Setting nextcloud.objectStore.s3.legacyAuth is not being set as string env var

[yaleman]

Describe your Issue

Set value of nextcloud.objectStore.s3.legacyAuth to "true" or "false" or "yes" or "no" (note, string values) and it ends up as a bool when being set in the provider:

Logs and Errors

json: cannot unmarshal bool into Go struct field EnvVar.spec.template.spec.containers.env.value of type string

Describe your Environment

• Kubernetes distribution: kss

• Helm Version (or App that manages helm): tofu

OpenTofu v1.8.2
on darwin_arm64
+ provider registry.opentofu.org/carlpett/sops v1.1.1
+ provider registry.opentofu.org/hashicorp/helm v2.15.0
+ provider registry.opentofu.org/hashicorp/kubernetes v2.32.0

• Helm Chart Version: 6.0.2

• values.yaml:

# paste your values.yaml (anonymize any sensitive data)

Additional context, if any

I'm trying to configure minio as an s3 backing store, if there's a better path I'm happy to follow it 😄

Setting it to "test" works fine. Other settings like this work fine too, just not legacyAuth:

 set {
    name  = "nextcloud.objectStore.s3.enabled"
    value = "true"
  }

[jessebot]

Thanks for reporting this! I think it's because this needs to be quoted:

helm/charts/nextcloud/templates/_helpers.tpl

Lines 248 to 251 in ac3b3e5

	{{- with .Values.nextcloud.objectStore.s3.legacyAuth }}
	- name: OBJECTSTORE_S3_LEGACYAUTH
	value: {{ . }}
	{{- end }}

so I think I need to submit a PR to change it to:

{{- with .Values.nextcloud.objectStore.s3.legacyAuth }}
- name: OBJECTSTORE_S3_LEGACYAUTH
  value: {{ . | quote }}
{{- end }}

I'll get on that :)

[jessebot]

This was automatically closed by #638, but can you give a try and make sure it's working now? :)

[yaleman]

Thanks @jessebot it does seem to have solved the issue, but I'm still very confused as to how to get Minio working as an S3 backend. Have you any direction on this one?

FWIW, nextcloud.objectStore.s3.autoCreate is supposedly set by default to false according to the docs, but it's throwing 403's about creating the bucket... which seems to indicate another issue.

[jessebot]

@yaleman this may be an issue where you need to set verify_bucket_exists to false which is mentioned in the docs, however that won't be supported in this chart until #614 is merged, which is blocked by nextcloud/docker#2271 (@joshtrichards set the milestone for this to be Nextcloud 30.0.2 so perhaps we can expect it for 30.0.2).

In the meantime, you could use the include your own env var and pass in a custom config like this one:
https://github.com/nextcloud/docker/blob/0f899fe772b179e65fdb0bc77933d2c53b2724f7/.config/s3.config.php#L29

Let me know if you need any other help :)

[yaleman]

The next issue is that it's returning HTTP urls when accessing it via HTTPS, so most of the page assets won't load. I'm not using the helm chart to do the certs/TLS, how do I tell it to fix that?

[jessebot]

The next issue is that it's returning HTTP urls when accessing it via HTTPS, so most of the page assets won't load. I'm not using the helm chart to do the certs/TLS, how do I tell it to fix that?

The word "it" is used a lot here, but I'm not sure what "it" is. 🤔 What error are you getting exactly and from where?

There is a use_ssl option you can set for s3, but if you're asking about ssl for minio, you need to consult the minio chart.

If you're asking about SSL for nextcloud itself, you could do that via nginx + cert-manager. The way I do certs via the values.yaml is like this:

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: 'letsencrypt-prod'

[yaleman]

Sorry "it" is the Nextcloud stack, which is responding with http URLs in the HTML responses, so it fails to load things like CSS. I'll have to test the above when I can thanks.

[jessebot]

Sorry "it" is the Nextcloud stack, which is responding with http URLs in the HTML responses, so it fails to load things like CSS. I'll have to test the above when I can thanks.

hmmm, I haven't run into that issue before, but let us know how it goes! If minio is using https traffic, and so is nextcloud, you should be good to go, but if not, I can try to take a look at both your nextcloud and minio values files and see what may be up. A reminder that I do this in my spare time, so if I drop off on responses for a bit, it's not you, and I will eventually come back around and take a look.

Others in the community are also always free to chime in 🙏