You folks are really dropping the ball by not having oidc configuration in the helm chart by default. This needs to be pointed out and gain attention.
Please take note and do your best not to instruct me to submit a pull request, or tell me my use case is rare. Think about what I’m saying, do you want people to easily be able to adopt your application and use it or do you want them to go somewhere else?
I’ve been watching this project for a few years and have installed it several times. Each time I have to jump through a ton of hoops to achieve a clean ‘gitops’ deployment.
Implementing a gitops strategy via kubernetes is becoming the norm. Everything that can be deployed via a container can be implemented in a gitops fashion. The idea is to put the configuration of an application (infrastructure as code) into a git repo, and then ‘continuously deliver’ that application using gitops via an application such as argocd, flux, or carvel… whenever a change is made to git, the change gets reflected in the live deployment, history can be tracked via changes in the git repo.
When secrets are involved those are stored in a vault somewhere and pulled at runtime, this helps to avoid saving anything into git which is secret. Configuring oidc as part of the helm chart values file means that when the application is first deployed everyone with an account can immediately login and use the application.
Gitops breaks down when there are steps you have to perform after installation, where you log in as an administrator and install things & configure things. That’s not infrastructure as code, unless you want to include “after the fact configuration” via ansible, terraform, or similar.
Every app I have deployed in my home lab follows gitops, except nextcloud, I was able to make it work in the past by basically hacking into things and creating an enormous script to run after installation, but this is the wrong approach. Nextcloud is the outlier, preferring its own vm with docker, and its own little world to run in. Nextcloud demands a “pet” installation, and can’t live in a world of “pets vs cattle”.
Until this is implemented, many will look for the oidc configuration, put a little effort into seeing if they can hack together a solution, and then they will abandon your project and look elsewhere. I want to use nextcloud right now, I’m ready to install it again. I can look up my old hacked together solution on this forum and implement it again but it’s just so ugly. It’s been years.
I’m not asking you to switch to a database such as cockroachdb, or similar, so the app can scale, I’m not asking nextcloud to be able to work with multiple replicas of nextcloud in order to scale, I’m only asking for OIDC. Let’s make it so nextcloud can be configured via the helm chart, rather than just installed, and then require a manual configuration after the fact. Let plugins be specified in the helm chart, etc… or, for now, let’s just get oidc in there.
No reply is necessary.
Respectfully,
- lknite.