From 5de9afb9d419e5164e901417238303a2c38c305c Mon Sep 17 00:00:00 2001 From: antoinetran Date: Wed, 26 Mar 2025 17:11:42 +0100 Subject: [PATCH 1/5] Fix #187: fix redis-session.ini permission denied Signed-off-by: antoinetran --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/templates/deployment.yaml | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 147f8d4b..6f81ba40 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 7.0.0 +version: 7.0.2 # renovate: image=docker.io/library/nextcloud appVersion: 31.0.7 description: A file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index 1948e47d..cdf9a899 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -270,6 +270,11 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: + {{- if .Values.redis.enabled }} + - name: php-confd + mountPath: "/usr/local/etc/php/conf.d/redis-session.ini" # fix permission denied error + subPath: redis-session.ini + {{- end }} {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} {{- end }}{{/* end-if cronjob.enabled */}} {{- with .Values.nextcloud.extraSidecarContainers }} @@ -279,7 +284,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- if or .Values.nextcloud.extraInitContainers .Values.mariadb.enabled .Values.postgresql.enabled }} + {{- if or .Values.nextcloud.extraInitContainers .Values.mariadb.enabled .Values.postgresql.enabled .Values.redis.enabled }} initContainers: {{- with .Values.nextcloud.extraInitContainers }} {{- toYaml . | nindent 8 }} @@ -330,6 +335,17 @@ spec: - "-c" - "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done" {{- end }}{{/* end-if any database-initContainer */}} + {{- if .Values.redis.enabled }} + # create empty redis file for nextcloud entrypoint to override it + - name: init-redis-session-ini + # image can be busybox, but using nextcloud image so that if there is a registry prefix, it is taken. + # This avoids creating a dedicated .Values config just for this image. + image: {{ include "nextcloud.image" . }} + command: ['touch', '/usr/local/etc/php/conf.d/redis-session.ini'] + volumeMounts: + - name: php-confd + mountPath: "/usr/local/etc/php/conf.d" + {{- end }}{{/* end-if redis init */}} {{- end }}{{/* end-if any initContainer */}} {{- with .Values.affinity }} affinity: @@ -373,6 +389,10 @@ spec: name: {{ template "nextcloud.fullname" . }}-hooks defaultMode: 0o755 {{- end }} + {{- if .Values.redis.enabled }} + - name: php-confd + emptyDir: {} + {{- end }} {{- with .Values.nextcloud.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} From f3dd0a4769b81b31b2ddf88b6aa5df2031e7a899 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Wed, 23 Jul 2025 09:07:51 +0200 Subject: [PATCH 2/5] Chart.yaml 7.0.1 Signed-off-by: antoinetran --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 6f81ba40..615eb0a6 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 7.0.2 +version: 7.0.1 # renovate: image=docker.io/library/nextcloud appVersion: 31.0.7 description: A file sharing server that puts the control and security of your own data back into your hands. From 348c71079a32c266b78d888b7bf379ec4582e531 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Mon, 18 Aug 2025 10:28:12 +0200 Subject: [PATCH 3/5] Chart version 7.0.2 Signed-off-by: antoinetran --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 615eb0a6..6f81ba40 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 7.0.1 +version: 7.0.2 # renovate: image=docker.io/library/nextcloud appVersion: 31.0.7 description: A file sharing server that puts the control and security of your own data back into your hands. From 5d14ab81d2618e9a98e05e5e4204513dd7efaca1 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Wed, 25 Feb 2026 14:25:34 +0100 Subject: [PATCH 4/5] Fix #187: fix redis-session.ini permission denied (added SCC + rss) Signed-off-by: antoinetran --- charts/nextcloud/templates/deployment.yaml | 12 ++++++++++-- charts/nextcloud/values.yaml | 3 +++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index cdf9a899..e2a8aa19 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -338,10 +338,18 @@ spec: {{- if .Values.redis.enabled }} # create empty redis file for nextcloud entrypoint to override it - name: init-redis-session-ini - # image can be busybox, but using nextcloud image so that if there is a registry prefix, it is taken. - # This avoids creating a dedicated .Values config just for this image. + # Using the same image as nextcloud to get the same UID to write the configuration. image: {{ include "nextcloud.image" . }} command: ['touch', '/usr/local/etc/php/conf.d/redis-session.ini'] + {{- with .Values.nextcloud.redisInitContainer }} + resources: + {{- toYaml .resources | nindent 12 }} + {{- end }} + # Reuse the SCC from nextcloud, no need to provide a dedicated SCC for Redis init container. + {{- with .Values.nextcloud.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: php-confd mountPath: "/usr/local/etc/php/conf.d" diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 9db238bd..5176f1fe 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -316,6 +316,9 @@ nextcloud: # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive securityContext: {} + # Settings for the Redis init container that creates a configuration file to address permission issue in some cluster + redisInitContainer: + resources: {} nginx: ## You need to set an fpm version of the image for nextcloud if you want to use nginx! From 4bcbe1e18f5653e40e3fbcda89d4079a709f6fca Mon Sep 17 00:00:00 2001 From: antoinetran Date: Wed, 25 Feb 2026 19:27:32 +0100 Subject: [PATCH 5/5] Fix #187: fix redis-session.ini permission denied (addd comment fsGroup) Signed-off-by: antoinetran --- charts/nextcloud/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 5176f1fe..72f48358 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -299,6 +299,7 @@ nextcloud: # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive podSecurityContext: {} + # fsGroup: 33 # runAsUser: 33 # runAsGroup: 33 # runAsNonRoot: true