Skip to content
Snippets Groups Projects

Nextcloud + Onlyoffice helm chart

This helm chart installs Nextcloud and ONLYOFFICE and configures Nextcloud to use ONLYOFFICE as its document editor. Depends on the Nextcloud chart. For configuration details on Nextcloud, refer to their documentation.

Parts of this chart are based on a copy of the COLLABORA code helm chart

Installation

NOTE: The onlyoffice.server_name variable needs to be overwritten with a URL that points to your onlyoffice for this to work correctly. See values-local.yaml.example for an example of domain configurations you might want to do. These instructions assume you copy values-local.yaml.example to values-local.yaml and edit it.

NOTE: It is very important that you uncomment and set the following password and secrets variables manually when you run helm install:

  • nextcloud.nextcloud.password
  • nextcloud.mariadb.auth.password
  • nextcloud.mariadb.auth.rootPassword
  • redis.auth.password
  • onlyoffice.jwtSecret
  • rabbitmq.auth.password
  • rabbitmq.auth.erlangCookie
  • global.onlyofficeDb.password

NOTE: The chart currently includes a ConfigMap with a name that is not dependent on the release name. This means that the chart cannot be installed more than once into the same namespace. If you need to install Nextcloud and Onlyoffice several times into the same cluster, use different namespaces.

Install from the remote repo

This is the way to go if you want to use the packaged chart as is. If you'd like to make changes before installing, refer to the next section.

Add our helm repository1:

helm repo add nextcloud-onlyoffice https://open.greenhost.net/api/v4/projects/1/packages/helm/stable

Then install the chart:

helm install --wait -f values-local.yaml my-nextcloud nextcloud-onlyoffice/nextcloud-onlyoffice

The --wait is important! We need that because of how helm chart hooks work:

Note that if the --wait flag is set, the library will wait until all resources are in a ready state and will not run the post-install hook until they are ready.

The job in this chart needs the Nextcloud pod to be in a ready state before being executed.

Install from a local repo

Start by cloning the nextcloud helm chart repo:

git clone https://open.greenhost.net/stackspin/nextcloud.git
cd nextcloud

Add the dependencies repositories:

# nextcloud chart
helm repo add nextcloud https://nextcloud.github.io/helm
# rabbitmq chart
helm repo add bitnami https://charts.bitnami.com/bitnami

Fetch the chart dependencies:

helm dependency build

Then install the chart:

helm install --wait -f values-local.yaml my-nextcloud .

The --wait is important! We need that because of how helm chart hooks work:

Note that if the --wait flag is set, the library will wait until all resources are in a ready state and will not run the post-install hook until they are ready.

The job in this chart needs the Nextcloud pod to be in a ready state before being executed.

Nextcloud configuration.

This chart has a post-install/post-upgrade hook that installs apps (see below) and applies a custom configuration to set up those apps and integration with ONLYOFFICE as well as the Stackspin OIDC provider.

The hook job needs the Nextcloud pod to be in a ready state before being executed.

Apps

The Nextcloud app store allows admin users to install applications, many of which have not undergone security testing. For that reason we disabled downloading new apps via the app store. Upon installing Nextcloud it is possible to specify which applications from the app store are available. It is also possible to enable them by default. Apps that are not enabled by default can be enabled by admins through the Apps screen in Nextcloud.

Apps that are installed this way are automatically updated to their newest version every time Nextcloud is updated.

To install apps, you can add entries to the following helm values.

  • default if this app will part of the Stackspin defaults.
  • custom if you're installing this app only for a specific cluster. These apps will then be installed when the Nextcloud pod starts. Both default and custom are treated the same way -- we have both to make it easier to organize your helm values.
apps:
  default:
    - name: oidc_login  # Installs oidc_login app
      enabled: false    # Disables oidc_login by default
  custom:
    - name: polls
      enabled: false

Note that manually enabled apps will not be disabled upon rerunning the installer, which can lead to incompatibility errors upon Nextcloud Server version upgrades. Check for postStart errors as mentioned above.

Additionally, we have added an option to install Apps immediately from GitHub releases. Unlike when installing them with occ, this allows us to pin the versions to specific GitHub releases. To install an app from GitHub releases:

apps:
  default:
    - name: onlyoffice
      # The name of the repository. This is the name for a repository located at
      # https://github.com/ONLYOFFICE/onlyoffice-nextcloud:
      github_repository: ONLYOFFICE/onlyoffice-nextcloud
      # The version to install or upgrade the app to
      version: 7.5.4
      # The name of the "asset" to download from this release. This name can be
      # found on https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases
      release_filename: onlyoffice.tar.gz
      # Enable the app after installing it
      enabled: true

Values

The included values.yaml file configures Nextcloud to use a Mariadb database, otherwise the Job cannot access the database for plugin installation.

It also configures NextCloud to use a persistent volume, because this is necessary for the integration job to work. Be sure to change the size of the persistent disk (default: 2 GB) if you need more.

Parameter Description Default
nextcloud.* See NextCloud helm chart
onlyoffice.replicaCount Number of provisioner instances to deployed 1
onlyoffice.strategy Specifies the strategy used to replace old Pods by new ones Recreate
onlyoffice.jwtSecret Used to set the JWT shared secret between ONLYOFFICE and NC secret
onlyoffice.image.repository Provisioner image onlyoffice/documentserver
onlyoffice.image.tag Version of provisioner image 5.3.1.26
onlyoffice.image.pullPolicy Image pull policy IfNotPresent
onlyoffice.server_name Onlyoffice server URL onlyoffice.domain
onlyoffice.ingress.enabled false
onlyoffice.ingress.annotations {}
onlyoffice.ingress.paths []
onlyoffice.ingress.hosts []
onlyoffice.ingress.tls []
onlyoffice.livenessProbe.enabled Turn on and off liveness probe true
onlyoffice.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated 30
onlyoffice.livenessProbe.periodSeconds How often to perform the probe 10
onlyoffice.livenessProbe.timeoutSeconds When the probe times out 2
onlyoffice.livenessProbe.successThreshold Minimum consecutive successes for the probe 1
onlyoffice.livenessProbe.failureThreshold Minimum consecutive failures for the probe 3
onlyoffice.readinessProbe.enabled Turn on and off readiness probe true
onlyoffice.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated 30
onlyoffice.readinessProbe.periodSeconds How often to perform the probe 10
onlyoffice.readinessProbe.timeoutSeconds When the probe times out 2
onlyoffice.readinessProbe.successThreshold Minimum consecutive successes for the probe 1
onlyoffice.readinessProbe.failureThreshold Minimum consecutive failures for the probe 3
onlyoffice.securityContext Change pod security contenxt {}
onlyoffice.resources Resources required (e.g. CPU, memory) {}
onlyoffice.nodeSelector Node labels for pod assignment {}
onlyoffice.affinity Affinity settings {}
onlyoffice.tolerations List of node taints to tolerate []

Running tests

This chart comes with Cypress e2e tests that you can run by running helm test <release name>. Add the --logs parameter if you want to immediately see the console output from the test.

Running the tests locally

If the tests fail, you'll want to observe the steps Cypress executes in the browser. To do so, install Cypress with npm

Setup

npm install -D

Usage

Export KUBECONFIG to access a cluster with an existing nextcloud helm chart installation.

export KUBECONFIG=…/kube_config_cluster.yml

Set environment variables to use with Cypress. Read the script to see the possible values and adjust them if necessary.

source get-cypress-vars.sh <release_name>

Start Cypress GUI:

./node_modules/.bin/cypress open

or just run the tests from the console:

./node_modules/.bin/cypress run --headed

Releasing

To publish a new version of the helm chart:

  1. Increase the chart version in Chart.yaml.
  2. Update the appVersion (including both nextcloud and onlyoffice) in Chart.yaml.
  3. Update CHANGELOG.md and check that it includes relevant changes, including ones added by renovatebot.
  4. Commit and push these changes to main.
  5. Create a new git tag for the new release and push it to gitlab as well. Note that both the pipeline for the main branch and for the tag will use the nc namespace, so you may not want to push the branch and tag right after each other.

The last step will trigger a CI run that will package and publish the helm chart.

  1. If you want to test a version that is not on the main branch yet, use https://open.greenhost.net/api/v4/projects/1/packages/helm/unstable