Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add configuring database port via helm parameters maybe #632

Closed
jessebot opened this issue Sep 20, 2024 · 1 comment · Fixed by #634
Closed

Feature: Add configuring database port via helm parameters maybe #632

jessebot opened this issue Sep 20, 2024 · 1 comment · Fixed by #634
Labels
enhancement New feature or request

Comments

@jessebot
Copy link
Collaborator

jessebot commented Sep 20, 2024
edited
Loading

Description of the change

We should support configuring the database port for external databases. When I looked further, it doesn't look like port is included here in values.yaml:

helm/charts/nextcloud/values.yaml

Lines 354 to 382 in 0565cdb

##
## External database configuration
##
externalDatabase:
enabled: false
## Supported database engines: mysql or postgresql
type: mysql
## Database host
host:
## Database user
user: nextcloud
## Database password
password: ""
## Database name
database: nextcloud
## Use a existing secret
existingSecret:
enabled: false
# secretName: nameofsecret
usernameKey: db-username
passwordKey: db-password
# hostKey: db-hostname-or-ip
# databaseKey: db-name

we'd need to also update _helpers.tpl:

helm/charts/nextcloud/templates/_helpers.tpl

Lines 75 to 169 in 0565cdb

{{- else if .Values.mariadb.enabled }}
- name: MYSQL_HOST
value: {{ template "mariadb.primary.fullname" .Subcharts.mariadb }}
- name: MYSQL_DATABASE
value: {{ .Values.mariadb.auth.database | quote }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
{{- else if .Values.postgresql.enabled }}
- name: POSTGRES_HOST
value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
- name: POSTGRES_DB
{{- if .Values.postgresql.auth.database }}
value: {{ .Values.postgresql.auth.database | quote }}
{{ else }}
value: {{ .Values.postgresql.global.postgresql.auth.database | quote }}
{{- end }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
{{- else }}
{{- if eq .Values.externalDatabase.type "postgresql" }}
- name: POSTGRES_HOST
{{- if .Values.externalDatabase.existingSecret.hostKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.hostKey }}
{{- else }}
value: {{ .Values.externalDatabase.host | quote }}
{{- end }}
- name: POSTGRES_DB
{{- if .Values.externalDatabase.existingSecret.databaseKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.databaseKey }}
{{- else }}
value: {{ .Values.externalDatabase.database | quote }}
{{- end }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
{{- else }}
- name: MYSQL_HOST
{{- if .Values.externalDatabase.existingSecret.hostKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.hostKey }}
{{- else }}
value: {{ .Values.externalDatabase.host | quote }}
{{- end }}
- name: MYSQL_DATABASE
{{- if .Values.externalDatabase.existingSecret.databaseKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.databaseKey }}
{{- else }}
value: {{ .Values.externalDatabase.database | quote }}
{{- end }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
{{- end }}
{{- end }}

Would also need to update deployment.tpl (both for the is_ready initContainer and the main nextcloud container):

helm/charts/nextcloud/templates/deployment.yaml

Lines 295 to 336 in 0565cdb

{{- if .Values.mariadb.enabled }}
- name: mariadb-isalive
image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
{{- with .Values.nextcloud.mariaDbInitContainer.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
command:
- "sh"
- "-c"
- {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }}
{{- else if .Values.postgresql.enabled }}
- name: postgresql-isready
image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
{{- with .Values.nextcloud.postgreSqlInitContainer.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
- name: POSTGRES_HOST
value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
command:
- "sh"
- "-c"
- "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done"
{{- end }}{{/* end-if any database-initContainer */}}

Finally, and this is the most interesting part, we'd need to update autoconfig.php.tpl:
https://github.com/nextcloud/helm/blob/0565cdba9843040bc7e2641b8ac6955d2feba9ae/charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl

Read possible drawbacks for why this is titled with maybe haha

Benefits

For both MariaDB/PostgreSQL, you can set the database ports:
For mariadb, you'd want mariadb.primary.containerPorts.mysql.
For postgresql, you'd want postgresql.containerPorts.postgresql

Possible drawbacks

If we update autoconfig.php.tpl, we should also update that in nextcloud/docker:
https://github.com/nextcloud/docker/blob/master/.config/autoconfig.php

But then I realized... is this even supported in nextcloud/server?
https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html

I see mysql port briefly mentioned in the php section here:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html#configuring-a-mysql-or-mariadb-database

I didn't have time to look into nextcloud/server and see if this has been brought up, but changing the default postgresql/mysql port is often a security through obscurity tactic, to avoid script kiddies finding your server (if it is public for some reason), so it seems like a common request...

Additional information

This was originally brought up in #618.

Started the discussion in nextcloud/docker here: nextcloud/docker#2300
@jessebot jessebot added the enhancement New feature or request label Sep 20, 2024
@jessebot jessebot mentioned this issue Sep 20, 2024
Closed
@jessebot
Copy link
Collaborator Author

So it looks like we don't need to do anything as in nextcloud/docker#2300 josh pointed out that you can specify port as part of the database host like if the custom port is 1234 the dbhost can be set to hostname:1234 as documented here. I think the only thing needed for this ticket would be to just put this into our README.md and maybe a comment in the values.yaml, but other than that, seems fine to me :)

@jessebot jessebot mentioned this issue Sep 24, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
1 participant
@jessebot