mariadb clean setup

2022-10-22 13:12:26 -04:00
parent 991820939a
commit 3d038800ef
8 changed files with 117 additions and 41 deletions
--- a/ansible-5/roles/prod.k3s/defaults/main.yml
+++ b/ansible-5/roles/prod.k3s/defaults/main.yml
@@ -18,7 +18,7 @@ fstab:
 #      path: "/opt/shared"
 #      state: mounted
    - name: mariadb
-      path: "/opt/mariadb"
+      path: "/opt/data/db"
      state: mounted

 helm:
@@ -38,11 +38,19 @@ apps:
  stash:
    state: present
    namespace: stashapp
+
  mariadb:
-    enabled: false
-    namespace: mariadb
-  gitea:
    enabled: true
+    namespace: mariadb
+    pvc: data-mariadb-0
+    state: present
+    secrets:
+      password: faj48290q2u58vy8qphqtqj
+      root_password: q4890qhhfgq9pfg3q4uyg33
+      replication_password: 4q389hq7gf8qo47gq8374g
+
+  gitea:
+    enabled: false
    namespace: gitea
    state: present

--- a/ansible-5/roles/prod.k3s/files/mariadb/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/mariadb/values.yaml
@@ -1,17 +1,37 @@
 ---
-# mariadb values file
-
-secondary:
-  replicaCount: 0
+# Bitnami chart
+# https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml

+architecture: standalone
 image:
-#  repository: mariadb
-#  tag: 10.5
+  registry: docker.io
+  repository: bitnami/mariadb
+  tag: 10.9
+  digest: ""
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: IfNotPresent

+## MariaDB Authentication parameters
+##
 auth:
-  rootPassword: "aifuoqibcqobcqb3"
-#  existingSecret: ''
-
-#primary:
-#  persistence:
-#    existingClaim: mariadb-pv-claim
+  ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided.
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
+  ##
+#  rootPassword: ""
+  ## @param auth.database Name for a custom database to create
+  ## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
+  ##
+  database: test
+  ## @param auth.username Name for a custom user to create
+  ## ref: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
+  ##
+  username: "test"
+  ## @param auth.password Password for the new user. Ignored if existing secret is provided
+  ##
+#  password: ""
+  ## @param auth.existingSecret Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password`
+  ##
+  existingSecret: "mariadb-secrets"
--- a/ansible-5/roles/prod.k3s/tasks/deployments/mariadb.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/mariadb.yaml
@@ -2,29 +2,43 @@
 #https://github.com/bitnami/charts/tree/master/bitnami/mariadb


- name: "todo: deploy mariadb"
-  debug:
-    msg: "TODO: write deployment tasks"

 - name: Create a namespace for mariadb
  k8s:
    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
-    name: mariadb
+    name: "{{apps.mariadb.namespace}}"
    api_version: v1
    kind: Namespace
-    state: present
+    state: "{{apps.mariadb.state}}"
  become: true

 - name: create persistent volume resources
  kubernetes.core.k8s:
    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
-    state: present
+    state: "{{apps.mariadb.state}}"
    definition: "{{ lookup('template', item) | from_yaml }}"
  loop:
    - mariadb/pv.yaml
    - mariadb/pv-claim.yaml
  become: true

+- name: create secret for mariadb
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.mariadb.state}}"
+    definition:
+      apiVersion: v1
+      kind: Secret
+      type: Opaque
+      metadata:
+        name: mariadb-secrets
+        namespace: "{{apps.mariadb.namespace}}"
+      stringData:
+        mariadb-password: "{{apps.mariadb.secrets.password}}"
+        mariadb-root-password: "{{apps.mariadb.secrets.root_password}}"
+        mariadb-replication-password: "{{apps.mariadb.secrets.replication_password}}"
+  become: true
+
 - name: Install mariadb globally available
  block:
    - name: Add mariadb chart helm repo
@@ -41,9 +55,9 @@
    - name: Install mariadb Release
      local_action:
        module: kubernetes.core.helm
-        release_state: present
-        name: "{{apps.mariadb.namespace}}"
-        namespace: mariadb
+        release_state: "{{apps.mariadb.state}}"
+        name: mariadb
+        namespace: "{{apps.mariadb.namespace}}"
        create_namespace: yes
        update_repo_cache: True
        chart_ref: bitnami/mariadb
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -16,8 +16,9 @@
 - name: deploy stash
  include_tasks: deployments/stash.yaml

-#- name: deploy mariadb
-#  include_tasks: deployments/mariadb.yaml
+- name: deploy mariadb
+  include_tasks: deployments/mariadb.yaml
+  when: apps.mariadb.enabled

 - name: deploy gitea
  include_tasks: deployments/gitea.yaml
--- a/ansible-5/roles/prod.k3s/templates/mariadb/pv-claim.yaml
+++ b/ansible-5/roles/prod.k3s/templates/mariadb/pv-claim.yaml
@@ -2,8 +2,8 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: "{{apps.mariadb.namespace}}"
-  namespace: mariadb
+  name: "{{apps.mariadb.pvc}}"
+  namespace: "{{apps.mariadb.namespace}}"
 spec:
  storageClassName: manual
  accessModes:
--- a/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml
+++ b/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml
@@ -13,5 +13,5 @@ spec:
  accessModes:
    - ReadWriteOnce
  hostPath:
-    path: "/opt/mariadb"
+    path: "/opt/data/db/mariadb-10.9"