From d72874c7ed215589b00dbc05c97ef69b78f6ed60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sat, 8 Mar 2025 09:22:08 +0000 Subject: [PATCH] feat: hosting on k3s --- .gitea/workflows/ docker-image.deploy.yml | 32 ----- .gitignore | 1 + .vscode/settings.json | 5 - compose.yaml | 62 --------- docker/Dockerfile | 2 - ingress.yml | 58 +++++++++ jobs/backup/backup-cronjob.yaml | 129 +++++++++++++++++++ jobs/backup/secret-deploy.sh | 8 ++ jobs/backup/secret.yaml | 13 ++ jobs/backup/tests/mysql-client-test-pod.yaml | 63 +++++++++ local/.gitignore | 2 + nexcloud/.gitignore | 1 + nexcloud/helm-up.sh | 5 + nexcloud/values.yaml | 73 +++++++++++ 14 files changed, 353 insertions(+), 101 deletions(-) delete mode 100644 .gitea/workflows/ docker-image.deploy.yml delete mode 100644 .vscode/settings.json delete mode 100644 compose.yaml delete mode 100644 docker/Dockerfile create mode 100644 ingress.yml create mode 100644 jobs/backup/backup-cronjob.yaml create mode 100755 jobs/backup/secret-deploy.sh create mode 100644 jobs/backup/secret.yaml create mode 100644 jobs/backup/tests/mysql-client-test-pod.yaml create mode 100644 local/.gitignore create mode 100644 nexcloud/.gitignore create mode 100755 nexcloud/helm-up.sh create mode 100644 nexcloud/values.yaml diff --git a/.gitea/workflows/ docker-image.deploy.yml b/.gitea/workflows/ docker-image.deploy.yml deleted file mode 100644 index b8b202c..0000000 --- a/.gitea/workflows/ docker-image.deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -on: - push: - paths: - - "docker/**" - - ".gitea/**" - # schedule: - # - cron: "0 02 * * *" -jobs: - - build-docker-image: - runs-on: ubuntu-latest - - steps: - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Log in to git.limbosolutions.com docker registry - uses: docker/login-action@v3 - with: - registry: git.limbosolutions.com - username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }} - password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }} - - - name: Build and push Docker images - id: push - uses: docker/build-push-action@v6 - with: - context: . - file: ${{gitea.workspace}}/docker/Dockerfile - push: true - tags: git.limbosolutions.com/kb/nextcloud \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8b476b2..6d6decb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ **.env.** .env localSettings +archive diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 7f014d2..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "cSpell.words": [ - "nextcloud" - ] -} \ No newline at end of file diff --git a/compose.yaml b/compose.yaml deleted file mode 100644 index 6f0670b..0000000 --- a/compose.yaml +++ /dev/null @@ -1,62 +0,0 @@ -version: '2' -services: - db: - image: mariadb:10.5 - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - networks: - - cloud_limbosolutions_com_private - restart: unless-stopped - app: - image: git.limbosolutions.com/kb/nextcloud - container_name: cloud_limbosolutions_com-nextcloud - links: - - db - volumes: - - html:/var/www/html - environment: - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - - MYSQL_HOST=db - - PHP_MEMORY_LIMIT=2048M - networks: - - cloud_limbosolutions_com_private - - wan_reverse_proxy_public - restart: unless-stopped - duplicati: - image: git.limbosolutions.com/kb/duplicati:mysql-latest - container_name: cloud_limbosolutions_com-duplicati - environment: - - MYSQL_HOST=db - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - MYSQL_BACKUP_FOLDER=/bck/db-dumps - volumes: - - duplicati_data:/data - - db:/bck/db_data:ro - - html:/bck/app_data:ro - - duplicati_data:/bck/duplicati_data:ro - - db-dumps:/bck/db_dumps - networks: - - cloud_limbosolutions_com_private - - wan_reverse_proxy_public - restart: unless-stopped - #ports: - # - 8200:8200 -volumes: - html: - db: - duplicati_data: - db-dumps: -networks: - cloud_limbosolutions_com_private: - wan_reverse_proxy_public: - external: true diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 0988dbe..0000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM nextcloud:31 -RUN apt update;apt install -y smbclient libsmbclient-dev;pecl install smbclient;echo "extension=smbclient.so" >> /usr/local/etc/php/conf.d/nextcloud.ini; echo "extension=smbclient.so" >> /usr/local/etc/php.ini \ No newline at end of file diff --git a/ingress.yml b/ingress.yml new file mode 100644 index 0000000..d95a893 --- /dev/null +++ b/ingress.yml @@ -0,0 +1,58 @@ +# not in use. remove and add to kb +apiVersion: v1 +kind: Endpoints +metadata: + name: cloud-limbosolutions-com-service + namespace: cloud-limbosolutions-com +subsets: +- addresses: + - ip: 192.168.13.2 + ports: + - name: app + port: 4000 + protocol: TCP + + +--- + +apiVersion: v1 +kind: Service +metadata: + name: cloud-limbosolutions-com-service + namespace: cloud-limbosolutions-com +spec: + ports: + - name: app + port: 4000 + protocol: TCP + targetPort: 4000 + clusterIP: None + type: ClusterIP + + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cloud-limbosolutions-com-ingress + namespace: cloud-limbosolutions-com + # annotations: + # cert-manager.io/cluster-issuer: "letsencrypt-staging" + # traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + # tls: + # - hosts: + # - minio.example.com + # secretName: tls-example-com + rules: + - host: cloud.icharus.dev.lan + http: + paths: + - backend: + service: + name: cloud-limbosolutions-com-service + port: + number: 4000 + path: / + pathType: Prefix \ No newline at end of file diff --git a/jobs/backup/backup-cronjob.yaml b/jobs/backup/backup-cronjob.yaml new file mode 100644 index 0000000..b30234e --- /dev/null +++ b/jobs/backup/backup-cronjob.yaml @@ -0,0 +1,129 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backup + namespace: cloud-limbosolutions-com +spec: + schedule: "0 2 * * *" + jobTemplate: + spec: + backoffLimit: 1 + template: + spec: + restartPolicy: Never + initContainers: + - name: mariadb-client + resources: + limits: + memory: "512Mi" + cpu: "500m" + requests: + memory: "256Mi" + cpu: "250m" + image: bitnami/mysql:latest + command: ["bash", "-c"] + args: + - | + #while true; do sleep 30; done + mkdir -p /data/mariadb-export + echo "INFO: Exporting database" + mysqldump --column-statistics=0 -u ${DB_USER} -p${DB_PASSWORD} -h ${DB_HOST} ${DB_NAME} > /data/mariadb-export/backup.sql + if [ $? -ne 0 ]; then + echo "ERROR: Exporting database failed" + exit 1 + fi + echo "INFO: Exporting database finished" + + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-username + + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-password + + - name: DB_NAME + valueFrom: + secretKeyRef: + name: backup-secret + key: DB_NAME + + - name: DB_HOST + valueFrom: + secretKeyRef: + name: backup-secret + key: DB_HOST + + volumeMounts: + - name: backup-var + mountPath: /data/mariadb-export + subPath: mariadb-export + + + containers: + - name: gitea-pbs-client + image: git.limbosolutions.com/kb/pbsclient + env: + - name: MODE + value: shell + - name: PBS_REPOSITORY + valueFrom: + secretKeyRef: + name: backup-secret + key: PBS_REPOSITORY + - name: PBS_PASSWORD + valueFrom: + secretKeyRef: + name: backup-secret + key: PBS_PASSWORD + - name: PBS_FINGERPRINT + valueFrom: + secretKeyRef: + name: backup-secret + key: PBS_FINGERPRINT + + command: ["bash", "-c"] + args: + - | + proxmox-backup-client backup nextcloud-html.pxar:/data/nextcloud-html nextcloud-data.pxar:/data/nextcloud-data mariadb-data.pxar:/data/mariadb-data mariadb-export.pxar:/data/mariadb-export --include-dev /data/nextcloud-html --include-dev /data/nextcloud-data --include-dev /data/mariadb-data --include-dev /data/mariadb-export --backup-id "nextcloud-full" -ns cloud.limbosolutions.com + echo "INFO: cloud.limbosolutions.com finished" + + volumeMounts: + - name: nextcloud-html + mountPath: /data/nextcloud-html + + - name: nextcloud-data + mountPath: /data/nextcloud-data + + - name: db-data + mountPath: /data/mariadb-data + + - name: backup-var + mountPath: /tmp + subPath: tmp + + - name: backup-var + mountPath: /data/mariadb-export + subPath: mariadb-export + + volumes: + - name: nextcloud-html + persistentVolumeClaim: + claimName: nextcloud-nextcloud + + - name: nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-nextcloud-data + + - name: db-data + persistentVolumeClaim: + claimName: data-nextcloud-mariadb-0 + + - name: backup-var + emptyDir: {} + diff --git a/jobs/backup/secret-deploy.sh b/jobs/backup/secret-deploy.sh new file mode 100755 index 0000000..2cd37b8 --- /dev/null +++ b/jobs/backup/secret-deploy.sh @@ -0,0 +1,8 @@ +#/bin/bash + +# set source env variables +. ./.env +export $(cut -d= -f1 ./.env) + + +envsubst < secret.yaml | kubectl apply -f - \ No newline at end of file diff --git a/jobs/backup/secret.yaml b/jobs/backup/secret.yaml new file mode 100644 index 0000000..0c124e7 --- /dev/null +++ b/jobs/backup/secret.yaml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: backup-secret + namespace: cloud-limbosolutions-com +data: + PBS_REPOSITORY: ${PBS_REPOSITORY} + PBS_PASSWORD: ${PBS_PASSWORD} + PBS_FINGERPRINT: ${PBS_FINGERPRINT} + DB_NAME: ${DB_NAME} + DB_HOST: ${DB_HOST} + # get sql client user and password from nextcloud secret \ No newline at end of file diff --git a/jobs/backup/tests/mysql-client-test-pod.yaml b/jobs/backup/tests/mysql-client-test-pod.yaml new file mode 100644 index 0000000..43eb7cd --- /dev/null +++ b/jobs/backup/tests/mysql-client-test-pod.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mariadb-client-test-pod + namespace: cloud-limbosolutions-com +spec: + containers: + - name: mariadb-client + resources: + limits: + memory: "512Mi" + cpu: "500m" + requests: + memory: "256Mi" + cpu: "250m" + image: bitnami/mysql:latest + command: ["bash", "-c"] + args: + - | + #while true; do sleep 30; done + mkdir -p /data/mariadb-export + echo "INFO: Exporting database" + mysqldump --column-statistics=0 -u ${DB_USER} -p${DB_PASSWORD} -h ${DB_HOST} ${DB_NAME} > /data/mariadb-export/backup.sql + if [ $? -ne 0 ]; then + echo "ERROR: Exporting database failed" + exit 1 + fi + echo "INFO: Exporting database finished" + + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-username + + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-password + + - name: DB_NAME + valueFrom: + secretKeyRef: + name: backup-secret + key: DB_NAME + + - name: DB_HOST + valueFrom: + secretKeyRef: + name: backup-secret + key: DB_HOST + + volumeMounts: + - name: backup-var + mountPath: /data/mariadb-export + subPath: mariadb-export + + + volumes: + - name: backup-var + emptyDir: {} \ No newline at end of file diff --git a/local/.gitignore b/local/.gitignore new file mode 100644 index 0000000..d29675e --- /dev/null +++ b/local/.gitignore @@ -0,0 +1,2 @@ +** +!.gitignore \ No newline at end of file diff --git a/nexcloud/.gitignore b/nexcloud/.gitignore new file mode 100644 index 0000000..ecf0016 --- /dev/null +++ b/nexcloud/.gitignore @@ -0,0 +1 @@ +**.local**.yaml \ No newline at end of file diff --git a/nexcloud/helm-up.sh b/nexcloud/helm-up.sh new file mode 100755 index 0000000..8856708 --- /dev/null +++ b/nexcloud/helm-up.sh @@ -0,0 +1,5 @@ +#!/bin/bash +helm upgrade --install nextcloud nextcloud/nextcloud \ +--values ./values.yaml \ +--values ./values.local.yaml \ +--namespace=cloud-limbosolutions-com diff --git a/nexcloud/values.yaml b/nexcloud/values.yaml new file mode 100644 index 0000000..ac6537b --- /dev/null +++ b/nexcloud/values.yaml @@ -0,0 +1,73 @@ +image: + repository: nextcloud + flavor: apache + tag: + pullPolicy: Always + +replicaCount: 1 + + +internalDatabase: + enabled: false + +externalDatabase: + enabled: type + type: mysql + + +mariadb: + enabled: true + architecture: standalone + + primary: + persistence: + enabled: true + existingClaim: "" + storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + + +service: + type: ClusterIP + port: 8080 + loadBalancerIP: "" + nodePort: + +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 8Gi + + nextcloudData: + enabled: true + subPath: + annotations: {} + accessMode: ReadWriteOnce + size: 8Gi + +#limits: +# cpu: 100m +# memory: 128Mi +#requests: +# cpu: 100m +# memory: 128Mi + + +ingress: + enabled: true + className: traefik + annotations: + kubernetes.io/ingress.class: traefik + hosts: + - host: cloud.limbosolutions.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: cloud-limbosolutions-com-secret-tls + hosts: + - "cloud.limbosolutions.com" + + +