feat(nextcloud): Expose forbiddenChars in functional.yaml.gotmpl; review migrations.md for required upgrade steps

2025-12-06 07:21:36 +01:00 · 2025-09-09 12:00:21 +02:00
parent ba77f2b11c
commit 5a2c1fcf98
7 changed files with 85 additions and 10 deletions
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -10,6 +10,9 @@ SPDX-License-Identifier: Apache-2.0
 * [Deprecation warnings](#deprecation-warnings)
 * [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
 * [Manual checks/actions](#manual-checksactions)
+  * [v1.7.1+](#v171)
+    * [Pre-upgrade to v1.7.1+](#pre-upgrade-to-v171)
+      * [New Helmfile default: Restricting characters for directory and filenames in fileshare module](#new-helmfile-default-restricting-characters-for-directory-and-filenames-in-fileshare-module)
  * [v1.7.0+](#v170)
    * [Pre-upgrade to v1.7.0+](#pre-upgrade-to-v170)
      * [Helmfile fix: Ensure enterprise overrides apply when deploying from project root](#helmfile-fix-ensure-enterprise-overrides-apply-when-deploying-from-project-root)
@@ -127,11 +130,49 @@ If you would like more details about the automated migrations, please read secti

 # Manual checks/actions

+## v1.7.1+
+
+### Pre-upgrade to v1.7.1+
+
+#### New Helmfile default: Restricting characters for directory and filenames in fileshare module
+
+**Target group:** All openDesk deployments using the fileshare module, as they may already contain files or directories with characters that are now restricted.
+
+openDesk now enforces restrictions on the characters allowed in directory and filenames by explicitly disallowing the following set: `* " | ? ; : \ / ~ < >`
+
+The reason is that desktop clients can not handle all characters due to restrictions in the underlying operating system and therefor syncing these directories and/or files will fail.
+
+This change was introduced because desktop clients cannot reliably handle certain characters due to operating system limitations, causing file synchronization to fail when these characters are present.
+
+For existing deployments, any files or directories containing restricted characters must be renamed before updates within the file or (sub)directory can succeed.
+
+Nextcloud provides tooling for renaming affected files using an [`occ command`](https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html#sanitize-filenames) that can be executed by the operator, the command also supports a dry-run mode.
+
+You can customize the default restriction settings in `functional.yaml.gotmpl`:
+
+```
+functional:
+  filestore:
+    naming:
+      forbiddenChars:
+        - '*'
+        - '"'
+        - '|'
+        - '?'
+        - ';'
+        - ':'
+        - '\'
+        - '/'
+        - '~'
+        - '<'
+        - '>'
+```
+
 ## v1.7.0+

 ### Pre-upgrade to v1.7.0+

-### Helmfile fix: Ensure enterprise overrides apply when deploying from project root
+#### Helmfile fix: Ensure enterprise overrides apply when deploying from project root

 **Target group:** All openDesk Enterprise deployments initiated from the project root using `helmfile_generic.yaml.gotmpl`

--- a/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
@@ -176,8 +176,7 @@ configuration:
    token:
      value: {{ .Values.secrets.nextcloud.metricsToken | quote }}

-  # A sane default for windows clients would be: `* " | & ? , ; : \ / ~ < >`
-  forbiddenChars: "* \" | & ? , ; : \\ / ~ < >"
+  forbiddenChars: {{ join " " .Values.functional.filestore.naming.forbiddenChars | quote }}

 containerSecurityContext:
  allowPrivilegeEscalation: false
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -7,7 +7,6 @@ global:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

 exporter:
-
  additionalAnnotations:
    intents.otterize.com/service-name: "opendesk-nextcloud-exporter"
    {{- with .Values.annotations.nextcloudExporter.additional }}
@@ -59,6 +58,23 @@ exporter:
      {{ .Values.annotations.nextcloudExporter.serviceAccount | toYaml | nindent 6 }}

 aio:
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - weight: 1
+          podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: "app.kubernetes.io/name"
+                  operator: "In"
+                  values:
+                    - "aio"
+                - key: "app.kubernetes.io/instance"
+                  operator: "In"
+                  values:
+                    - "opendesk-nextcloud"
+            topologyKey: "kubernetes.io/hostname"
+
  additionalAnnotations:
    intents.otterize.com/service-name: "opendesk-nextcloud-aio"
    {{- with .Values.annotations.nextcloudAio.additional }}
--- a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
+++ b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
@@ -13,7 +13,7 @@ images:
  nextcloud:
    registry: "registry.opencode.de"
    repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
-    tag: "1.6.8@sha256:605b560f736f6130e2927472a7379bf758fdf08aaaf20b8e9e816eba8692ab99"
+    tag: "1.6.9@sha256:3d9f2db7d3f38f3ba86d3ad3b46d98e566c18a9545f3ca14fc357b1944b41c5c"
  openxchangeCoreMW:
    registry: "registry.opencode.de"
    repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -249,7 +249,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud"
-    version: "4.4.1"
+    version: "4.4.3"
    verify: true
  nextcloudManagement:
    # providerCategory: "Platform"
@@ -259,7 +259,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-management"
-    version: "4.4.1"
+    version: "4.4.3"
    verify: true
  nextcloudNotifyPush:
    # providerCategory: "Platform"
@@ -269,7 +269,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-notifypush"
-    version: "4.4.1"
+    version: "4.4.3"
    verify: true
  nginx:
    # providerCategory: "Community"
--- a/helmfile/environments/default/functional.yaml.gotmpl
+++ b/helmfile/environments/default/functional.yaml.gotmpl
@@ -128,6 +128,25 @@ functional:
      enabled: true

  filestore:
+    # Settings related to directory and filenames
+    naming:
+      # Disallowed characters for directory and file names.
+      # Some operating systems do not support these characters, preventing affected clients from syncing files.
+      #
+      # Note: After changing the settings below and redeploying Nextcloud, restart the `aio` Pod(s) to
+      # apply the changes.
+      forbiddenChars:
+        - '*'
+        - '"'
+        - '|'
+        - '?'
+        - ';'
+        - ':'
+        - '\'
+        - '/'
+        - '~'
+        - '<'
+        - '>'
    quota:
      # Set the default quota for all users in gigabyte
      default: 1
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -332,7 +332,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.10.8@sha256:3fdc0b099d2c8343ea404708002e900c1ec74966384db3696948cc3a7a34300a"
+    tag: "2.10.10@sha256:b994d3d1e0664056122dc5275fdf0a4ec7215d9dc5e8b3c030c31a366eda9aa0"
  nextcloudExporter:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"