feat: hosting on k3s

2025-03-08 09:22:08 +00:00
parent 2653e36e69
commit d72874c7ed
14 changed files with 353 additions and 101 deletions
--- a/docker-image.deploy.yml
+++ b/docker-image.deploy.yml
@@ -1,32 +0,0 @@
-on: 
-  push:
-    paths:
-      - "docker/**"
-      - ".gitea/**"
-  # schedule:
-  # - cron: "0 02 * * *"   
-jobs:
- 
-  build-docker-image:
-    runs-on: ubuntu-latest
- 
-    steps:
- 
-      - name: Checkout code
-        uses: actions/checkout@v2
-   
-      - name: Log in to git.limbosolutions.com docker registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.limbosolutions.com
-          username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }}
-          password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }}
-
-      - name: Build and push Docker images
-        id: push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file:  ${{gitea.workspace}}/docker/Dockerfile
-          push: true
-          tags: git.limbosolutions.com/kb/nextcloud
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 **.env.**
 .env
 localSettings
+archive
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +0,0 @@
-{
-    "cSpell.words": [
-        "nextcloud"
-    ]
-}
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,62 +0,0 @@
-version: '2'
-services:
-  db:
-    image: mariadb:10.5
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - db:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE=${MYSQL_DATABASE}
-      - MYSQL_USER=${MYSQL_USER}
-    networks:
-      - cloud_limbosolutions_com_private
-    restart: unless-stopped
-  app:
-    image: git.limbosolutions.com/kb/nextcloud
-    container_name: cloud_limbosolutions_com-nextcloud
-    links:
-      - db
-    volumes:
-      - html:/var/www/html
-    environment:
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE=${MYSQL_DATABASE}
-      - MYSQL_USER=${MYSQL_USER}
-      - MYSQL_HOST=db
-      - PHP_MEMORY_LIMIT=2048M
-    networks:
-      - cloud_limbosolutions_com_private
-      - wan_reverse_proxy_public
-    restart: unless-stopped
-  duplicati: 
-    image: git.limbosolutions.com/kb/duplicati:mysql-latest
-    container_name: cloud_limbosolutions_com-duplicati
-    environment:
-      - MYSQL_HOST=db
-      - MYSQL_DATABASE=${MYSQL_DATABASE}
-      - MYSQL_USER=${MYSQL_USER}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_BACKUP_FOLDER=/bck/db-dumps
-    volumes:
-      - duplicati_data:/data
-      - db:/bck/db_data:ro
-      - html:/bck/app_data:ro
-      - duplicati_data:/bck/duplicati_data:ro
-      - db-dumps:/bck/db_dumps
-    networks:
-      - cloud_limbosolutions_com_private
-      - wan_reverse_proxy_public
-    restart: unless-stopped
-    #ports:
-    #  - 8200:8200
-volumes:
-   html:
-   db:
-   duplicati_data:
-   db-dumps:
-networks:
-  cloud_limbosolutions_com_private:
-  wan_reverse_proxy_public:
-    external: true
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,2 +0,0 @@
-FROM nextcloud:31
-RUN apt update;apt install -y smbclient libsmbclient-dev;pecl install smbclient;echo "extension=smbclient.so" >> /usr/local/etc/php/conf.d/nextcloud.ini; echo "extension=smbclient.so" >> /usr/local/etc/php.ini
--- a/ingress.yml
+++ b/ingress.yml
@@ -0,0 +1,58 @@
+# not in use. remove and add to kb
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name:  cloud-limbosolutions-com-service
+  namespace: cloud-limbosolutions-com
+subsets:
+- addresses:
+  - ip: 192.168.13.2
+  ports:
+  - name: app
+    port: 4000
+    protocol: TCP
+
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: cloud-limbosolutions-com-service
+  namespace: cloud-limbosolutions-com
+spec:
+  ports:
+  - name: app
+    port: 4000
+    protocol: TCP
+    targetPort: 4000
+  clusterIP: None
+  type: ClusterIP
+
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cloud-limbosolutions-com-ingress
+  namespace: cloud-limbosolutions-com
+  # annotations:
+  #   cert-manager.io/cluster-issuer: "letsencrypt-staging"
+  #   traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  # tls:
+  # - hosts:
+  #   - minio.example.com
+  #   secretName: tls-example-com
+  rules:
+  - host: cloud.icharus.dev.lan
+    http:
+      paths:
+      - backend:
+          service:
+            name: cloud-limbosolutions-com-service
+            port:
+              number: 4000
+        path: /
+        pathType: Prefix
--- a/jobs/backup/backup-cronjob.yaml
+++ b/jobs/backup/backup-cronjob.yaml
@@ -0,0 +1,129 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup
+  namespace: cloud-limbosolutions-com
+spec:
+  schedule: "0 2 * * *"
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        spec:
+          restartPolicy: Never
+          initContainers:
+            - name: mariadb-client
+              resources:
+                limits:
+                  memory: "512Mi"
+                  cpu: "500m"
+                requests:
+                  memory: "256Mi"
+                  cpu: "250m"
+              image: bitnami/mysql:latest
+              command: ["bash", "-c"]
+              args:
+                - |
+                  #while true; do sleep 30; done
+                  mkdir -p /data/mariadb-export
+                  echo "INFO: Exporting database"
+                  mysqldump --column-statistics=0 -u ${DB_USER} -p${DB_PASSWORD} -h ${DB_HOST} ${DB_NAME} > /data/mariadb-export/backup.sql
+                  if [ $? -ne 0 ]; then
+                    echo "ERROR: Exporting database failed"
+                    exit 1
+                  fi
+                  echo "INFO: Exporting database finished"
+            
+              env:
+                - name: DB_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: nextcloud-db
+                      key: db-username
+
+                - name: DB_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: nextcloud-db
+                      key: db-password
+              
+                - name: DB_NAME
+                  valueFrom: 
+                    secretKeyRef:
+                      name: backup-secret
+                      key: DB_NAME       
+                
+                - name: DB_HOST
+                  valueFrom: 
+                    secretKeyRef:
+                      name: backup-secret
+                      key: DB_HOST  
+
+              volumeMounts:
+              - name: backup-var
+                mountPath: /data/mariadb-export
+                subPath: mariadb-export
+
+
+          containers:
+            - name: gitea-pbs-client
+              image: git.limbosolutions.com/kb/pbsclient
+              env:  
+                - name: MODE
+                  value: shell
+                - name: PBS_REPOSITORY
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key:  PBS_REPOSITORY
+                - name: PBS_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: PBS_PASSWORD
+                - name: PBS_FINGERPRINT
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: PBS_FINGERPRINT
+
+              command: ["bash", "-c"]
+              args:
+                - |
+                  proxmox-backup-client backup nextcloud-html.pxar:/data/nextcloud-html nextcloud-data.pxar:/data/nextcloud-data mariadb-data.pxar:/data/mariadb-data mariadb-export.pxar:/data/mariadb-export --include-dev /data/nextcloud-html  --include-dev /data/nextcloud-data  --include-dev /data/mariadb-data  --include-dev /data/mariadb-export --backup-id "nextcloud-full" -ns cloud.limbosolutions.com
+                  echo "INFO: cloud.limbosolutions.com finished"
+
+              volumeMounts:
+              - name: nextcloud-html
+                mountPath: /data/nextcloud-html
+
+              - name: nextcloud-data
+                mountPath: /data/nextcloud-data
+
+              - name: db-data
+                mountPath: /data/mariadb-data
+
+              - name: backup-var
+                mountPath: /tmp
+                subPath: tmp
+ 
+              - name: backup-var
+                mountPath: /data/mariadb-export
+                subPath: mariadb-export
+
+          volumes:
+            - name: nextcloud-html
+              persistentVolumeClaim:
+                claimName: nextcloud-nextcloud
+
+            - name: nextcloud-data
+              persistentVolumeClaim:
+                claimName: nextcloud-nextcloud-data
+
+            - name: db-data
+              persistentVolumeClaim:
+                claimName: data-nextcloud-mariadb-0
+
+            - name: backup-var
+              emptyDir: {}
+
--- a/jobs/backup/secret-deploy.sh
+++ b/jobs/backup/secret-deploy.sh
@@ -0,0 +1,8 @@
+#/bin/bash
+
+# set source env variables
+. ./.env
+export $(cut -d= -f1 ./.env)
+
+
+envsubst < secret.yaml | kubectl apply -f -
--- a/jobs/backup/secret.yaml
+++ b/jobs/backup/secret.yaml
@@ -0,0 +1,13 @@
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backup-secret
+  namespace: cloud-limbosolutions-com
+data:
+  PBS_REPOSITORY: ${PBS_REPOSITORY}
+  PBS_PASSWORD: ${PBS_PASSWORD}
+  PBS_FINGERPRINT: ${PBS_FINGERPRINT}
+  DB_NAME: ${DB_NAME}
+  DB_HOST: ${DB_HOST}
+  # get sql client user and password from nextcloud secret
--- a/jobs/backup/tests/mysql-client-test-pod.yaml
+++ b/jobs/backup/tests/mysql-client-test-pod.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mariadb-client-test-pod
+  namespace: cloud-limbosolutions-com
+spec:
+  containers:
+  - name: mariadb-client
+    resources:
+      limits:
+        memory: "512Mi"
+        cpu: "500m"
+      requests:
+        memory: "256Mi"
+        cpu: "250m"
+    image: bitnami/mysql:latest
+    command: ["bash", "-c"]
+    args:
+      - |
+        #while true; do sleep 30; done
+        mkdir -p /data/mariadb-export
+        echo "INFO: Exporting database"
+        mysqldump --column-statistics=0 -u ${DB_USER} -p${DB_PASSWORD} -h ${DB_HOST} ${DB_NAME} > /data/mariadb-export/backup.sql
+        if [ $? -ne 0 ]; then
+          echo "ERROR: Exporting database failed"
+          exit 1
+        fi
+        echo "INFO: Exporting database finished"
+   
+    env:
+      - name: DB_USER
+        valueFrom:
+          secretKeyRef:
+            name: nextcloud-db
+            key: db-username
+
+      - name: DB_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: nextcloud-db
+            key: db-password
+     
+      - name: DB_NAME
+        valueFrom: 
+           secretKeyRef:
+            name: backup-secret
+            key: DB_NAME       
+      
+      - name: DB_HOST
+        valueFrom: 
+           secretKeyRef:
+            name: backup-secret
+            key: DB_HOST  
+
+    volumeMounts:
+    - name: backup-var
+      mountPath: /data/mariadb-export
+      subPath: mariadb-export
+
+
+  volumes:
+  - name: backup-var
+    emptyDir: {}
--- a/local/.gitignore
+++ b/local/.gitignore
@@ -0,0 +1,2 @@
+**
+!.gitignore
--- a/nexcloud/.gitignore
+++ b/nexcloud/.gitignore
@@ -0,0 +1 @@
+**.local**.yaml
--- a/nexcloud/helm-up.sh
+++ b/nexcloud/helm-up.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+helm upgrade --install nextcloud nextcloud/nextcloud \
+--values ./values.yaml \
+--values ./values.local.yaml \
+--namespace=cloud-limbosolutions-com
--- a/nexcloud/values.yaml
+++ b/nexcloud/values.yaml
@@ -0,0 +1,73 @@
+image:
+  repository: nextcloud
+  flavor: apache
+  tag:
+  pullPolicy: Always
+  
+replicaCount: 1
+
+
+internalDatabase:
+  enabled: false
+
+externalDatabase:
+  enabled: type
+  type: mysql
+
+
+mariadb:
+  enabled: true
+  architecture: standalone
+
+  primary:
+    persistence:
+      enabled: true
+      existingClaim: ""
+      storageClass: ""
+      accessMode: ReadWriteOnce
+      size: 8Gi
+
+
+service:
+  type: ClusterIP
+  port: 8080
+  loadBalancerIP: ""
+  nodePort:
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 8Gi
+
+  nextcloudData:
+    enabled: true
+    subPath:
+    annotations: {}
+    accessMode: ReadWriteOnce
+    size: 8Gi
+
+#limits:
+#  cpu: 100m
+#  memory: 128Mi
+#requests:
+#  cpu: 100m
+#  memory: 128Mi
+
+
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    kubernetes.io/ingress.class: traefik
+  hosts:
+    - host: cloud.limbosolutions.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: cloud-limbosolutions-com-secret-tls
+      hosts:
+       - "cloud.limbosolutions.com"
+
+
+