Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure datadir & external database properly #620

Open
NothingWorksToday opened this issue Aug 11, 2024 · 1 comment
Open

Configure datadir & external database properly #620

NothingWorksToday opened this issue Aug 11, 2024 · 1 comment
Labels
needs info Not enough information provided question Further information is requested

Comments

@NothingWorksToday
Copy link

Describe your Issue

Given the below environment, all pods are started correctly but the installer doesn't go through and throws those warnings (navigating to https://cloud.example.com):

  1. "Cannot create or write into the data directory /opt/nextcloud/data"
    • nextcloud.datadir is set
    • nextcloud.configs.pre-installation tries to create the dir & make it accessable for the webserver's user
  2. "You chose SQLite as database. SQLite should only be used for minimal and development instances. For production we recommend a different database backend. If you use clients for file syncing, the use of SQLite is highly discouraged."
    • internalDatabase is disabled
    • externalDatabase is configured
    • mariadb is configured (pointing to the same secret as externalDatabase)

Bildschirmfoto 2024-08-11 um 19 25 25

Logs and Errors

Pods are fine

Describe your Environment

  • Kubernetes distribution: k3s

  • Helm Version: v3.14.4

  • Helm Chart Version: 5.5.2

  • MariaDB Version: 18.2.0 (using Bitnami sub)

  • values.yaml:

## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
  repository: nextcloud
  flavor: fpm 
  # default is generated by flavor and appVersion
  tag: #29.0.4
  pullPolicy: IfNotPresent
# Number of replicas to be deployed
replicaCount: 1

ingress:
  enabled: "true"
  className: traefik
  annotations: 
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-nextcloud-headers@kubernetescrd,kube-system-nextcloud-redirectregex@kubernetescrd,kube-system-nextcloud-uploadlimit@kubernetescrd
  labels: {}
  path: /
  pathType: Prefix

phpClientHttpsFix:
  enabled: true
  protocol: https

nextcloud:
  host: example.com
  existingSecret:
    enabled: true
    secretName: nextcloud-secret
    usernameKey: NC_USERNAME
    passwordKey: NC_PASSWORD
    smtpUsernameKey: SMTP_USERNAME
    smtpPasswordKey: SMTP_PASSWORD
    smtpHostKey: SMTP_HOST
  update: 0
  containerPort: 80
  datadir: /opt/nextcloud/data
  mail:
    enabled: true 
    fromAddress: name
    domain: example.com
    smtp:
      host: 
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_HOST
      secure: '' 
      port: 587
      authtype: LOGIN
      name:
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_USERNAME
      password:  
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_PASSWORD
  phpConfigs: 
  #  zz-opcache.ini: |-
  #      [opcache]
  #      opcache.memory_consumption=256
  #      opcache.interned_strings_buffer=8
  #      opcache.max_accelerated_files=4000
  #      opcache.revalidate_freq=60
  #      opcache.fast_shutdown=1
  #      opcache.enable_cli=1
  #      opcache.jit = 1255
  #      opcache.jit_buffer_size = 128M
  #  zz-memory_limit.ini: |-
  #      memory_limit=1024M
  #      upload_max_filesize = 16G
  #      post_max_size = 16G
  #      max_input_time 7200
  #      max_execution_time 7200
  #      upload_tmp_dir = /opt/tmp/ 
  #      output_buffering = 0

  defaultConfigs:
    # To protect /var/www/html/config
    .htaccess: true
    # Redis default configuration
    redis.config.php: true
    # Apache configuration for rewrite urls
    #apache-pretty-urls.config.php: true
    # Define APCu as local cache
    apcu.config.php: true
    # Apps directory configs
    apps.config.php: true
    # Used for auto configure database
    autoconfig.php: true
    # SMTP default configuration
    smtp.config.php: true
   configs: 
  #  custom.config.php: |-
  #      <?php
  #      $CONFIG = array (
  #        'maintenance_window_start' => 2
  #      );
  #  previews.config.php: |-
  #    <?php
  #    $CONFIG = array (
  #      'enable_previews' => true,
  #      'enabledPreviewProviders' => array (
  #        'OC\Preview\Movie',
  #        'OC\Preview\PNG',
  #        'OC\Preview\JPEG',
  #        'OC\Preview\GIF',
  #        'OC\Preview\BMP',
  #        'OC\Preview\XBitmap',
  #        'OC\Preview\MP3',
  #        'OC\Preview\MP4',
  #        'OC\Preview\TXT',
  #        'OC\Preview\MarkDown',
  #        'OC\Preview\PDF'
  #      ),
  #    );
  #  proxy.config.php: |-
  #    <?php
  #    $CONFIG = array (
  #      'trusted_proxies' => array(
  #        0 => '127.0.0.1',
  #        1 => '10.0.0.0/8',
  #        2 => 'traefik.kube-system',
  #      ),
  #      'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
  #    );
    hooks:
    pre-installation:
      create_datadir: |-
        sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data
    post-installation:
    pre-upgrade:
    post-upgrade:
    before-starting:

  strategy:
    type: Recreate
  
  extraInitContainers: []
  extraSidecarContainers: []
  extraVolumes:
  extraVolumeMounts:
  securityContext: {}
  podSecurityContext: {}
  mariaDbInitContainer:
    securityContext: {}
  postgreSqlInitContainer:
    securityContext: {}

nginx:
  enabled: true
  image:
    repository: nginx
    tag: alpine
    pullPolicy: IfNotPresent
  containerPort: 80

  config:
    default: true
  resources: {}
  securityContext: {}
  extraEnv: 
    - name: TRUSTED_PROXIES
      value: traefik.kube-system

internalDatabase:
  enabled: false
  name: nextcloud

externalDatabase:
  enabled: true
  type: mysql
  existingSecret:
    enabled: true
    secretName: nextcloud-mysql-secret
    usernameKey: mariadb-username
    passwordKey: mariadb-password
    databaseKey: mariadb-database

mariadb:
  enabled: true
  auth:
    database: nextcloud
    username: nextcloud
    existingSecret: nextcloud-mysql-secret

  architecture: standalone
  clusterDomain: smith.cloud 

  primary:
    persistence:
      enabled: true
      existingClaim: nextcloud-mysql-pvc
      storageClass: longhorn-static
      accessMode: ReadWriteOnce
      size: 4Gi

redis:
  enabled: true
  auth:
    enabled: true
    existingSecret: nextcloud-secret
    existingSecretPasswordKey: REDIS_PASSWORD
  clusterDomain: smith.cloud
  architecture: replication
  master:
    persistence:
      size: 4Gi 
  replica:
    replicaCount: 2
    persistence: 
      size: 4Gi 

cronjob:
  enabled: true
  resources: {}
  lifecycle: {}
  securityContext: {}

service:
  type: ClusterIP
  port: 8080
  loadBalancerIP: ""
  nodePort: nil

persistence:
  enabled: true
  annotations: {}
  existingClaim: nextcloud-webroot-pvc

  accessMode: ReadWriteOnce
  size: 20Gi

  nextcloudData:
    enabled: true
    subPath:
    annotations: {}
    existingClaim: nextcloud-data-pvc
    accessMode: ReadWriteOnce
    size: 100Gi

resources: {}

livenessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
readinessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
startupProbe:
  enabled: true
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 60
  successThreshold: 1


## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
  enabled: false
  cputhreshold: 60
  minPods: 1
  maxPods: 10

nodeSelector: {}

tolerations: []

affinity: {}


## Prometheus Exporter / Metrics
##
metrics:
  enabled: false

  replicaCount: 1
  # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container.
  # Without it, we will use the full name of the nextcloud service
  server: ""
  # The metrics exporter needs to know how you serve Nextcloud either http or https
  https: false
  # Use API token if set, otherwise fall back to password authentication
  # https://github.com/xperimental/nextcloud-exporter#token-authentication
  # Currently you still need to set the token manually in your nextcloud install
  token: ""
  timeout: 5s
  # if set to true, exporter skips certificate verification of Nextcloud server.
  tlsSkipVerify: false
  info:
    # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container.
    # Enables gathering of apps-related metrics. Defaults to false
    apps: false

  image:
    repository: xperimental/nextcloud-exporter
    tag: 0.6.2
    pullPolicy: IfNotPresent
    # pullSecrets:
    #   - myRegistrKeySecretName

  ## Metrics exporter resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  # resources: {}

  ## Metrics exporter pod Annotation and Labels
  # podAnnotations: {}

  # podLabels: {}

  service:
    type: ClusterIP
    ## Use serviceLoadBalancerIP to request a specific static IP,
    ## otherwise leave blank
    # loadBalancerIP:
    annotations:
      prometheus.io/scrape: "true"
      prometheus.io/port: "9205"
    labels: {}

  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
    ##
    enabled: false

    ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
    ##
    namespace: ""

    ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
    namespaceSelector:

    ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
    ##
    jobLabel: ""

    ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    interval: 30s

    ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    scrapeTimeout: ""

    ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
    ##
    labels: {}

rbac:
  enabled: false
  serviceaccount:
    create: true
    name: nextcloud-serviceaccount
    annotations: {}

## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
securityContext: {}

Additional context, if any

Persistence uses manually created PVCs via Lognhorn.
@joshtrichards
Copy link
Member

joshtrichards commented Sep 8, 2024
edited
Loading 

    hooks:
    pre-installation:
      create_datadir: |-
        sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data

The Docker image hooks do not run as root. You can't do this. They're mostly for doing things like running occ commands to set config parameters/etc or install/enable/disable Nextcloud apps.

Your entire problem goes away if you just use the default data directory. But I presume you're intentionally trying to use something other than the default for a specific reason?

@joshtrichards joshtrichards added needs info Not enough information provided question Further information is requested labels Sep 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs info Not enough information provided question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshtrichards @NothingWorksToday