xebix
8 November 2023 13:54
1
I am trying to install the documentserver in a Kubernetes environment by using the helm chart.
and the values.yaml looks like this:
commonLabels: {}
connections:
#amqpExistingSecret: rabbitmq-default-user
amqpHost: rabbitmq.rabbitmq.svc.basche-mail.de
amqpPassword: "xxxx"
amqpPort: "5672"
amqpProto: amqp
amqpSecretKeyName: onlyoffice-rabbitmq
amqpType: rabbitmq
amqpUser: default_user_a0KICDYeSHnPRJRxHg-
amqpVhost: /
#dbExistingSecret: postgresql
dbHost: postgres.postgres.svc.basche-mail.de
dbName: oo_docs
dbPassword: "xxx"
dbPort: "5432"
dbSecretKeyName: onlyoffice-postgres
dbType: postgres
dbUser: onlyoffice
redisDBNum: "2"
#redisExistingSecret: redis
redisHost: redis.redis-single.svc.test.local
redisNoPass: false
redisPassword: "xxx"
redisPort: "6379"
redisSecretKeyName: onlyoffice-redis
redisUser: ""
converter:
autoscaling:
behavior: {}
customMetricsType: []
enabled: false
maxReplicas: 16
minReplicas: 2
targetCPU:
enabled: true
utilizationPercentage: 70
targetMemory:
enabled: false
utilizationPercentage: 70
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-converter-de
tag: 7.4.0-1
initContainers: []
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
replicas: 1
resources:
limits: {}
requests: {}
updateStrategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
delete:
existingConfigmap:
dsStop: ""
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.4.0-1
resources:
limits: {}
requests: {}
docservice:
autoscaling:
behavior: {}
customMetricsType: []
enabled: false
maxReplicas: 4
minReplicas: 2
targetCPU:
enabled: true
utilizationPercentage: 70
targetMemory:
enabled: false
utilizationPercentage: 70
containerPorts:
http: 8000
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-docservice-de
tag: 7.4.0-1
initContainers: []
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
readinessProbe:
enabled: true
failureThreshold: 2
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
replicas: 1
resources:
limits: {}
requests: {}
startupProbe:
enabled: true
failureThreshold: 30
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
updateStrategy:
type: Recreate
example:
containerPorts:
http: 3000
dsUrl: /
enabled: false
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-example
tag: 7.4.0-1
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
resources:
limits: {}
requests: {}
updateStrategy:
type: RollingUpdate
extraConf:
configMap: ""
filename: local.json
extraThemes:
configMap: ""
filename: custom-themes.json
grafana:
dashboard:
enabled: false
enabled: false
ingress:
enabled: false
namespace: ""
imagePullSecrets: ""
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 100m
enabled: false
host: ""
ssl:
enabled: false
secret: tls
install:
existingConfigmap:
initdb: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.4.0-1
resources:
limits: {}
requests: {}
jwt:
enabled: true
existingSecret: ""
header: Authorization
inBody: false
inbox: {}
outbox: {}
secret: MYSECRET
license:
existingClaim: ""
existingSecret: ""
log:
level: WARN
pattern: '[%d] [%p] [%X{DOCID}] [%X{USERID}] %c - %.10000m'
type: pattern
metrics:
enabled: false
host: statsd-exporter-prometheus-statsd-exporter
port: "8125"
prefix: ds.
namespaceOverride: ""
nodeSelector: {}
persistence:
#existingClaim: ""
size: 10Gi
storageClass: cephfs-hddec.class
podAntiAffinity:
topologyKey: kubernetes.io/hostname
type: soft
weight: "100"
podSecurityContext:
converter:
runAsGroup: 101
runAsUser: 101
docservice:
runAsGroup: 101
runAsUser: 101
enabled: false
example:
runAsGroup: 1001
runAsUser: 1001
jobs:
runAsGroup: 101
runAsUser: 101
tests:
runAsGroup: 0
runAsUser: 0
privateCluster: false
product:
name: onlyoffice
proxy:
accessLog: "off"
containerPorts:
http: 8888
gzipProxied: "off"
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-proxy-de
tag: 7.4.0-1
infoAllowedIP: []
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 2
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
resources:
limits: {}
requests: {}
secureLinkSecret: Thamah9hieg0ioQu
startupProbe:
enabled: true
failureThreshold: 30
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
welcomePage:
enabled: true
workerConnections: "4096"
requestFilteringAgent:
allowIPAddressList: []
allowMetaIPAddress: false
allowPrivateIPAddress: false
denyIPAddressList: []
rollback:
existingConfigmap:
dsStop: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.4.0-1
resources:
limits: {}
requests: {}
service:
annotations: {}
existing: ""
port: 8888
sessionAffinity: ""
sessionAffinityConfig: {}
type: ClusterIP
serviceAccount:
annotations: {}
automountServiceAccountToken: true
create: false
name: ""
sqlScripts:
branchName: master
tests:
enabled: true
resources:
limits: {}
requests: {}
tolerations: []
upgrade:
existingConfigmap:
dsStop: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.4.0-1
resources:
limits: {}
requests: {}
webProxy:
enabled: false
http: http://proxy.example.com
https: https://proxy.example.com
noProxy: localhost,127.0.0.1,docservice
wopi:
enabled: false
After that i am using the test helmchart to check if the system is running.
And its true, if the daemon is not running as root, which it does not. By informations from ps, it runs as user ds. It cant write, by directory permissions, because the files folder belongs to root.
What am I doing wrong here? Please advice
Hey @xebix
Firstly, we’d like to gather some information:
The exact version of Kubernetes you are using.
Please execute the command: kubectl get pods -o wide
It appears that you are using the DE image.
*Note: The prefix -de is specified in the value of the image repository, which means solution type. Possible options:
Nothing is specified. For the open-source community version
-de. For commercial Developer Edition-ee. For commercial Enterprise Edition
Please note that users with commercials license should use Zendesk to get prompt replies.
xebix:
tag: 7.4.0-1
Additionally, could you provide insights into why you decided to use version 7.4?
In our manuals, version 7.5.1 is specified: ONLYOFFICE Docs for Kubernetes
xebix
14 November 2023 11:54
3
Hello Nikolas,
that is basicly what I got from an “helm pull onlyoffice/docs”, some time ago.
The Kubernetes Version is a 1.28.1.
I updated the data now, the image versions change, but the -de stays the same.
xebix
15 November 2023 10:37
4
I updated my values.yaml now. But the error message stays the same.
[2023-11-15T09:01:44.830] [WARN] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.5.1. Build: 23
[2023-11-15T10:33:18.587] [ERROR] [docId] [userId] nodeJS - healthCheck error Error: EACCES: permission denied, mkdir '/var/lib/onlyoffice/documentserver/App_Data/cache/files/data'
and the values.yml looks like this now:
commonLabels: {}
connections:
#amqpExistingSecret: rabbitmq-default-user
amqpHost: rabbitmq.rabbitmq.svc.basche-mail.de
amqpPassword: "xxx"
amqpPort: "5672"
amqpProto: amqp
amqpSecretKeyName: onlyoffice-rabbitmq
amqpType: rabbitmq
amqpUser: default_user_a0KICDYeSHnPRJRxHg-
amqpVhost: /
#dbExistingSecret: postgresql
dbHost: postgres.postgres.svc.basche-mail.de
dbName: oo_docs
dbPassword: "xxxx"
dbPort: "5432"
dbSecretKeyName: onlyoffice-postgres
dbType: postgres
dbUser: onlyoffice
redisDBNum: "2"
#redisExistingSecret: redis
redisHost: redis.redis-single.svc.basche-mail.de
redisNoPass: false
redisPassword: "xxxx"
redisPort: "6379"
redisSecretKeyName: onlyoffice-redis
redisUser: ""
converter:
autoscaling:
behavior: {}
customMetricsType: []
enabled: false
maxReplicas: 16
minReplicas: 2
targetCPU:
enabled: true
utilizationPercentage: 70
targetMemory:
enabled: false
utilizationPercentage: 70
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-converter
tag: 7.5.1-1
initContainers: []
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
replicas: 2
resources:
limits: {}
requests: {}
updateStrategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
delete:
existingConfigmap:
dsStop: ""
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.5.1-1
resources:
limits: {}
requests: {}
docservice:
autoscaling:
behavior: {}
customMetricsType: []
enabled: false
maxReplicas: 4
minReplicas: 2
targetCPU:
enabled: true
utilizationPercentage: 70
targetMemory:
enabled: false
utilizationPercentage: 70
containerPorts:
http: 8000
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-docservice
tag: 7.5.1-1
initContainers: []
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
readinessProbe:
enabled: true
failureThreshold: 2
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
replicas: 2
resources:
limits: {}
requests: {}
startupProbe:
enabled: true
failureThreshold: 30
httpGet:
path: /index.html
port: 8000
periodSeconds: 10
updateStrategy:
type: Recreate
example:
containerPorts:
http: 3000
dsUrl: /
enabled: false
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-example
tag: 7.5.1-1
nodeAffinity: {}
podAffinity: {}
podAnnotations:
rollme: '{{ randAlphaNum 5 | quote }}'
resources:
limits: {}
requests: {}
updateStrategy:
type: RollingUpdate
extraConf:
configMap: ""
filename: local.json
extraThemes:
configMap: ""
filename: custom-themes.json
grafana:
dashboard:
enabled: false
enabled: false
ingress:
enabled: false
namespace: ""
imagePullSecrets: ""
ingress:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 100m
enabled: false
host: ""
ingressClassName: nginx
path: /
ssl:
enabled: false
secret: tls
install:
existingConfigmap:
initdb: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.5.1-1
resources:
limits: {}
requests: {}
jwt:
enabled: true
existingSecret: ""
header: Authorization
inBody: false
inbox: {}
outbox: {}
secret: MYSECRET
license:
existingClaim: ""
existingSecret: ""
log:
level: WARN
pattern: '[%d] [%p] [%X{DOCID}] [%X{USERID}] %c - %.10000m'
type: pattern
metrics:
enabled: false
host: statsd-exporter-prometheus-statsd-exporter
port: "8125"
prefix: ds.
namespaceOverride: ""
nodeSelector: {}
persistence:
#existingClaim: ""
size: 10Gi
storageClass: cephfs-hddec.class
podAntiAffinity:
topologyKey: kubernetes.io/hostname
type: soft
weight: "100"
podSecurityContext:
converter:
runAsGroup: 101
runAsUser: 101
docservice:
runAsGroup: 101
runAsUser: 101
enabled: false
example:
runAsGroup: 1001
runAsUser: 1001
jobs:
runAsGroup: 101
runAsUser: 101
tests:
runAsGroup: 0
runAsUser: 0
privateCluster: false
product:
name: onlyoffice
proxy:
accessLog: "off"
containerPorts:
http: 8888
gzipProxied: "off"
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-proxy
tag: 7.5.1-1
infoAllowedIP: []
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 2
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
resources:
limits: {}
requests: {}
secureLinkSecret: Thamah9hieg0ioQu
startupProbe:
enabled: true
failureThreshold: 30
httpGet:
path: /index.html
port: 8888
periodSeconds: 10
welcomePage:
enabled: true
workerConnections: "4096"
requestFilteringAgent:
allowIPAddressList: []
allowMetaIPAddress: false
allowPrivateIPAddress: false
denyIPAddressList: []
rollback:
existingConfigmap:
dsStop: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.5.1-1
resources:
limits: {}
requests: {}
service:
annotations: {}
existing: ""
port: 8888
sessionAffinity: ""
sessionAffinityConfig: {}
type: ClusterIP
serviceAccount:
annotations: {}
automountServiceAccountToken: true
create: false
name: ""
sqlScripts:
branchName: master
tests:
enabled: true
resources:
limits: {}
requests: {}
tolerations: []
upgrade:
existingConfigmap:
dsStop: ""
tblCreate:
keyName: createdb.sql
name: init-db-scripts
tblRemove:
keyName: removetbl.sql
name: remove-db-scripts
job:
enabled: true
image:
pullPolicy: IfNotPresent
repository: onlyoffice/docs-utils
tag: 7.5.1-1
resources:
limits: {}
requests: {}
webProxy:
enabled: false
http: http://proxy.example.com
https: https://proxy.example.com
noProxy: localhost,127.0.0.1,docservice
wopi:
enabled: false
I jumped into the correspondig pod and saw this:
bash-4.2$ ls -al /var/lib/onlyoffice/documentserver/App_Data/cache/
total 0
drwxr-xr-x 1 root root 10 Nov 15 09:01 .
drwxr-xr-x 1 root root 10 Nov 15 09:01 ..
drwxr-xr-x 2 root root 0 Nov 15 08:42 files
bash-4.2$ ls -al /var/lib/onlyoffice/documentserver/App_Data/
total 0
drwxr-xr-x 1 root root 10 Nov 15 09:01 .
drwxr-xr-x 1 root root 16 Nov 15 09:01 ..
drwxr-xr-x 1 root root 10 Nov 15 09:01 cache
bash-4.2$ ls -al /var/lib/onlyoffice/documentserver/
total 0
drwxr-xr-x 1 root root 16 Nov 15 09:01 .
drwxr-xr-x 1 root root 28 Nov 15 09:01 ..
drwxr-xr-x 1 root root 10 Nov 15 09:01 App_Data
I would change permissions on this to test it through, but i am not allowed to do that.
hi @xebix
Indeed, the directory needs ds:ds permissions.
Have you checked this point:https://github.com/ONLYOFFICE/Kubernetes-Docs/tree/master#2-install-persistent-storage
The PersistentVolume type to be used for PVC placement must support Access Mode ReadWriteMany. Also, PersistentVolume must have as the owner the user from whom the ONLYOFFICE Docs will be started. By default it is ds (101:101).
Which user is running the containers in your case?
xebix
29 November 2023 13:38
6
Hey @Nikolas ,
I am using the helm Chart, so that is totaly on your side, isn’t it?
I just hat a look into it by a dry run. And yes I get this output:
# Source: docs/templates/pvc/ds-files.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ds-files
namespace: "onlyoffice"
spec:
storageClassName: cephfs-hddec.class
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 10Gi
@xebix sales department.
xebix
1 December 2023 10:03
8
@Nikolas
@xebix
To leverage the editors within your Kubernetes/OpenShift cluster, it is imperative to acquire a cluster license. Please note that a cluster license is designed for commercial use.
It’s worth mentioning that when using the Community version ONLYOFFICE documentserver with Kubernetes/OpenShift cluster, there might be challenges related to collaborative document editing.
During the testing of cluster installations, no issues were identified based on the instructions provided at the following link: https://github.com/ONLYOFFICE/Kubernetes-Docs/#onlyoffice-docs-for-kubernetes
Here, we strive to assist users utilizing community versions: https://helpcenter.onlyoffice.com/installation/docs-community-index.aspx .
Considering this, technical support for deploying Kubernetes/OpenShift clusters is available through sales . Therefore, I recommend reaching out to our sales department for further assistance.
Most likely, I should have written that in the previous message. I apologize
