I really like the idea of pydio cells and would like to deploy it on my k8s cluster. However the helm chart which I found at Pydio | Kubernetes Quick install seems unusable to me. Because I have found no way to use my own clusterissuer for the creation of TLS certificates. Furthermore, when I have enabled the ingress in the helm chart, I got an error that there is already an ingress class with the name nginx.
So is it possible to somehow not deploy a clusterissuer and a nginx controller, because I think most k8s users will already have those in their setup.
The error is the following when installing it with the following values.
Error:
Error: INSTALLATION FAILED: Unable to continue with install: IngressClass "nginx" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "cells": current value is "ingress-nginx"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "pydio": current value is "ingress-nginx"
Values:
# NOTE : Cells Enterprise users can comment out the lines following the # [ED] comment
# Define what image version of Cells you want to use to have more control over your update
image:
# [ED]
# repository: pydio/cells-enterprise
tag: latest
# Achieve high availability by starting a minimum number of replicas of the Cells stateless Pod
# NOTE: each dependency of Cells has their own high availability strategy
# Achieve horizontal scalability by setting up an autoscaling strategy
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
resources:
limits:
cpu: "500m"
memory: "2G"
# Achieve public-facing deployment by adding Ingress w/ Nginx as a load balancer
# Uses lets-encrypt as a certficate authority
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
clusterissuer: {}
hostname: pydio.domain.tld
tls: true
selfSigned: false
service:
type: ClusterIP
# [ED]
# customconfigs: {
# "defaults/license/data": "MYLICENSE",
# }
Additionally, some vault webhooks are created which prevent from replicasets to work unless they are deleted when pydio cells is uninstalled using helm
Warning FailedCreate 69s (x15 over 2m44s) replicaset-controller Error creating: Internal error occurred: failed calling webhook "vault.hashicorp.com": failed to call webhook: Post "https://pydio-vault-agent-injector-svc.pydio.svc:443/mutate?timeout=30s": service "pydio-vault-agent-injector-svc" not found