helm
helm copied to clipboard
nextcloud
Configure datadir & external database properly
Describe your Issue
Given the below environment, all pods are started correctly but the installer doesn't go through and throws those warnings (navigating to https://cloud.example.com):
- "Cannot create or write into the data directory /opt/nextcloud/data"
- nextcloud.datadir is set
- nextcloud.configs.pre-installation tries to create the dir & make it accessable for the webserver's user
- "You chose SQLite as database. SQLite should only be used for minimal and development instances. For production we recommend a different database backend. If you use clients for file syncing, the use of SQLite is highly discouraged."
- internalDatabase is disabled
- externalDatabase is configured
- mariadb is configured (pointing to the same secret as externalDatabase)
Logs and Errors
Pods are fine
Describe your Environment
-
Kubernetes distribution: k3s
-
Helm Version: v3.14.4
-
Helm Chart Version: 5.5.2
-
MariaDB Version: 18.2.0 (using Bitnami sub)
-
values.yaml:
## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
repository: nextcloud
flavor: fpm
# default is generated by flavor and appVersion
tag: #29.0.4
pullPolicy: IfNotPresent
# Number of replicas to be deployed
replicaCount: 1
ingress:
enabled: "true"
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.middlewares: kube-system-nextcloud-headers@kubernetescrd,kube-system-nextcloud-redirectregex@kubernetescrd,kube-system-nextcloud-uploadlimit@kubernetescrd
labels: {}
path: /
pathType: Prefix
phpClientHttpsFix:
enabled: true
protocol: https
nextcloud:
host: example.com
existingSecret:
enabled: true
secretName: nextcloud-secret
usernameKey: NC_USERNAME
passwordKey: NC_PASSWORD
smtpUsernameKey: SMTP_USERNAME
smtpPasswordKey: SMTP_PASSWORD
smtpHostKey: SMTP_HOST
update: 0
containerPort: 80
datadir: /opt/nextcloud/data
mail:
enabled: true
fromAddress: name
domain: example.com
smtp:
host:
valueFrom:
secretKeyRef:
name: nextcloud-secret
value: SMTP_HOST
secure: ''
port: 587
authtype: LOGIN
name:
valueFrom:
secretKeyRef:
name: nextcloud-secret
value: SMTP_USERNAME
password:
valueFrom:
secretKeyRef:
name: nextcloud-secret
value: SMTP_PASSWORD
phpConfigs:
# zz-opcache.ini: |-
# [opcache]
# opcache.memory_consumption=256
# opcache.interned_strings_buffer=8
# opcache.max_accelerated_files=4000
# opcache.revalidate_freq=60
# opcache.fast_shutdown=1
# opcache.enable_cli=1
# opcache.jit = 1255
# opcache.jit_buffer_size = 128M
# zz-memory_limit.ini: |-
# memory_limit=1024M
# upload_max_filesize = 16G
# post_max_size = 16G
# max_input_time 7200
# max_execution_time 7200
# upload_tmp_dir = /opt/tmp/
# output_buffering = 0
defaultConfigs:
# To protect /var/www/html/config
.htaccess: true
# Redis default configuration
redis.config.php: true
# Apache configuration for rewrite urls
#apache-pretty-urls.config.php: true
# Define APCu as local cache
apcu.config.php: true
# Apps directory configs
apps.config.php: true
# Used for auto configure database
autoconfig.php: true
# SMTP default configuration
smtp.config.php: true
configs:
# custom.config.php: |-
# <?php
# $CONFIG = array (
# 'maintenance_window_start' => 2
# );
# previews.config.php: |-
# <?php
# $CONFIG = array (
# 'enable_previews' => true,
# 'enabledPreviewProviders' => array (
# 'OC\Preview\Movie',
# 'OC\Preview\PNG',
# 'OC\Preview\JPEG',
# 'OC\Preview\GIF',
# 'OC\Preview\BMP',
# 'OC\Preview\XBitmap',
# 'OC\Preview\MP3',
# 'OC\Preview\MP4',
# 'OC\Preview\TXT',
# 'OC\Preview\MarkDown',
# 'OC\Preview\PDF'
# ),
# );
# proxy.config.php: |-
# <?php
# $CONFIG = array (
# 'trusted_proxies' => array(
# 0 => '127.0.0.1',
# 1 => '10.0.0.0/8',
# 2 => 'traefik.kube-system',
# ),
# 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
# );
hooks:
pre-installation:
create_datadir: |-
sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data
post-installation:
pre-upgrade:
post-upgrade:
before-starting:
strategy:
type: Recreate
extraInitContainers: []
extraSidecarContainers: []
extraVolumes:
extraVolumeMounts:
securityContext: {}
podSecurityContext: {}
mariaDbInitContainer:
securityContext: {}
postgreSqlInitContainer:
securityContext: {}
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent
containerPort: 80
config:
default: true
resources: {}
securityContext: {}
extraEnv:
- name: TRUSTED_PROXIES
value: traefik.kube-system
internalDatabase:
enabled: false
name: nextcloud
externalDatabase:
enabled: true
type: mysql
existingSecret:
enabled: true
secretName: nextcloud-mysql-secret
usernameKey: mariadb-username
passwordKey: mariadb-password
databaseKey: mariadb-database
mariadb:
enabled: true
auth:
database: nextcloud
username: nextcloud
existingSecret: nextcloud-mysql-secret
architecture: standalone
clusterDomain: smith.cloud
primary:
persistence:
enabled: true
existingClaim: nextcloud-mysql-pvc
storageClass: longhorn-static
accessMode: ReadWriteOnce
size: 4Gi
redis:
enabled: true
auth:
enabled: true
existingSecret: nextcloud-secret
existingSecretPasswordKey: REDIS_PASSWORD
clusterDomain: smith.cloud
architecture: replication
master:
persistence:
size: 4Gi
replica:
replicaCount: 2
persistence:
size: 4Gi
cronjob:
enabled: true
resources: {}
lifecycle: {}
securityContext: {}
service:
type: ClusterIP
port: 8080
loadBalancerIP: ""
nodePort: nil
persistence:
enabled: true
annotations: {}
existingClaim: nextcloud-webroot-pvc
accessMode: ReadWriteOnce
size: 20Gi
nextcloudData:
enabled: true
subPath:
annotations: {}
existingClaim: nextcloud-data-pvc
accessMode: ReadWriteOnce
size: 100Gi
resources: {}
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
startupProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 60
successThreshold: 1
## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
enabled: false
cputhreshold: 60
minPods: 1
maxPods: 10
nodeSelector: {}
tolerations: []
affinity: {}
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
replicaCount: 1
# Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container.
# Without it, we will use the full name of the nextcloud service
server: ""
# The metrics exporter needs to know how you serve Nextcloud either http or https
https: false
# Use API token if set, otherwise fall back to password authentication
# https://github.com/xperimental/nextcloud-exporter#token-authentication
# Currently you still need to set the token manually in your nextcloud install
token: ""
timeout: 5s
# if set to true, exporter skips certificate verification of Nextcloud server.
tlsSkipVerify: false
info:
# Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container.
# Enables gathering of apps-related metrics. Defaults to false
apps: false
image:
repository: xperimental/nextcloud-exporter
tag: 0.6.2
pullPolicy: IfNotPresent
# pullSecrets:
# - myRegistrKeySecretName
## Metrics exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
# resources: {}
## Metrics exporter pod Annotation and Labels
# podAnnotations: {}
# podLabels: {}
service:
type: ClusterIP
## Use serviceLoadBalancerIP to request a specific static IP,
## otherwise leave blank
# loadBalancerIP:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9205"
labels: {}
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
namespaceSelector:
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
interval: 30s
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
rbac:
enabled: false
serviceaccount:
create: true
name: nextcloud-serviceaccount
annotations: {}
## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
securityContext: {}
Additional context, if any
Persistence uses manually created PVCs via Lognhorn.
hooks:
pre-installation:
create_datadir: |-
sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data
The Docker image hooks do not run as root. You can't do this. They're mostly for doing things like running occ commands to set config parameters/etc or install/enable/disable Nextcloud apps.
Your entire problem goes away if you just use the default data directory. But I presume you're intentionally trying to use something other than the default for a specific reason?
