diff --git a/applications/20-databases/mariadb.yaml b/applications/20-databases/mariadb.yaml index 4ae8b0d..51ba483 100644 --- a/applications/20-databases/mariadb.yaml +++ b/applications/20-databases/mariadb.yaml @@ -1,5 +1,4 @@ --- -# 1. MariaDB Operator CRDs apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -27,7 +26,6 @@ spec: - SyncWave=0 # ensure this is applied first --- -# 2. MariaDB Operator apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -53,4 +51,3 @@ spec: - ApplyOutOfSyncOnly=true - SkipHooks=false - SyncWave=1 # ensure this waits for mariadb-operator-crds - diff --git a/applications/40-database/mariadb.yaml b/applications/40-database/mariadb.yaml new file mode 100644 index 0000000..77be256 --- /dev/null +++ b/applications/40-database/mariadb.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb + namespace: database +spec: + rootPasswordSecretKeyRef: + name: db-secrets + key: db-root-password + + storage: + size: 5Gi diff --git a/applications/50-nextcloud/nextcloud.yaml b/applications/50-nextcloud/nextcloud.yaml new file mode 100644 index 0000000..40fee2b --- /dev/null +++ b/applications/50-nextcloud/nextcloud.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nextcloud-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: local-path + hostPath: + path: /dpool/services/nextcloud/data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc + namespace: home-server +spec: + accessModes: + - ReadWriteOnce + storageClassName: local-path + resources: + requests: + storage: 10Gi + volumeName: nextcloud-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: home-server +spec: + ports: + - port: 80 + selector: + app: nextcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: home-server +spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud:29 + env: + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_HOST + value: nextcloud-db + ports: + - containerPort: 80 + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/html + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + volumes: + - name: nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-pvc + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: home-server + annotations: + external-dns.alpha.kubernetes.io/hostname: nc.hxme.net + nginx.ingress.kubernetes.io/server-snippet: | + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; +spec: + tls: + - hosts: + - nc.hxme.net + secretName: wildcard-hxme-net + rules: + - host: nc.hxme.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 + + +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: nextcloud + namespace: database +spec: + databaseRef: + name: nextcloud + accountName: nextcloud@'%' + privileges: + - ALL + mariaDbRef: + name: mariadb + passwordSecretKeyRef: + name: nextcloud-secrets + key: MYSQL_PASSWORD + + diff --git a/deploy/server.yaml b/deploy/server.yaml index 6a347b8..2995cbe 100644 --- a/deploy/server.yaml +++ b/deploy/server.yaml @@ -28,6 +28,16 @@ spec: namespace: home-server wave: 2 + - name: database + path: applications/40-database + namespace: database + wave: 3 + + - name: nextcloud + path: applications/50-nextcloud + namespace: nextcloud + wave: 4 + template: metadata: name: '{{name}}'