"interval": "0m",
"step": "0m"
}
}
}
}
{{- end }}
Any idea on what I may have missed here?
Thanks for the help.
Aurélien
I have followed the Helm install.
The trouble is with the files directory in the PVC
ls -la /var/lib/onlyoffice/documentserver/App_Data/cache/
total 12K
drwxr-xr-x 3 ds ds 4.0K Jun 15 08:33 .
drwxr-xr-x 4 ds ds 4.0K Jun 15 08:33 ..
drwxr-xr-x 8 root root 4.0K Jul 1 09:40 files
The converter can't write the cache files
I've bypassed that with an initContainer to chown the directory, but it's temporary because I've edited the deployment directly in the cluster, and it's "hacky".
Do I miss something ?
If some pod have a lot of perforamnce load currently only way to add more power - manually spinup some more nodes.
Need support of autoscaling
In current version of instruction license file should be placed inside config
https://github.com/ONLYOFFICE/kube-documentserver/blob/master/README.md#1-deploy-onlyoffice-documentserver-license
If license file is multile (which is allowed by DocumentServer) it's looks like this:
Which is very hard to read. And not sure if working at all
Need to add ability to read (or any command line example how to read) license file directly to config)
Currently some password stored in plain text in
https://github.com/ONLYOFFICE/kube-documentserver/blob/master/configmaps/documentserver.yaml#L7
Need to use k8s secrets
on values.yaml, you cannot use multiline annotations, as it failed yaml syntax. It is required for example with HAProxy ingress controller to add multiple headers.
ingress:
enabled: true
annotations:
haproxy.org/response-set-header: |
X-Content-Type-Options "nosniff"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Error: Failed to render chart: exit status 1: Error: YAML parse error on docs/templates/ingresses/documentserver.yaml: error converting YAML to JSON: yaml: line 12: could not find expected ':'
Syntax error is here : https://github.com/ONLYOFFICE/Kubernetes-Docs/blob/master/templates/ingresses/documentserver.yaml#L12
I guess correct template should be (to be tested) :
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{- $value | toYaml | nindent 4 }}
{{- end }}
Source: https://stackoverflow.com/questions/50951124/multiline-string-to-a-variable-in-a-helm-template
I have installed the whole stack as it was advised in the readme. After that, I added a let's encrypt certificate manually to the ingress and turned off the rejectUnauthorized flag by mounting it the default.json file as a ConfigMap. Afterward I set hostAliases to the docservice, converter and the nextcloud deployment so they can resolve the hostname.
Everything was fine and I was able to connect the nextcloud to the documentserver and I created a docx file but as I open it the following error appears in the logs of docservice container:
[2022-01-31T16:06:41.318] [ERROR] nodeJS - sendServerRequest error: docId = 2064873878;url = https://cloud.mydomain.com/apps/onlyoffice/track?doc=eyJ0eXAiOmZpbGVJZCI6MjY5LCJmaWxlUGF0aCI6IlwvRG9jdW1lbnQuZG9jeCIsInNoYXJlVG9rZW4iOm51bGwsImFjdGlvbiI6InRyYWNrIn0.mIAPa0jDYqvzojVaXXtr1IYkUipVaEh-3WbUG7aBGQA;data = {"key":"2064873878","status":2,"url":"https://documentserver.mydomain.com/cache/files/2064873878_1811/output.docx/output.docx?md5=PsPlPZyEMDGqxrkV6PBIwA&expires=1643646102&filename=output.docx","history":{},"users":["ocjsd52tu6j7_admin"],"actions":[{"type":0,"userid":"ocjsd_admin"}],"lastsave":"2022-01-31T15:35:08.000Z","notmodified":false,"filetype":"docx"}
Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
See details here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.