在 Kubernetes 中访问 Nextcloud 时出错

Question

My goal is:

• create a pod with Nextcloud
• create a service to access this pod
• from another machine with nginx route a CNAME to the service

I tried to deploy a pod with Nextcloud and a service to access it but actually I can't access it. I have an error:

message ERR_SSL_PROTOCOL_ERROR.

I just followed a tutorial at the beginning but I didn't want to use nginx like it was explained because I have it on another machine.

When I look at pods (nextcloud + db) and services they look ok but I have no response when I try to access nextcloud.

(nc = nextcloud)

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nc
  name: nc
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nc
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nc
    spec:
      containers:
      - env:
        - name: DEBUG
          value: "false"
        - name: NEXTCLOUD_URL
          value: http://test.fr
        - name: NEXTCLOUD_ADMIN_USER
          value: admin
        - name: NEXTCLOUD_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: nextcloud
              key: NEXTCLOUD_ADMIN_PASSWORD
        - name: NEXTCLOUD_UPLOAD_MAX_FILESIZE
          value: 4G
        - name: NEXTCLOUD_MAX_FILE_UPLOADS
          value: "20"
        - name: MYSQL_DATABASE
          value: nextcloud
        - name: MYSQL_HOST
          value: mariadb
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mariadb
              key: MYSQL_ROOT_PASSWORD
        - name: MYSQL_USER
          value: nextcloud
        name: nc
        image: nextcloud
        ports:
        - containerPort: 80
          protocol: TCP
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/www/html
          name: vnextcloud
          subPath: html
        - mountPath: /var/www/html/custom_apps
          name: vnextcloud
          subPath: apps
        - mountPath: /var/www/html/config
          name: vnextcloud
          subPath: config
        - mountPath: /var/www/html/data
          name: vimages
          subPath: imgnc
        - mountPath: /var/www/html/themes
          name: vnextcloud
          subPath: themes
      restartPolicy: Always
      volumes:
        - name: vnextcloud
          persistentVolumeClaim:
            claimName: nfs-pvcnextcloud
        - name: vimages
          persistentVolumeClaim:
            claimName: nfs-pvcimages

For creating the service I use this command line:

kubectl expose deployment nc --type=NodePort --name=svc-nc --port 80

And to access my nextcloud I tried the address @IP_MASTER:32500

My questions are:

• 
  to know if the problem is coming from the service or the pod
• 
  I didn't do the tuto part "Create self-signed certificates" because I don't know how to manage. Should it be on my other Linux machine or in my Kubernetes Cluster

Answer 1

1. Please consider using stable nextcloud helm chart

2. This tutorial is a little outdated and can be found also here

In kubernetes 1.16 release you should change in all your deployments apiVersion to apiVersion: apps/v1 please take a look at Deprecations and Removals . In addition you should get an error ValidationError(Deployment.spec): missing required field "selector" so please add selectors in your deployment under Deployment.spec like:

selector:
  matchLabels:
    app: db

3. Finally Create self-signed certificates. this repo is using OMGWTFSSL - Self Signed SSL Certificate Generator . Once you provide necessary information like server name, path to your local hostpath and names for your SSL certificates it will be automatically created after one pod-run under specified hostpath :

volumes:
  - name: certs
    hostPath:
      path: "/home/<someFolderLocation>/certs-pv"

• those information should be re-used in the section Nginx reverse Proxy for nginx.conf

4. In your nc-svc.yaml you can change the service type to the type: NodePort

5. How to verify if your sercie is working properly:

kubectl get pods,svc,ep -o wide

Pods:
pod/nc-6d8694659d-5przx   1/1     Running     0          15m   10.244.0.6 
Svc: 
service/svc-nc       NodePort    10.102.90.88   <none>        80:32500/TCP
Endpoints: 
endpoints/svc-nc       10.244.0.6:80

You can test your service from inside the cluster running separate pod (fe ubuntu)

curl your_svc_name

you can verify if service discovery is working properly:

cat /etc/resolv.conf
nslokup svc_your_svc_name (your_svc_name.default.svc.cluster.local)

From outside the cluster using NodePort:

curl NODE_IP:NODE_PORT ( if not please verify your firewall rules)
Once you provided hostname for your nextcloud service you should use
curl -vH 'Host:specified_hostname' http://external_ip/ (using http or https according to your configuration)

In addition you can exec directly into your db pod

kuebctl exec -it db_pod -- /bin/bash  and run 

mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD
mysqlshow  -uroot -p$MYSQL_ROOT_PASSWORD --status nextcloud

6. What should I do to have access to my nextcloud? I didn't do the tuto part "Create self-signed certificates" because I don't know how to manage.

7. As described under point 3.

8. This part is not clear to me: from another machine with nginx route a CNAME to the service

Please refer to: An ExternalName Service is a special case of Service that does not have selectors and uses DNS names instead.

Additional resources:

• Expose your Kubernetes service from your own custom domains
• What's the difference between a CNAME and a Web Redirect?

Hope this help.