Merge pull request #1934 from nextcloud/enh/noid/handle-talk-internal-ports

helm - handle talk internal ports correctly and fix permissions for Nextcloud container

helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -58,7 +58,6 @@ spec:
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}
-              hostIP: {{ .Values.APACHE_IP_BINDING }}
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-aio-nextcloud

helm-chart/templates/nextcloud-aio-apache-service.yaml

@@ -8,6 +8,7 @@ metadata:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
 spec:
+  type: LoadBalancer
   ports:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}

helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -36,6 +36,8 @@ spec:
         - env:
             - name: ES_JAVA_OPTS
               value: -Xms1024M -Xmx1024M
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type

helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -28,13 +28,10 @@ spec:
             - chmod
             - "777"
             - /nextcloud-aio-nextcloud
-            - /nextcloud-aio-nextcloud-data
             - /nextcloud-aio-nextcloud-trusted-cacerts
           volumeMounts:
             - name: nextcloud-aio-nextcloud-trusted-cacerts
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
-            - name: nextcloud-aio-nextcloud-data
-              mountPath: /nextcloud-aio-nextcloud-data
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
       containers:

helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -42,4 +42,5 @@ spec:
             - containerPort: {{ .Values.TALK_PORT }}
             - containerPort: {{ .Values.TALK_PORT }}
               protocol: UDP
+            - containerPort: 8081
 {{- end }}

helm-chart/templates/nextcloud-aio-talk-service.yaml

@@ -1,4 +1,27 @@
 {{- if eq .Values.TALK_ENABLED "yes" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk-public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "{{ .Values.TALK_PORT }}"
+      port: {{ .Values.TALK_PORT }}
+      targetPort: {{ .Values.TALK_PORT }}
+    - name: {{ .Values.TALK_PORT }}-udp
+      port: {{ .Values.TALK_PORT }}
+      protocol: UDP
+      targetPort: {{ .Values.TALK_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-talk
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -10,13 +33,9 @@ metadata:
   name: nextcloud-aio-talk
 spec:
   ports:
-    - name: "{{ .Values.TALK_PORT }}"
-      port: {{ .Values.TALK_PORT }}
-      targetPort: {{ .Values.TALK_PORT }}
-    - name: {{ .Values.TALK_PORT }}-udp
-      port: {{ .Values.TALK_PORT }}
-      protocol: UDP
-      targetPort: {{ .Values.TALK_PORT }}
+    - name: "8081"
+      port: 8081
+      targetPort: 8081
   selector:
     io.kompose.service: nextcloud-aio-talk
 {{- end }}

helm-chart/update-helm.sh

@@ -73,8 +73,11 @@ for variable in "${DEPLOYMENTS[@]}"; do
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
         for volumeName in "${volumeNames[@]}"; do
-            sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
-            sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+            # The Nextcloud container runs as root user and sets the correct permissions automatically for the data-dir if the www-data user cannot write to it
+            if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
+                sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
+                sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+            fi
         done
         sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
         if grep -q claimName "$variable"; then
@@ -110,6 +113,22 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+echo '---' > /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
+sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
+# shellcheck disable=SC1083
+INTERNAL_TALK_PORTS="$(find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{} \;)"
+mapfile -t INTERNAL_TALK_PORTS <<< "$INTERNAL_TALK_PORTS"
+for port in "${INTERNAL_TALK_PORTS[@]}"; do
+    port="$(echo "$port" | grep -oP '[0-9]+')"
+    sed -i "/$port/d" /tmp/talk-service.copy
+done
+echo '---' >>  /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083

helm-chart/values.yaml

@@ -1,16 +1,15 @@
 IMAGE_TAG: latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
-APACHE_IP_BINDING: 0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+CLAMAV_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+COLLABORA_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
@@ -21,15 +20,15 @@ NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially crea
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED: no          # Setting this to yes enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED: no          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-TALK_ENABLED: yes          # Setting this to yes enables the option in Nextcloud automatically.
+TALK_ENABLED: "yes"          # Setting this to yes (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET:           # TODO! This needs to be a unique and good password!
-UPDATE_NEXTCLOUD_APPS: no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value