Skip to content

ONLYOFFICE/Kubernetes-Docs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

288 Commits
.github/workflows
.github/workflows
 
 
sources
sources
 
 
templates
templates
 
 
.helmignore
.helmignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Chart.yaml
Chart.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

Repository files navigation

ONLYOFFICE Docs for Kubernetes

This repository contains a set of files to deploy ONLYOFFICE Docs into a Kubernetes cluster or OpenShift cluster.

Contents

Introduction

  • You must have a Kubernetes or OpenShift cluster installed. Please, checkout the reference to set up Kubernetes. Please, checkout the reference to setup OpenShift.
  • You should also have a local configured copy of kubectl. See this guide how to install and configure kubectl.
  • You should install Helm v3.7+. Please follow the instruction here to install it.
  • If you use OpenShift, you can use both oc and kubectl to manage deploy.
  • If the installation of components external to ‘Docs’ is performed from Helm Chart in an OpenShift cluster, then it is recommended to install them from a user who has the cluster-admin role, in order to avoid possible problems with access rights. See this guide to add the necessary roles to the user.

Deploy prerequisites

Note: It may be required to apply SecurityContextConstraints policy when installing into OpenShift cluster, which adds permission to run containers from a user whose ID = 1001.

To do this, run the following commands:

$ oc apply -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/scc/helm-components.yaml
$ oc adm policy add-scc-to-group scc-helm-components system:authenticated

Alternatively, you can specify the allowed range of users and groups from the target namespace, see the parameters runAsUser and fsGroup while installing dependencies, such as RabbitMQ, Redis, PostgreSQL, etc.

1. Add Helm repositories

$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo add nfs-server-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner
$ helm repo add onlyoffice https://download.onlyoffice.com/charts/stable
$ helm repo update

2. Install Persistent Storage

If you want to use Amazon S3 as a cache, please skip this step.

Install NFS Server Provisioner

Note: When installing NFS Server Provisioner, Storage Classes - NFS is created. When installing to an OpenShift cluster, the user must have a role that allows you to create Storage Classes in the cluster. Read more here.

$ helm install nfs-server nfs-server-provisioner/nfs-server-provisioner \
  --set persistence.enabled=true \
  --set persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set persistence.size=PERSISTENT_SIZE

  • PERSISTENT_STORAGE_CLASS is a Persistent Storage Class available in your Kubernetes cluster.

    Persistent Storage Classes for different providers:

    • Amazon EKS: gp2
    • Digital Ocean: do-block-storage
    • IBM Cloud: Default ibmc-file-bronze. More storage classes
    • Yandex Cloud: yc-network-hdd or yc-network-ssd. More details
    • minikube: standard

  • PERSISTENT_SIZE is the total size of all Persistent Storages for the nfs Persistent Storage Class. You can express the size as a plain integer with one of these suffixes: T, G, M, Ti, Gi, Mi. For example: 9Gi.

See more details about installing NFS Server Provisioner via Helm here.

Configure a Persistent Volume Claim

Note: The default nfs Persistent Volume Claim is 8Gi. You can change it in the values.yaml file in the persistence.storageClass and persistence.size section. It should be less than PERSISTENT_SIZE at least by about 5%. It's recommended to use 8Gi or more for persistent storage for every 100 active users of ONLYOFFICE Docs.

The PersistentVolume type to be used for PVC placement must support Access Mode ReadWriteMany. Also, PersistentVolume must have as the owner the user from whom the ONLYOFFICE Docs will be started. By default it is ds (101:101).

Note: If you want to enable WOPI, please set the parameter wopi.enabled=true. In this case Persistent Storage must be connected to the cluster nodes with the disabled caching attributes for the mounted directory for the clients. For NFS Server Provisioner it can be achieved by adding noac option to the parameter storageClass.mountOptions. Please find more information here.

3. Deploy RabbitMQ

To install RabbitMQ to your cluster, run the following command:

$ helm install rabbitmq bitnami/rabbitmq \
  --set persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set metrics.enabled=false

Note: Set the metrics.enabled=true to enable exposing RabbitMQ metrics to be gathered by Prometheus.

See more details about installing RabbitMQ via Helm here.

4. Deploy Redis

To install Redis to your cluster, run the following command:

$ helm install redis bitnami/redis \
  --set architecture=standalone \
  --set master.persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set metrics.enabled=false

Note: Set the metrics.enabled=true to enable exposing Redis metrics to be gathered by Prometheus.

See more details about installing Redis via Helm here.

5. Deploy Database

As a database server, you can use PostgreSQL, MySQL or MariaDB

If PostgreSQL is selected as the database server, then follow these steps

To install PostgreSQL to your cluster, run the following command:

$ helm install postgresql bitnami/postgresql \
  --set auth.database=postgres \
  --set primary.persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set primary.persistence.size=PERSISTENT_SIZE \
  --set metrics.enabled=false

See more details about installing PostgreSQL via Helm here.

If MySQL is selected as the database server, then follow these steps

To install MySQL to your cluster, run the following command:

$ helm install mysql bitnami/mysql \
  --set auth.database=onlyoffice \
  --set auth.username=onlyoffice \
  --set primary.persistence.storageClass=PERSISTENT_STORAGE_CLASS \
  --set primary.persistence.size=PERSISTENT_SIZE \
  --set metrics.enabled=false

See more details about installing MySQL via Helm here.

Here PERSISTENT_SIZE is a size for the Database persistent volume. For example: 8Gi.

It's recommended to use at least 2Gi of persistent storage for every 100 active users of ONLYOFFICE Docs.

Note: Set the metrics.enabled=true to enable exposing Database metrics to be gathered by Prometheus.

6. Deploy StatsD exporter

This step is optional. You can skip step #6 entirely if you don't want to run StatsD exporter

6.1 Add Helm repositories

$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
$ helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
$ helm repo update

6.2 Installing Prometheus

To install Prometheus to your cluster, run the following command:

$ helm install prometheus -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/extraScrapeConfigs.yaml prometheus-community/prometheus \
  --set server.global.scrape_interval=1m

To change the scrape interval, specify the server.global.scrape_interval parameter.

See more details about installing Prometheus via Helm here.

6.3 Installing StatsD exporter

To install StatsD exporter to your cluster, run the following command:

$ helm install statsd-exporter prometheus-community/prometheus-statsd-exporter \
  --set statsd.udpPort=8125 \
  --set statsd.tcpPort=8126 \
  --set statsd.eventFlushInterval=30000ms

See more details about installing Prometheus StatsD exporter via Helm here.

To allow the StatsD metrics in ONLYOFFICE Docs, follow step 5.2

7. Make changes to Node-config configuration files

This step is optional. You can skip step #7 entirely if you don't need to make changes to the configuration files

7.1 Create a ConfigMap containing a json file

In order to create a ConfigMap from a file that contains the local.json structure, you need to run the following command:

$ kubectl create configmap local-config \
  --from-file=./local.json

Note: Any name can be used instead of local-config.

7.2 Specify parameters when installing ONLYOFFICE Docs

When installing ONLYOFFICE Docs, specify the extraConf.configMap=local-config and extraConf.filename=local.json parameters

Note: If you need to add a configuration file after the ONLYOFFICE Docs is already installed, you need to execute step 7.1 and then run the helm upgrade documentserver onlyoffice/docs --set extraConf.configMap=local-config --set extraConf.filename=local.json --no-hooks command or helm upgrade documentserver -f ./values.yaml onlyoffice/docs --no-hooks if the parameters are specified in the values.yaml file.

8. Add custom Fonts

This step is optional. You can skip step #8 entirely if you don't need to add your fonts

In order to add fonts to images, you need to rebuild the images. Refer to the relevant steps in this manual. Then specify your images when installing the ONLYOFFICE Docs.

9. Add Plugins

This step is optional. You can skip step #9 entirely if you don't need to add plugins

In order to add plugins to images, you need to rebuild the images. Refer to the relevant steps in this manual. Then specify your images when installing the ONLYOFFICE Docs.

10. Change interface themes

This step is optional. You can skip step #10 entirely if you don't need to change the interface themes

10.1 Create a ConfigMap containing a json file

To create a ConfigMap with a json file that contains the interface themes, you need to run the following command:

$ kubectl create configmap custom-themes \
  --from-file=./custom-themes.json

Note: Instead of custom-themes and custom-themes.json you can use any other names.

10.2 Specify parameters when installing ONLYOFFICE Docs

When installing ONLYOFFICE Docs, specify the extraThemes.configMap=custom-themes and extraThemes.filename=custom-themes.json parameters.

Note: If you need to add interface themes after the ONLYOFFICE Docs is already installed, you need to execute step 10.1 and then run the helm upgrade documentserver onlyoffice/docs --set extraThemes.configMap=custom-themes --set extraThemes.filename=custom-themes.json --no-hooks command or helm upgrade documentserver -f ./values.yaml onlyoffice/docs --no-hooks if the parameters are specified in the values.yaml file.

11. Connecting Amazon S3 bucket as a cache to ONLYOFFICE Helm Docs

In order to connect Amazon S3 bucket as a cache, you need to create a configuration file or edit the existing one in accordance with this guide and change the value of the parameter persistence.storageS3 to true.

Deploy ONLYOFFICE Docs

Note: It may be required to apply SecurityContextConstraints policy when installing into OpenShift cluster, which adds permission to run containers from a user whose ID = 101.

To do this, run the following commands:

$ oc apply -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/scc/docs-components.yaml
$ oc adm policy add-scc-to-group scc-docs-components system:authenticated

Alternatively, you can apply the nonroot-v2 SecurityContextConstraints (SCC) policy in the commonAnnotations or annotations for all resources that describe the podTemplate. Ensure that both the user and the service account have the necessary permissions to use this SCC. To verify who has permission to use the nonroot-v2, execute the following command: oc adm policy who-can use scc nonroot-v2

helm install documentserver onlyoffice/docs --set commonAnnotations."openshift\.io/required-scc"="nonroot-v2"

If required set podSecurityContext.enabled and <resources>.containerSecurityContext.enabled to true

1. Deploy the ONLYOFFICE Docs license

1.1. Create secret

If you have a valid ONLYOFFICE Docs license, create a secret license from the file:

$ kubectl create secret generic license --from-file=path/to/license.lic

Note: The source license file name should be 'license.lic' because this name would be used as a field in the created secret.

1.2. Specify parameters when installing ONLYOFFICE Docs

When installing ONLYOFFICE Docs, specify the license.existingSecret=license parameter.

$ helm install documentserver onlyoffice/docs --set license.existingSecret=license

Note: If you need to add license after the ONLYOFFICE Docs is already installed, you need to execute step 1.1 and then run the helm upgrade documentserver onlyoffice/docs --set license.existingSecret=license --no-hooks command or helm upgrade documentserver -f ./values.yaml onlyoffice/docs --no-hooks if the parameters are specified in the values.yaml file.

2. Deploy ONLYOFFICE Docs

To deploy ONLYOFFICE Docs with the release name documentserver:

$ helm install documentserver onlyoffice/docs

The command deploys ONLYOFFICE Docs on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Note: When installing ONLYOFFICE Docs in a private k8s cluster behind a Web proxy or with no internet access, see the notes below.

3. Uninstall ONLYOFFICE Docs

To uninstall/delete the documentserver deployment:

$ helm delete documentserver

Executing the helm delete command launches hooks, which perform some preparatory actions before completely deleting the ONLYOFFICE Docs, which include stopping the server, cleaning up the used PVC and database tables. The default hook execution time is 300s. The execution time can be changed using --timeout [time], for example:

$ helm delete documentserver --timeout 25m

Note: When deleting ONLYOFFICE Docs in a private k8s cluster behind a Web proxy or with no internet access, see the notes below.

If you want to delete the ONLYOFFICE Docs without any preparatory actions, run the following command:

$ helm delete documentserver --no-hooks

The helm delete command removes all the Kubernetes components associated with the chart and deletes the release.

4. Parameters

Parameter Description Default
connections.dbType The database type. Possible values are postgres, mariadb or mysql postgres
connections.dbHost The IP address or the name of the Database host postgresql
connections.dbUser Database user postgres
connections.dbPort Database server port number 5432
connections.dbName Name of the Database database the application will be connected with postgres
connections.dbPassword Database user password. If set to, it takes priority over the connections.dbExistingSecret ""
connections.dbSecretKeyName The name of the key that contains the Database user password postgres-password
connections.dbExistingSecret Name of existing secret to use for Database passwords. Must contain the key specified in connections.dbSecretKeyName postgresql
connections.redisConnectorName Defines which connector to use to connect to Redis. If you need to connect to Redis Sentinel, set the value ioredis redis
connections.redistHost The IP address or the name of the Redis host redis-master
connections.redisPort The Redis server port number 6379
connections.redisUser The Redis user name. The value in this parameter overrides the value set in the options object in local.json if you add custom configuration file default
connections.redisDBNum Number of the redis logical database to be selected. The value in this parameter overrides the value set in the options object in local.json if you add custom configuration file 0
connections.redisClusterNodes List of nodes in the Redis cluster. There is no need to specify every node in the cluster, 3 should be enough. You can specify multiple values. It must be specified in the host:port format []
connections.redisSentinelGroupName Name of a group of Redis instances composed of a master and one or more slaves. Used if connections.redisConnectorName is set to ioredis mymaster
connections.redisPassword The password set for the Redis account. If set to, it takes priority over the connections.redisExistingSecret. The value in this parameter overrides the value set in the options object in local.json if you add custom configuration file ""
connections.redisSecretKeyName The name of the key that contains the Redis user password redis-password
connections.redisExistingSecret Name of existing secret to use for Redis passwords. Must contain the key specified in connections.redisSecretKeyName. The password from this secret overrides password set in the options object in local.json redis
connections.redisNoPass Defines whether to use a Redis auth without a password. If the connection to Redis server does not require a password, set the value to true false
connections.amqpType Defines the AMQP server type. Possible values are rabbitmq or activemq rabbitmq
connections.amqpHost The IP address or the name of the AMQP server rabbitmq
connections.amqpPort The port for the connection to AMQP server 5672
connections.amqpVhost The virtual host for the connection to AMQP server /
connections.amqpUser The username for the AMQP server account user
connections.amqpProto The protocol for the connection to AMQP server amqp
connections.amqpPassword AMQP server user password. If set to, it takes priority over the connections.amqpExistingSecret ""
connections.amqpSecretKeyName The name of the key that contains the AMQP server user password rabbitmq-password
connections.amqpExistingSecret The name of existing secret to use for AMQP server passwords. Must contain the key specified in connections.amqpSecretKeyName rabbitmq
persistence.existingClaim Name of an existing PVC to use. If not specified, a PVC named "ds-files" will be created ""
persistence.annotations Defines annotations that will be additionally added to "ds-files" PVC. If set to, it takes priority over the commonAnnotations {}
persistence.storageClass PVC Storage Class for ONLYOFFICE Docs data volume nfs
persistence.size PVC Storage Request for ONLYOFFICE Docs volume 8Gi
persistence.storageS3 Defines whether S3 will be used as cache storage. Set to true if you will use S3 as cache storage false
namespaceOverride The name of the namespace in which Onlyoffice Docs will be deployed. If not set, the name will be taken from .Release.Namespace ""
commonLabels Defines labels that will be additionally added to all the deployed resources. You can also use tpl as the value for the key {}
commonAnnotations Defines annotations that will be additionally added to all the deployed resources. You can also use tpl as the value for the key. Some resources may override the values specified here with their own {}
serviceAccount.create Enable ServiceAccount creation false
serviceAccount.name Name of the ServiceAccount to be used. If not set and serviceAccount.create is true the name will be taken from .Release.Name or serviceAccount.create is false the name will be "default" ""
serviceAccount.annotations Map of annotations to add to the ServiceAccount. If set to, it takes priority over the commonAnnotations {}
serviceAccount.automountServiceAccountToken Enable auto mount of ServiceAccountToken on the serviceAccount created. Used only if serviceAccount.create is true true
license.existingSecret Name of the existing secret that contains the license. Must contain the key license.lic ""
license.existingClaim Name of the existing PVC in which the license is stored. Must contain the file license.lic ""
log.level Defines the type and severity of a logged event. Possible values are ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, MARK, OFF WARN
log.type Defines the format of a logged event. Possible values are pattern, json, basic, coloured, messagePassThrough, dummy pattern
log.pattern Defines the log pattern if log.type=pattern [%d] [%p] %c - %.10000m
wopi.enabled Defines if WOPI is enabled. If the parameter is enabled, then caching attributes for the mounted directory (PVC) should be disabled for the client false
metrics.enabled Specifies the enabling StatsD for ONLYOFFICE Docs false
metrics.host Defines StatsD listening host statsd-exporter-prometheus-statsd-exporter
metrics.port Defines StatsD listening port 8125
metrics.prefix Defines StatsD metrics prefix for backend services ds.
extraConf.configMap The name of the ConfigMap containing the json file that override the default values ""
extraConf.filename The name of the json file that contains custom values. Must be the same as the key name in extraConf.ConfigMap local.json
extraThemes.configMap The name of the ConfigMap containing the json file that contains the interface themes ""
extraThemes.filename The name of the json file that contains custom interface themes. Must be the same as the key name in extraThemes.configMap custom-themes.json
podAntiAffinity.type Types of Pod antiaffinity. Allowed values: soft or hard soft
podAntiAffinity.topologyKey Node label key to match kubernetes.io/hostname
podAntiAffinity.weight Priority when selecting node. It is in the range from 1 to 100 100
nodeSelector Node labels for pods assignment. Each ONLYOFFICE Docs services can override the values specified here with its own {}
tolerations Tolerations for pods assignment. Each ONLYOFFICE Docs services can override the values specified here with its own []
imagePullSecrets Container image registry secret name ""
requestFilteringAgent.allowPrivateIPAddress Defines if it is allowed to connect private IP address or not. requestFilteringAgent parameters are used if JWT is disabled: jwt.enabled=false false
requestFilteringAgent.allowMetaIPAddress Defines if it is allowed to connect meta address or not false
requestFilteringAgent.allowIPAddressList Defines the list of IP addresses allowed to connect. This values are preferred than requestFilteringAgent.denyIPAddressList []
requestFilteringAgent.denyIPAddressList Defines the list of IP addresses allowed to connect []
docservice.annotations Defines annotations that will be additionally added to Docservice Deployment. If set to, it takes priority over the commonAnnotations {}
docservice.podAnnotations Map of annotations to add to the Docservice deployment pods rollme: "{{ randAlphaNum 5 | quote }}"
docservice.replicas Docservice replicas quantity. If the docservice.autoscaling.enabled parameter is enabled, it is ignored 2
docservice.updateStrategy.type Docservice deployment update strategy type Recreate
docservice.customPodAntiAffinity Prohibiting the scheduling of Docservice Pods relative to other Pods containing the specified labels on the same node {}
docservice.podAffinity Defines Pod affinity rules for Docservice Pods scheduling by nodes relative to other Pods {}
docservice.nodeAffinity Defines Node affinity rules for Docservice Pods scheduling by nodes {}
docservice.nodeSelector Node labels for Docservice Pods assignment. If set to, it takes priority over the nodeSelector {}
docservice.tolerations Tolerations for Docservice Pods assignment. If set to, it takes priority over the tolerations []
docservice.terminationGracePeriodSeconds The time to terminate gracefully during which the Docservice Pod will have the Terminating status 30
docservice.initContainers Defines containers that run before docservice and proxy containers in the Docservice deployment pod. For example, a container that changes the owner of the PersistentVolume []
docservice.image.repository Docservice container image repository* onlyoffice/docs-docservice-de
docservice.image.tag Docservice container image tag 8.2.0-1
docservice.image.pullPolicy Docservice container image pull policy IfNotPresent
docservice.containerSecurityContext.enabled Enable security context for the Docservice container false
docservice.lifecycleHooks Defines the Docservice container lifecycle hooks. It is used to trigger events to run at certain points in a container's lifecycle {}
docservice.resources.requests The requested resources for the Docservice container {}
docservice.resources.limits The resources limits for the Docservice container {}
docservice.readinessProbe.enabled Enable readinessProbe for Docservice container true
docservice.livenessProbe.enabled Enable livenessProbe for Docservice container true
docservice.startupProbe.enabled Enable startupProbe for Docservice container true
docservice.autoscaling.enabled Enable Docservice deployment autoscaling false
docservice.autoscaling.annotations Defines annotations that will be additionally added to Docservice deployment HPA. If set to, it takes priority over the commonAnnotations {}
docservice.autoscaling.minReplicas Docservice deployment autoscaling minimum number of replicas 2
docservice.autoscaling.maxReplicas Docservice deployment autoscaling maximum number of replicas 4
docservice.autoscaling.targetCPU.enabled Enable autoscaling of Docservice deployment by CPU usage percentage true
docservice.autoscaling.targetCPU.utilizationPercentage Docservice deployment autoscaling target CPU percentage 70
docservice.autoscaling.targetMemory.enabled Enable autoscaling of Docservice deployment by memory usage percentage false
docservice.autoscaling.targetMemory.utilizationPercentage Docservice deployment autoscaling target memory percentage 70
docservice.autoscaling.customMetricsType Custom, additional or external autoscaling metrics for the Docservice deployment []
docservice.autoscaling.behavior Configuring Docservice deployment scaling behavior policies for the scaleDown and scaleUp fields {}
proxy.accessLog Defines the nginx config access_log format directive off
proxy.gzipProxied Defines the nginx config gzip_proxied directive off
proxy.clientMaxBodySize Defines the nginx config client_max_body_size directive 100m
proxy.workerConnections Defines the nginx config worker_connections directive 4096
proxy.secureLinkSecret Defines secret for the nginx config directive secure_link_md5 verysecretstring
proxy.infoAllowedIP Defines ip addresses for accessing the info page []
proxy.infoAllowedUser Defines user name for accessing the info page. If not set to, Nginx Basic Authentication will not be applied to access the info page. For more details, see here ""
proxy.infoAllowedPassword Defines user password for accessing the info page. Used if proxy.infoAllowedUser is set password
proxy.infoAllowedSecretKeyName The name of the key that contains the info auth user password. Used if proxy.infoAllowedUser is set info-auth-password
proxy.infoAllowedExistingSecret Name of existing secret to use for info auth password. Used if proxy.infoAllowedUser is set. Must contain the key specified in proxy.infoAllowedSecretKeyName. If set to, it takes priority over the proxy.infoAllowedPassword ""
proxy.welcomePage.enabled Defines whether the welcome page will be displayed true
proxy.image.repository Docservice Proxy container image repository* onlyoffice/docs-proxy-de
proxy.image.tag Docservice Proxy container image tag 8.2.0-1
proxy.image.pullPolicy Docservice Proxy container image pull policy IfNotPresent
proxy.containerSecurityContext.enabled Enable security context for the Proxy container false
proxy.lifecycleHooks Defines the Proxy container lifecycle hooks. It is used to trigger events to run at certain points in a container's lifecycle {}
proxy.resources.requests The requested resources for the Proxy container {}
proxy.resources.limits The resources limits for the Proxy container {}
proxy.readinessProbe.enabled Enable readinessProbe for Proxy container true
proxy.livenessProbe.enabled Enable livenessProbe for Proxy container true
proxy.startupProbe.enabled Enable startupProbe for Proxy container true
converter.annotations Defines annotations that will be additionally added to Converter Deployment. If set to, it takes priority over the commonAnnotations {}
converter.podAnnotations Map of annotations to add to the Converter deployment pods rollme: "{{ randAlphaNum 5 | quote }}"
converter.replicas Converter replicas quantity. If the converter.autoscaling.enabled parameter is enabled, it is ignored 2
converter.updateStrategy.type Converter deployment update strategy type Recreate
converter.customPodAntiAffinity Prohibiting the scheduling of Converter Pods relative to other Pods containing the specified labels on the same node {}
converter.podAffinity Defines Pod affinity rules for Converter Pods scheduling by nodes relative to other Pods {}
converter.nodeAffinity Defines Node affinity rules for Converter Pods scheduling by nodes {}
converter.nodeSelector Node labels for Converter Pods assignment. If set to, it takes priority over the nodeSelector {}
converter.tolerations Tolerations for Converter Pods assignment. If set to, it takes priority over the tolerations []
converter.terminationGracePeriodSeconds The time to terminate gracefully during which the Converter Pod will have the Terminating status 30
converter.initContainers Defines containers that run before docservice and proxy containers in the Docservice deployment pod. For example, a container that changes the owner of the PersistentVolume []
converter.image.repository Converter container image repository* onlyoffice/docs-converter-de
converter.image.tag Converter container image tag 8.2.0-1
converter.image.pullPolicy Converter container image pull policy IfNotPresent
converter.containerSecurityContext.enabled Enable security context for the Converter container false
converter.lifecycleHooks Defines the Converter container lifecycle hooks. It is used to trigger events to run at certain points in a container's lifecycle {}
converter.resources.requests The requested resources for the Converter container {}
converter.resources.limits The resources limits for the Converter container {}
converter.autoscaling.enabled Enable Converter deployment autoscaling false
converter.autoscaling.annotations Defines annotations that will be additionally added to Converter deployment HPA. If set to, it takes priority over the commonAnnotations {}
converter.autoscaling.minReplicas Converter deployment autoscaling minimum number of replicas 2
converter.autoscaling.maxReplicas Converter deployment autoscaling maximum number of replicas 16
converter.autoscaling.targetCPU.enabled Enable autoscaling of converter deployment by CPU usage percentage true
converter.autoscaling.targetCPU.utilizationPercentage Converter deployment autoscaling target CPU percentage 70
converter.autoscaling.targetMemory.enabled Enable autoscaling of Converter deployment by memory usage percentage false
converter.autoscaling.targetMemory.utilizationPercentage Converter deployment autoscaling target memory percentage 70
converter.autoscaling.customMetricsType Custom, additional or external autoscaling metrics for the Converter deployment []
converter.autoscaling.behavior Configuring Converter deployment scaling behavior policies for the scaleDown and scaleUp fields {}
example.enabled Enables the installation of Example false
example.annotations Defines annotations that will be additionally added to Example StatefulSet. If set to, it takes priority over the commonAnnotations {}
example.podAnnotations Map of annotations to add to the example pod rollme: "{{ randAlphaNum 5 | quote }}"
example.updateStrategy.type Example StatefulSet update strategy type RollingUpdate
example.customPodAntiAffinity Prohibiting the scheduling of Example Pod relative to other Pods containing the specified labels on the same node {}
example.podAffinity Defines Pod affinity rules for Example Pod scheduling by nodes relative to other Pods {}
example.nodeAffinity Defines Node affinity rules for Example Pod scheduling by nodes {}
example.nodeSelector Node labels for Example Pods assignment. If set to, it takes priority over the nodeSelector {}
example.tolerations Tolerations for Example Pods assignment. If set to, it takes priority over the tolerations []
example.terminationGracePeriodSeconds The time to terminate gracefully during which the Example Pod will have the Terminating status 30
example.image.repository Example container image name onlyoffice/docs-example
example.image.tag Example container image tag 8.2.0-1
example.image.pullPolicy Example container image pull policy IfNotPresent
example.containerSecurityContext.enabled Enable security context for the Example container false
example.dsUrl ONLYOFFICE Docs external address. It should be changed only if it is necessary to check the operation of the conversion in Example (e.g. http://<documentserver-address>/) /
example.resources.requests The requested resources for the Example container {}
example.resources.limits The resources limits for the Example container {}
example.extraConf.configMap The name of the ConfigMap containing the json file that override the default values. See an example of creation here ""
example.extraConf.filename The name of the json file that contains custom values. Must be the same as the key name in example.extraConf.ConfigMap local.json
jwt.enabled Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Docs. Common for inbox and outbox requests true
jwt.secret Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Docs. Common for inbox and outbox requests MYSECRET
jwt.header Defines the http header that will be used to send the JSON Web Token. Common for inbox and outbox requests Authorization
jwt.inBody Specifies the enabling the token validation in the request body to the ONLYOFFICE Docs false
jwt.inbox JSON Web Token validation parameters for inbox requests only. If not specified, the values of the parameters of the common jwt are used {}
jwt.outbox JSON Web Token validation parameters for outbox requests only. If not specified, the values of the parameters of the common jwt are used {}
jwt.existingSecret The name of an existing secret containing variables for jwt. If not specified, a secret named jwt will be created ""
service.existing The name of an existing service for ONLYOFFICE Docs. If not specified, a service named documentserver will be created ""
service.annotations Map of annotations to add to the ONLYOFFICE Docs service. If set to, it takes priority over the commonAnnotations {}
service.type ONLYOFFICE Docs service type ClusterIP
service.port ONLYOFFICE Docs service port 8888
service.sessionAffinity Session Affinity for ONLYOFFICE Docs service. If not set, None will be set as the default value ""
service.sessionAffinityConfig Configuration for ONLYOFFICE Docs service Session Affinity. Used if the service.sessionAffinity is set {}
ingress.enabled Enable the creation of an ingress for the ONLYOFFICE Docs false
ingress.annotations Map of annotations to add to the Ingress. If set to, it takes priority over the commonAnnotations nginx.ingress.kubernetes.io/proxy-body-size: 100m
ingress.ingressClassName Used to reference the IngressClass that should be used to implement this Ingress nginx
ingress.host Ingress hostname for the ONLYOFFICE Docs ingress ""
ingress.ssl.enabled Enable ssl for the ONLYOFFICE Docs ingress false
ingress.ssl.secret Secret name for ssl to mount into the Ingress tls
ingress.path Specifies the path where ONLYOFFICE Docs will be available /
grafana.enabled Enable the installation of resources required for the visualization of metrics in Grafana false
grafana.namespace The name of the namespace in which RBAC components and Grafana resources will be deployed. If not set, the name will be taken from namespaceOverride if set, or .Release.Namespace ""
grafana.ingress.enabled Enable the creation of an ingress for the Grafana. Used if you set grafana.enabled to true and want to use Nginx Ingress to access Grafana false
grafana.ingress.annotations Map of annotations to add to Grafana Ingress. If set to, it takes priority over the commonAnnotations nginx.ingress.kubernetes.io/proxy-body-size: 100m
grafana.dashboard.enabled Enable the installation of ready-made Grafana dashboards. Used if you set grafana.enabled to true false
podSecurityContext.enabled Enable security context for the pods false
podSecurityContext.converter.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Converter Pod 101
podSecurityContext.docservice.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Docservice Pod 101
podSecurityContext.jobs.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in Pods created by Jobs 101
podSecurityContext.example.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Example Pod 1001
podSecurityContext.tests.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Test Pod 101
webProxy.enabled Specify whether a Web proxy is used in your network to access the Pods of k8s cluster to the Internet false
webProxy.http Web Proxy address for HTTP traffic http://proxy.example.com
webProxy.https Web Proxy address for HTTPS traffic https://proxy.example.com
webProxy.noProxy Patterns for IP addresses or k8s services name or domain names that shouldn’t use the Web Proxy localhost,127.0.0.1,docservice
privateCluster Specify whether the k8s cluster is used in a private network without internet access false
upgrade.job.enabled Enable the execution of job pre-upgrade before upgrading ONLYOFFICE Docs true
upgrade.job.annotations Defines annotations that will be additionally added to pre-upgrade Job. If set to, it takes priority over the commonAnnotations {}
upgrade.job.podAnnotations Map of annotations to add to the pre-upgrade Pod {}
upgrade.job.customPodAntiAffinity Prohibiting the scheduling of pre-upgrade Job Pod relative to other Pods containing the specified labels on the same node {}
upgrade.job.podAffinity Defines Pod affinity rules for pre-upgrade Job Pod scheduling by nodes relative to other Pods {}
upgrade.job.nodeAffinity Defines Node affinity rules for pre-upgrade Job Pod scheduling by nodes {}
upgrade.job.nodeSelector Node labels for pre-upgrade Job Pod assignment. If set to, it takes priority over the nodeSelector {}
upgrade.job.tolerations Tolerations for pre-upgrade Job Pod assignment. If set to, it takes priority over the tolerations []
upgrade.job.image.repository Job by upgrade image repository onlyoffice/docs-utils
upgrade.job.image.tag Job by upgrade image tag 8.2.0-1
upgrade.job.image.pullPolicy Job by upgrade image pull policy IfNotPresent
upgrade.job.containerSecurityContext.enabled Enable security context for the pre-upgrade container false
upgrade.job.resources.requests The requested resources for the job pre-upgrade container {}
upgrade.job.resources.limits The resources limits for the job pre-upgrade container {}
upgrade.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database remove-db-scripts
upgrade.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database. Must be the same as the key name in upgrade.existingConfigmap.tblRemove.name removetbl.sql
upgrade.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database init-db-scripts
upgrade.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database. Must be the same as the key name in upgrade.existingConfigmap.tblCreate.name createdb.sql
upgrade.existingConfigmap.dsStop The name of the existing ConfigMap that contains the ONLYOFFICE Docs upgrade script. If set, the four previous parameters are ignored. Must contain a key stop.sh ""
rollback.job.enabled Enable the execution of job pre-rollback before rolling back ONLYOFFICE Docs true
rollback.job.annotations Defines annotations that will be additionally added to pre-rollback Job. If set to, it takes priority over the commonAnnotations {}
rollback.job.podAnnotations Map of annotations to add to the pre-rollback Pod {}
rollback.job.customPodAntiAffinity Prohibiting the scheduling of pre-rollback Job Pod relative to other Pods containing the specified labels on the same node {}
rollback.job.podAffinity Defines Pod affinity rules for pre-rollback Job Pod scheduling by nodes relative to other Pods {}
rollback.job.nodeAffinity Defines Node affinity rules for pre-rollback Job Pod scheduling by nodes {}
rollback.job.nodeSelector Node labels for pre-rollback Job Pod assignment. If set to, it takes priority over the nodeSelector {}
rollback.job.tolerations Tolerations for pre-rollback Job Pod assignment. If set to, it takes priority over the tolerations []
rollback.job.image.repository Job by rollback image repository onlyoffice/docs-utils
rollback.job.image.tag Job by rollback image tag 8.2.0-1
rollback.job.image.pullPolicy Job by rollback image pull policy IfNotPresent
rollback.job.containerSecurityContext.enabled Enable security context for the pre-rollback container false
rollback.job.resources.requests The requested resources for the job rollback container {}
rollback.job.resources.limits The resources limits for the job rollback container {}
rollback.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database remove-db-scripts
rollback.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database. Must be the same as the key name in rollback.existingConfigmap.tblRemove.name removetbl.sql
rollback.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database init-db-scripts
rollback.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database. Must be the same as the key name in rollback.existingConfigmap.tblCreate.name createdb.sql
rollback.existingConfigmap.dsStop The name of the existing ConfigMap that contains the ONLYOFFICE Docs rollback script. If set, the four previous parameters are ignored. Must contain a key stop.sh ""
delete.job.enabled Enable the execution of job pre-delete before deleting ONLYOFFICE Docs true
delete.job.annotations Defines annotations that will be additionally added to pre-delete Job. If set to, it takes priority over the commonAnnotations {}
delete.job.podAnnotations Map of annotations to add to the pre-delete Pod {}
delete.job.customPodAntiAffinity Prohibiting the scheduling of pre-delete Job Pod relative to other Pods containing the specified labels on the same node {}
delete.job.podAffinity Defines Pod affinity rules for pre-delete Job Pod scheduling by nodes relative to other Pods {}
delete.job.nodeAffinity Defines Node affinity rules for pre-delete Job Pod scheduling by nodes {}
delete.job.nodeSelector Node labels for pre-delete Job Pod assignment. If set to, it takes priority over the nodeSelector {}
delete.job.tolerations Tolerations for pre-delete Job Pod assignment. If set to, it takes priority over the tolerations []
delete.job.image.repository Job by delete image repository onlyoffice/docs-utils
delete.job.image.tag Job by delete image tag 8.2.0-1
delete.job.image.pullPolicy Job by delete image pull policy IfNotPresent
delete.job.containerSecurityContext.enabled Enable security context for the pre-delete container false
delete.job.resources.requests The requested resources for the job delete container {}
delete.job.resources.limits The resources limits for the job delete container {}
delete.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database remove-db-scripts
delete.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database. Must be the same as the key name in delete.existingConfigmap.tblRemove.name removetbl.sql
delete.existingConfigmap.dsStop The name of the existing ConfigMap that contains the ONLYOFFICE Docs delete script. If set, the two previous parameters are ignored. Must contain a key stop.sh ""
install.job.enabled Enable the execution of job pre-install before installing ONLYOFFICE Docs true
install.job.annotations Defines annotations that will be additionally added to pre-install Job. If set to, it takes priority over the commonAnnotations {}
install.job.podAnnotations Map of annotations to add to the pre-install Pod {}
install.job.customPodAntiAffinity Prohibiting the scheduling of pre-install Job Pod relative to other Pods containing the specified labels on the same node {}
install.job.podAffinity Defines Pod affinity rules for pre-install Job Pod scheduling by nodes relative to other Pods {}
install.job.nodeAffinity Defines Node affinity rules for pre-install Job Pod scheduling by nodes {}
install.job.nodeSelector Node labels for pre-install Job Pod assignment. If set to, it takes priority over the nodeSelector {}
install.job.tolerations Tolerations for pre-install Job Pod assignment. If set to, it takes priority over the tolerations []
install.job.image.repository Job by pre-install ONLYOFFICE Docs image repository onlyoffice/docs-utils
install.job.image.tag Job by pre-install ONLYOFFICE Docs image tag 8.2.0-1
install.job.image.pullPolicy Job by pre-install ONLYOFFICE Docs image pull policy IfNotPresent
install.job.containerSecurityContext.enabled Enable security context for the pre-install container false
install.job.resources.requests The requested resources for the job pre-install container {}
install.job.resources.limits The resources limits for the job pre-install container {}
install.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database init-db-scripts
install.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database. Must be the same as the key name in install.existingConfigmap.tblCreate.name createdb.sql
install.existingConfigmap.initdb The name of the existing ConfigMap that contains the initdb script. If set, the two previous parameters are ignored. Must contain a key initdb.sh ""
clearCache.job.enabled Enable the execution of job Clear Cache after upgrading ONLYOFFICE Docs. Job by Clear Cache has a post-upgrade hook executes after any resources have been upgraded in Kubernetes. He clears the Cache directory true
clearCache.job.annotations Defines annotations that will be additionally added to Clear Cache Job. If set to, it takes priority over the commonAnnotations {}
clearCache.job.podAnnotations Map of annotations to add to the Clear Cache Pod {}
clearCache.job.customPodAntiAffinity Prohibiting the scheduling of Clear Cache Job Pod relative to other Pods containing the specified labels on the same node {}
clearCache.job.podAffinity Defines Pod affinity rules for Clear Cache Job Pod scheduling by nodes relative to other Pods {}
clearCache.job.nodeAffinity Defines Node affinity rules for Clear Cache Job Pod scheduling by nodes {}
clearCache.job.nodeSelector Node labels for Clear Cache Job Pod assignment. If set to, it takes priority over the nodeSelector {}
clearCache.job.tolerations Tolerations for Clear Cache Job Pod assignment. If set to, it takes priority over the tolerations []
clearCache.job.image.repository Job by Clear Cache ONLYOFFICE Docs image repository onlyoffice/docs-utils
clearCache.job.image.tag Job by Clear Cache ONLYOFFICE Docs image tag 8.2.0-1
clearCache.job.image.pullPolicy Job by Clear Cache ONLYOFFICE Docs image pull policy IfNotPresent
clearCache.job.containerSecurityContext.enabled Enable security context for the Clear Cache container false
clearCache.job.resources.requests The requested resources for the job Clear Cache container {}
clearCache.job.resources.limits The resources limits for the job Clear Cache container {}
clearCache.existingConfigmap.name The name of the existing ConfigMap that contains the clears the Cache directory custom script. If set, the default configmap will not be created ""
clearCache.existingConfigmap.keyName The name of the script containing instructions for clears the Cache directory. Must be the same as the key name in clearCache.existingConfigmap.name if a custom script is used clearCache.sh
grafanaDashboard.job.annotations Defines annotations that will be additionally added to Grafana Dashboard Job. If set to, it takes priority over the commonAnnotations {}
grafanaDashboard.job.podAnnotations Map of annotations to add to the Grafana Dashboard Pod {}
grafanaDashboard.job.customPodAntiAffinity Prohibiting the scheduling of Grafana Dashboard Job Pod relative to other Pods containing the specified labels on the same node {}
grafanaDashboard.job.podAffinity Defines Pod affinity rules for Grafana Dashboard Job Pod scheduling by nodes relative to other Pods {}
grafanaDashboard.job.nodeAffinity Defines Node affinity rules for Grafana Dashboard Job Pod scheduling by nodes {}
grafanaDashboard.job.nodeSelector Node labels for Grafana Dashboard Job Pod assignment. If set to, it takes priority over the nodeSelector {}
grafanaDashboard.job.tolerations Tolerations for Grafana Dashboard Job Pod assignment. If set to, it takes priority over the tolerations []
grafanaDashboard.job.image.repository Job by Grafana Dashboard ONLYOFFICE Docs image repository onlyoffice/docs-utils
grafanaDashboard.job.image.tag Job by Grafana Dashboard ONLYOFFICE Docs image tag 8.2.0-1
grafanaDashboard.job.image.pullPolicy Job by Grafana Dashboard ONLYOFFICE Docs image pull policy IfNotPresent
grafanaDashboard.job.containerSecurityContext.enabled Enable security context for the Grafana Dashboard container false
grafanaDashboard.job.resources.requests The requested resources for the job Grafana Dashboard container {}
grafanaDashboard.job.resources.limits The resources limits for the job Grafana Dashboard container {}
tests.enabled Enable the resources creation necessary for ONLYOFFICE Docs launch testing and connected dependencies availability testing. These resources will be used when running the helm test command true
tests.annotations Defines annotations that will be additionally added to Test Pod. If set to, it takes priority over the commonAnnotations {}
tests.customPodAntiAffinity Prohibiting the scheduling of Test Pod relative to other Pods containing the specified labels on the same node {}
tests.podAffinity Defines Pod affinity rules for Test Pod scheduling by nodes relative to other Pods {}
tests.nodeAffinity Defines Node affinity rules for Test Pod scheduling by nodes {}
tests.nodeSelector Node labels for Test Pod assignment. If set to, it takes priority over the nodeSelector {}
tests.tolerations Tolerations for Test Pod assignment. If set to, it takes priority over the tolerations []
tests.image.repository Test container image name onlyoffice/docs-utils
tests.image.tag Test container image tag 8.2.0-1
tests.image.pullPolicy Test container image pull policy IfNotPresent
tests.containerSecurityContext.enabled Enable security context for the Test container false
tests.resources.requests The requested resources for the test container {}
tests.resources.limits The resources limits for the test container {}

  • *Note: The prefix -de is specified in the value of the image repository, which means solution type. Possible options:

    • Nothing is specified. For the open-source community version
    • -de. For commercial Developer Edition
    • -ee. For commercial Enterprise Edition

    If you use the community version, there may be problems with co-editing documents.

    The default value of this parameter refers to the ONLYOFFICE Document Server Developer Edition. To learn more about this edition and compare it with other editions, please see the comparison table on this page.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install documentserver onlyoffice/docs --set ingress.enabled=true,ingress.ssl.enabled=true,ingress.host=example.com

This command gives expose ONLYOFFICE Docs via HTTPS.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

$ helm install documentserver -f values.yaml onlyoffice/docs

Tip: You can use the default values.yaml

5. Configuration and installation details

5.1 Example deployment (optional)

To deploy the example, set the example.enabled parameter to true:

$ helm install documentserver onlyoffice/docs --set example.enabled=true

5.2 Metrics deployment (optional)

To deploy metrics, set metrics.enabled to true:

$ helm install documentserver onlyoffice/docs --set metrics.enabled=true

If you want to use Grafana to visualize metrics, set grafana.enabled to true. If you want to use Nginx Ingress to access Grafana, set grafana.ingress.enabled to true:

$ helm install documentserver onlyoffice/docs --set grafana.enabled=true --set grafana.ingress.enabled=true

5.3 Expose ONLYOFFICE Docs

5.3.1 Expose ONLYOFFICE Docs via Service (HTTP Only)

You should skip step#5.3.1 if you are going to expose ONLYOFFICE Docs via HTTPS

This type of exposure has the least overheads of performance, it creates a loadbalancer to get access to ONLYOFFICE Docs. Use this type of exposure if you use external TLS termination, and don't have another WEB application in the k8s cluster.

To expose ONLYOFFICE Docs via service, set the service.type parameter to LoadBalancer:

$ helm install documentserver onlyoffice/docs --set service.type=LoadBalancer,service.port=80

Run the following command to get the documentserver service IP:

$ kubectl get service documentserver -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

After that, ONLYOFFICE Docs will be available at http://DOCUMENTSERVER-SERVICE-IP/.

If the service IP is empty, try getting the documentserver service hostname:

$ kubectl get service documentserver -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"

In this case, ONLYOFFICE Docs will be available at http://DOCUMENTSERVER-SERVICE-HOSTNAME/.

5.3.2 Expose ONLYOFFICE Docs via Ingress

5.3.2.1 Installing the Kubernetes Nginx Ingress Controller

To install the Nginx Ingress Controller to your cluster, run the following command:

$ helm install nginx-ingress ingress-nginx/ingress-nginx --set controller.publishService.enabled=true,controller.replicaCount=2

Note: To install Nginx Ingress with the same parameters and to enable exposing ingress-nginx metrics to be gathered by Prometheus, run the following command:

$ helm install nginx-ingress -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/ingress_values.yaml ingress-nginx/ingress-nginx

See more detail about installing Nginx Ingress via Helm here.

5.3.2.2 Expose ONLYOFFICE Docs via HTTP

You should skip step5.3.2.2 if you are going to expose ONLYOFFICE Docs via HTTPS

This type of exposure has more overheads of performance compared with exposure via service, it also creates a loadbalancer to get access to ONLYOFFICE Docs. Use this type if you use external TLS termination and when you have several WEB applications in the k8s cluster. You can use the one set of ingress instances and the one loadbalancer for those. It can optimize the entry point performance and reduce your cluster payments, cause providers can charge a fee for each loadbalancer.

To expose ONLYOFFICE Docs via ingress HTTP, set the ingress.enabled parameter to true:

$ helm install documentserver onlyoffice/docs --set ingress.enabled=true

Run the following command to get the documentserver ingress IP:

$ kubectl get ingress documentserver -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

After that, ONLYOFFICE Docs will be available at http://DOCUMENTSERVER-INGRESS-IP/.

If the ingress IP is empty, try getting the documentserver ingress hostname:

$ kubectl get ingress documentserver -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"

In this case, ONLYOFFICE Docs will be available at http://DOCUMENTSERVER-INGRESS-HOSTNAME/.

5.3.2.3 Expose ONLYOFFICE Docs via HTTPS

This type of exposure allows you to enable internal TLS termination for ONLYOFFICE Docs.

Create the tls secret with an ssl certificate inside.

Put the ssl certificate and the private key into the tls.crt and tls.key files and then run:

$ kubectl create secret generic tls \
  --from-file=./tls.crt \
  --from-file=./tls.key
$ helm install documentserver onlyoffice/docs --set ingress.enabled=true,ingress.ssl.enabled=true,ingress.host=example.com

Run the following command to get the documentserver ingress IP:

$ kubectl get ingress documentserver -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

If the ingress IP is empty, try getting the documentserver ingress hostname:

$ kubectl get ingress documentserver -o jsonpath="{.status.loadBalancer.ingress[*].hostname}"

Associate the documentserver ingress IP or hostname with your domain name through your DNS provider.

After that, ONLYOFFICE Docs will be available at https://your-domain-name/.

6. Scale ONLYOFFICE Docs (optional)

This step is optional. You can skip step 6 entirely if you want to use default deployment settings.

6.1 Horizontal Pod Autoscaling

You can enable Autoscaling so that the number of replicas of docservice and converter deployments is calculated automatically based on the values and type of metrics.

For resource metrics, API metrics.k8s.io must be registered, which is generally provided by metrics-server. It can be launched as a cluster add-on.

To use the target utilization value (target.type==Utilization), it is necessary that the values for resources.requests are specified in the deployment.

For more information about Horizontal Pod Autoscaling, see here.

To enable HPA for the docservice deployment, specify the docservice.autoscaling.enabled=true parameter. In this case, the docservice.replicas parameter is ignored and the number of replicas is controlled by HPA.

Similarly, to enable HPA for the converter deployment, specify the converter.autoscaling.enabled=true parameter. In this case, the converter.replicas parameter is ignored and the number of replicas is controlled by HPA.

With the autoscaling.enabled parameter enabled, by default Autoscaling will adjust the number of replicas based on the average percentage of CPU Utilization. For other configurable Autoscaling parameters, see the Parameters table.

6.2 Manual scaling

The docservice and converter deployments consist of 2 pods each other by default.

To scale the docservice deployment, use the following command:

$ kubectl scale -n default deployment docservice --replicas=POD_COUNT

where POD_COUNT is a number of the docservice pods.

Do the same to scale the converter deployment:

$ kubectl scale -n default deployment converter --replicas=POD_COUNT

7. Update ONLYOFFICE Docs

It's necessary to set the parameters for updating. For example,

$ helm upgrade documentserver onlyoffice/docs \
  --set docservice.image.tag=[version]

Note: also need to specify the parameters that were specified during installation

Or modify the values.yaml file and run the command:

$ helm upgrade documentserver -f values.yaml onlyoffice/docs

Running the helm upgrade command runs a hook that shuts down the ONLYOFFICE Docs and cleans up the database. This is needed when updating the version of ONLYOFFICE Docs. The default hook execution time is 300s. The execution time can be changed using --timeout [time], for example

$ helm upgrade documentserver -f values.yaml onlyoffice/docs --timeout 15m

Note: When upgrading ONLYOFFICE Docs in a private k8s cluster behind a Web proxy or with no internet access, see the notes below.

If you want to update any parameter other than the version of the ONLYOFFICE Docs, then run the helm upgrade command without hooks, for example:

$ helm upgrade documentserver onlyoffice/docs --set jwt.enabled=false --no-hooks

To rollback updates, run the following command:

$ helm rollback documentserver

Note: When rolling back ONLYOFFICE Docs in a private k8s cluster behind a Web proxy or with no internet access, see the notes below.

8. Shutdown ONLYOFFICE Docs (optional)

To perform the shutdown, run the following command:

$ kubectl apply -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/shutdown-ds.yaml -n <NAMESPACE>

Where:

  • <NAMESPACE> - Namespace where ONLYOFFICE Docs is installed. If not specified, the default value will be used: default.

For example:

$ kubectl apply -f https://raw.githubusercontent.com/ONLYOFFICE/Kubernetes-Docs/master/sources/shutdown-ds.yaml -n onlyoffice

After successfully executing the Pod shutdown-ds that created the Job, delete this Job with the following command:

$ kubectl delete job shutdown-ds -n <NAMESPACE>

If after stopping ONLYOFFICE Docs you need to start it again then restart docservice and converter pods. For example, using the following command:

$ kubectl delete pod converter-*** docservice-*** -n <NAMESPACE>

9. Update ONLYOFFICE Docs license (optional)

In order to update the license, you need to perform the following steps:

  • Place the license.lic file containing the new key in some directory
  • Run the following commands:
$ kubectl delete secret license -n <NAMESPACE>
$ kubectl create secret generic license --from-file=path/to/license.lic -n <NAMESPACE>
  • Restart docservice and converter pods. For example, using the following command:
$ kubectl delete pod converter-*** docservice-*** -n <NAMESPACE>

10. ONLYOFFICE Docs installation test (optional)

You can test ONLYOFFICE Docs availability and access to connected dependencies by running the following command:

$ helm test documentserver -n <NAMESPACE>

The output should have the following line:

Phase: Succeeded

To view the log of the Pod running as a result of the helm test command, run the following command:

$ kubectl logs -f test-ds -n <NAMESPACE>

The ONLYOFFICE Docs availability check is considered a priority, so if it fails with an error, the test is considered to be failed.

After this, you can delete the test-ds Pod by running the following command:

$ kubectl delete pod test-ds -n <NAMESPACE>

Note: This testing is for informational purposes only and cannot guarantee 100% availability results. It may be that even though all checks are completed successfully, an error occurs in the application. In this case, more detailed information can be found in the application logs.

11. Run Jobs in a private k8s cluster (optional)

When running Job for installation, update, rollback and deletion, the container being launched needs Internet access to download the latest sql scripts. If the access of containers to the external network is prohibited in your k8s cluster, then you can perform these Jobs by setting the privateCluster=true parameter and manually create a ConfigMap with the necessary sql scripts.

To do this, run the following commands:

If your cluster already has remove-db-scripts and init-db-scripts configmaps, then delete them:

$ kubectl delete cm remove-db-scripts init-db-scripts

Download the ONLYOFFICE Docs database scripts for database cleaning and database tables creating:

If PostgreSQL is selected as the database server:

$ wget -O removetbl.sql https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/postgresql/removetbl.sql
$ wget -O createdb.sql https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/postgresql/createdb.sql

If MySQL is selected as the database server:

$ wget -O removetbl.sql https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/mysql/removetbl.sql
$ wget -O createdb.sql https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/mysql/createdb.sql

Create a configmap from them:

$ kubectl create configmap remove-db-scripts --from-file=./removetbl.sql
$ kubectl create configmap init-db-scripts --from-file=./createdb.sql

Note: If you specified a different name for ConfigMap and for the file from which it is created, set the appropriate parameters for the corresponding Jobs:

  • existingConfigmap.tblRemove.name and existingConfigmap.tblRemove.keyName for scripts for database cleaning
  • existingConfigmap.tblCreate.name and existingConfigmap.tblCreate.keyName for scripts for database tables creating

Next, when executing the commands helm install|upgrade|rollback|delete, set the parameter privateCluster=true

Note: If it is possible to use a Web Proxy in your network to ensure the Pods containers have access to the Internet, then you can leave the parameter privateCluster=false, not manually create a configmaps with sql scripts and set the parameter webProxy.enabled=true, also setting the appropriate parameters for the Web Proxy.

12. Access to the info page (optional)

The access to /info page is limited by default. In order to allow the access to it, you need to specify the IP addresses or subnets (that will be Proxy container clients in this case) using proxy.infoAllowedIP parameter. Taking into consideration the specifics of Kubernetes net interaction it is possible to get the original IP of the user (being Proxy client) though it's not a standard scenario. Generally the Pods / Nodes / Load Balancer addresses will actually be the clients, so these addresses are to be used. In this case the access to the info page will be available to everyone. You can further limit the access to the info page using Nginx Basic Authentication which you can turn on by setting proxy.infoAllowedUser parameter value and by setting the password using proxy.infoAllowedPassword parameter, alternatively you can use the existing secret with password by setting its name with proxy.infoAllowedExistingSecret parameter.

Using Grafana to visualize metrics (optional)

This step is optional. You can skip this section if you don't want to install Grafana

1. Deploy Grafana

Note: It is assumed that step #6.2 has already been completed.

1.1 Deploy Grafana without installing ready-made dashboards

You should skip step #1.1 if you want to Deploy Grafana with the installation of ready-made dashboards

To install Grafana to your cluster, run the following command:

$ helm install grafana bitnami/grafana \
  --set service.ports.grafana=80 \
  --set config.useGrafanaIniFile=true \
  --set config.grafanaIniConfigMap=grafana-ini \
  --set datasources.secretName=grafana-datasource

1.2 Deploy Grafana with the installation of ready-made dashboards

1.2.1 Installing ready-made Grafana dashboards

To install ready-made Grafana dashboards, set the grafana.enabled and grafana.dashboard.enabled parameters to true. If ONLYOFFICE Docs is already installed you need to run the helm upgrade documentserver onlyoffice/docs --set grafana.enabled=true --set grafana.dashboard.enabled=true --no-hooks command or helm upgrade documentserver -f ./values.yaml onlyoffice/docs --no-hooks if the parameters are specified in the values.yaml file. As a result, ready-made dashboards in the JSON format will be downloaded from the Grafana website, the necessary edits will be made to them and configmap will be created from them. A dashboard will also be added to visualize metrics coming from the ONLYOFFICE Docs (it is assumed that step #6 has already been completed).

1.2.2 Installing Grafana

To install Grafana to your cluster, run the following command:

$ helm install grafana bitnami/grafana \
  --set service.ports.grafana=80 \
  --set config.useGrafanaIniFile=true \
  --set config.grafanaIniConfigMap=grafana-ini \
  --set datasources.secretName=grafana-datasource \
  --set dashboardsProvider.enabled=true \
  --set dashboardsConfigMaps[0].configMapName=dashboard-node-exporter \
  --set dashboardsConfigMaps[0].fileName=dashboard-node-exporter.json \
  --set dashboardsConfigMaps[1].configMapName=dashboard-deployment \
  --set dashboardsConfigMaps[1].fileName=dashboard-deployment.json \
  --set dashboardsConfigMaps[2].configMapName=dashboard-redis \
  --set dashboardsConfigMaps[2].fileName=dashboard-redis.json \
  --set dashboardsConfigMaps[3].configMapName=dashboard-rabbitmq \
  --set dashboardsConfigMaps[3].fileName=dashboard-rabbitmq.json \
  --set dashboardsConfigMaps[4].configMapName=dashboard-postgresql \
  --set dashboardsConfigMaps[4].fileName=dashboard-postgresql.json \
  --set dashboardsConfigMaps[5].configMapName=dashboard-nginx-ingress \
  --set dashboardsConfigMaps[5].fileName=dashboard-nginx-ingress.json \
  --set dashboardsConfigMaps[6].configMapName=dashboard-documentserver \
  --set dashboardsConfigMaps[6].fileName=dashboard-documentserver.json \
  --set dashboardsConfigMaps[7].configMapName=dashboard-cluster-resourses \
  --set dashboardsConfigMaps[7].fileName=dashboard-cluster-resourses.json

After executing this command, the following dashboards will be imported into Grafana:

  • Node Exporter
  • Deployment Statefulset Daemonset
  • Redis Dashboard for Prometheus Redis Exporter
  • RabbitMQ-Overview
  • PostgreSQL Database
  • NGINX Ingress controller
  • ONLYOFFICE Docs
  • Resource usage by Pods and Containers

Note: You can see the description of the ONLYOFFICE Docs metrics that are visualized in Grafana here.

See more details about installing Grafana via Helm here.

2 Access to Grafana via Ingress

Note: It is assumed that step #5.3.2.1 has already been completed.

If ONLYOFFICE Docs was installed with the parameter grafana.ingress.enabled (step #5.2) then access to Grafana will be at: http://INGRESS-ADDRESS/grafana/

If Ingres was installed using a secure connection (step #5.3.2.3), then access to Grafana will be at: https://your-domain-name/grafana/

3. View gathered metrics in Grafana

Go to the address http(s)://your-domain-name/grafana/

Login - admin

To get the password, run the following command:

$ kubectl get secret grafana-admin --namespace default -o jsonpath="{.data.GF_SECURITY_ADMIN_PASSWORD}" | base64 --decode

In the dashboard section, you will see the added dashboards that will display the metrics received from Prometheus.

About

ONLYOFFICE Docs for Kubernetes

onlyoffice.com

Topics

kubernetes docs onlyoffice

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

43 stars

Watchers

22 watching

Forks

26 forks
Report repository

Releases 6

documentserver-22.5.4 Latest
May 4, 2022
+ 5 releases

Packages

No packages published

Contributors 12

Languages