Configure datadir & external database properly

[NothingWorksToday]

Describe your Issue

Given the below environment, all pods are started correctly but the installer doesn't go through and throws those warnings (navigating to https://cloud.example.com):

1. "Cannot create or write into the data directory /opt/nextcloud/data"
   • nextcloud.datadir is set
   • nextcloud.configs.pre-installation tries to create the dir & make it accessable for the webserver's user
2. "You chose SQLite as database. SQLite should only be used for minimal and development instances. For production we recommend a different database backend. If you use clients for file syncing, the use of SQLite is highly discouraged."
   • internalDatabase is disabled
   • externalDatabase is configured
   • mariadb is configured (pointing to the same secret as externalDatabase)

Logs and Errors

Pods are fine

Describe your Environment

• Kubernetes distribution: k3s

• Helm Version: v3.14.4

• Helm Chart Version: 5.5.2

• MariaDB Version: 18.2.0 (using Bitnami sub)

• values.yaml:

## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
  repository: nextcloud
  flavor: fpm 
  # default is generated by flavor and appVersion
  tag: #29.0.4
  pullPolicy: IfNotPresent
# Number of replicas to be deployed
replicaCount: 1

ingress:
  enabled: "true"
  className: traefik
  annotations: 
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-nextcloud-headers@kubernetescrd,kube-system-nextcloud-redirectregex@kubernetescrd,kube-system-nextcloud-uploadlimit@kubernetescrd
  labels: {}
  path: /
  pathType: Prefix

phpClientHttpsFix:
  enabled: true
  protocol: https

nextcloud:
  host: example.com
  existingSecret:
    enabled: true
    secretName: nextcloud-secret
    usernameKey: NC_USERNAME
    passwordKey: NC_PASSWORD
    smtpUsernameKey: SMTP_USERNAME
    smtpPasswordKey: SMTP_PASSWORD
    smtpHostKey: SMTP_HOST
  update: 0
  containerPort: 80
  datadir: /opt/nextcloud/data
  mail:
    enabled: true 
    fromAddress: name
    domain: example.com
    smtp:
      host: 
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_HOST
      secure: '' 
      port: 587
      authtype: LOGIN
      name:
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_USERNAME
      password:  
        valueFrom:
          secretKeyRef: 
            name: nextcloud-secret
            value: SMTP_PASSWORD
  phpConfigs: 
  #  zz-opcache.ini: |-
  #      [opcache]
  #      opcache.memory_consumption=256
  #      opcache.interned_strings_buffer=8
  #      opcache.max_accelerated_files=4000
  #      opcache.revalidate_freq=60
  #      opcache.fast_shutdown=1
  #      opcache.enable_cli=1
  #      opcache.jit = 1255
  #      opcache.jit_buffer_size = 128M
  #  zz-memory_limit.ini: |-
  #      memory_limit=1024M
  #      upload_max_filesize = 16G
  #      post_max_size = 16G
  #      max_input_time 7200
  #      max_execution_time 7200
  #      upload_tmp_dir = /opt/tmp/ 
  #      output_buffering = 0

  defaultConfigs:
    # To protect /var/www/html/config
    .htaccess: true
    # Redis default configuration
    redis.config.php: true
    # Apache configuration for rewrite urls
    #apache-pretty-urls.config.php: true
    # Define APCu as local cache
    apcu.config.php: true
    # Apps directory configs
    apps.config.php: true
    # Used for auto configure database
    autoconfig.php: true
    # SMTP default configuration
    smtp.config.php: true
   configs: 
  #  custom.config.php: |-
  #      <?php
  #      $CONFIG = array (
  #        'maintenance_window_start' => 2
  #      );
  #  previews.config.php: |-
  #    <?php
  #    $CONFIG = array (
  #      'enable_previews' => true,
  #      'enabledPreviewProviders' => array (
  #        'OC\Preview\Movie',
  #        'OC\Preview\PNG',
  #        'OC\Preview\JPEG',
  #        'OC\Preview\GIF',
  #        'OC\Preview\BMP',
  #        'OC\Preview\XBitmap',
  #        'OC\Preview\MP3',
  #        'OC\Preview\MP4',
  #        'OC\Preview\TXT',
  #        'OC\Preview\MarkDown',
  #        'OC\Preview\PDF'
  #      ),
  #    );
  #  proxy.config.php: |-
  #    <?php
  #    $CONFIG = array (
  #      'trusted_proxies' => array(
  #        0 => '127.0.0.1',
  #        1 => '10.0.0.0/8',
  #        2 => 'traefik.kube-system',
  #      ),
  #      'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
  #    );
    hooks:
    pre-installation:
      create_datadir: |-
        sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data
    post-installation:
    pre-upgrade:
    post-upgrade:
    before-starting:

  strategy:
    type: Recreate

  extraInitContainers: []
  extraSidecarContainers: []
  extraVolumes:
  extraVolumeMounts:
  securityContext: {}
  podSecurityContext: {}
  mariaDbInitContainer:
    securityContext: {}
  postgreSqlInitContainer:
    securityContext: {}

nginx:
  enabled: true
  image:
    repository: nginx
    tag: alpine
    pullPolicy: IfNotPresent
  containerPort: 80

  config:
    default: true
  resources: {}
  securityContext: {}
  extraEnv: 
    - name: TRUSTED_PROXIES
      value: traefik.kube-system

internalDatabase:
  enabled: false
  name: nextcloud

externalDatabase:
  enabled: true
  type: mysql
  existingSecret:
    enabled: true
    secretName: nextcloud-mysql-secret
    usernameKey: mariadb-username
    passwordKey: mariadb-password
    databaseKey: mariadb-database

mariadb:
  enabled: true
  auth:
    database: nextcloud
    username: nextcloud
    existingSecret: nextcloud-mysql-secret

  architecture: standalone
  clusterDomain: smith.cloud 

  primary:
    persistence:
      enabled: true
      existingClaim: nextcloud-mysql-pvc
      storageClass: longhorn-static
      accessMode: ReadWriteOnce
      size: 4Gi

redis:
  enabled: true
  auth:
    enabled: true
    existingSecret: nextcloud-secret
    existingSecretPasswordKey: REDIS_PASSWORD
  clusterDomain: smith.cloud
  architecture: replication
  master:
    persistence:
      size: 4Gi 
  replica:
    replicaCount: 2
    persistence: 
      size: 4Gi 

cronjob:
  enabled: true
  resources: {}
  lifecycle: {}
  securityContext: {}

service:
  type: ClusterIP
  port: 8080
  loadBalancerIP: ""
  nodePort: nil

persistence:
  enabled: true
  annotations: {}
  existingClaim: nextcloud-webroot-pvc

  accessMode: ReadWriteOnce
  size: 20Gi

  nextcloudData:
    enabled: true
    subPath:
    annotations: {}
    existingClaim: nextcloud-data-pvc
    accessMode: ReadWriteOnce
    size: 100Gi

resources: {}

livenessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
readinessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
startupProbe:
  enabled: true
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 60
  successThreshold: 1

## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
  enabled: false
  cputhreshold: 60
  minPods: 1
  maxPods: 10

nodeSelector: {}

tolerations: []

affinity: {}

## Prometheus Exporter / Metrics
##
metrics:
  enabled: false

  replicaCount: 1
  # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container.
  # Without it, we will use the full name of the nextcloud service
  server: ""
  # The metrics exporter needs to know how you serve Nextcloud either http or https
  https: false
  # Use API token if set, otherwise fall back to password authentication
  # https://github.com/xperimental/nextcloud-exporter#token-authentication
  # Currently you still need to set the token manually in your nextcloud install
  token: ""
  timeout: 5s
  # if set to true, exporter skips certificate verification of Nextcloud server.
  tlsSkipVerify: false
  info:
    # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container.
    # Enables gathering of apps-related metrics. Defaults to false
    apps: false

  image:
    repository: xperimental/nextcloud-exporter
    tag: 0.6.2
    pullPolicy: IfNotPresent
    # pullSecrets:
    #   - myRegistrKeySecretName

  ## Metrics exporter resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  # resources: {}

  ## Metrics exporter pod Annotation and Labels
  # podAnnotations: {}

  # podLabels: {}

  service:
    type: ClusterIP
    ## Use serviceLoadBalancerIP to request a specific static IP,
    ## otherwise leave blank
    # loadBalancerIP:
    annotations:
      prometheus.io/scrape: "true"
      prometheus.io/port: "9205"
    labels: {}

  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
    ##
    enabled: false

    ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
    ##
    namespace: ""

    ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
    namespaceSelector:

    ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
    ##
    jobLabel: ""

    ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    interval: 30s

    ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    scrapeTimeout: ""

    ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
    ##
    labels: {}

rbac:
  enabled: false
  serviceaccount:
    create: true
    name: nextcloud-serviceaccount
    annotations: {}

## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
securityContext: {}

Additional context, if any

Persistence uses manually created PVCs via Lognhorn.

[joshtrichards]

    hooks:
    pre-installation:
      create_datadir: |-
        sudo mkdir /opt/nextcloud/data && sudo chown -R www-data:www-data /opt/nextcloud/data

The Docker image hooks do not run as root. You can't do this. They're mostly for doing things like running occ commands to set config parameters/etc or install/enable/disable Nextcloud apps.

Your entire problem goes away if you just use the default data directory. But I presume you're intentionally trying to use something other than the default for a specific reason?