Towards declarative deployment about helm HOT 2 OPEN

let entrypoint do its magic

The problem starts here. I just spend a day dissecting the logic of the docker image, sorry for being harsh, but it's ridiculous. Why does it copy over perfectly fine source code at /usr/src/nextcloud ?

My scenario was trying to get OVERWRITEPROTOCOL to work which eventually I found was in /usr/src/nextcloud/config/... however, that directory is only rsynced at first boot. So changes made to that directory are never migrated to the /var/www/html directory during upgrades.
My installation being somewhat older never got reverse-proxy.config.php and all other fancy stuff.

Would the above issue of not being up-to-date with (at least) /usr/src/nextcloud/config be solved with your proposal?

from helm.

The current setup effectively requires several writable and persistent directories, both for writing configs via entrypoints as well as for managing nextcloud itself.

Yeah, that's currently just how nextcloud works.

Furthermore, by using the entrypoint dockerism, secret values are unnecessarily exposed to env (apps exposing env via debug endpoints is a favorite ;D ).

You'd need to take this up with the nextcloud/docker repo, and possibly nextcloud/server if it's an issue of env vars being exposed via debug endpoints. When you open that issue, please include steps to reproduce, including the debug endpoints you saw the security issue for.

Furthermore, apps can be installed from within the application.

That's probably not going to change, as that's just a feature of nextcloud.

unless we add another persistent, writable mount to the app directory, adding new apps requires new images (which is kinda the point of this exercise, but there is a need for clear communication to the user)

Adding a new app does not currently require a new image. I currently backup all of my nextcloud-files PVC and it backs up all the apps. You're still free to build an image with the apps you want, but then you'd have to rebuild the image everytime one of the apps upgrades, and that seems a bit unnecessary, but technically doable.

This issue is a bit all over the place. Is there something specific you'd like to see done? If so, please create an issue for the specific thing you'd like to do. For instance, if you would like to update "notes.txt mentioning limitations when readOnlyRootFilesystem and no persistence is set", it would be better to create an issue for just that. This chart is community maintained, and large issues mentioning multiple specific requests are a bit harder for maintainers to follow up on. You can also submit PRs directly to this repo for work you'd like to see done.

from helm.