add external database

clean-dev-cluster.sh

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+k3d cluster delete local
+# docker stop registry.localhost
+# docker container rm registry.localhost
+# docker stop mariadb.localhost
+# docker container rm mariadb.localhost

kustomize/bases/cert-manager/cert-manager-namespace.patch

@@ -1,5 +1,5 @@
---- a	2020-08-03 08:32:44.463589161 -0400
+--- a	2020-08-10 23:13:10.083362050 -0400
-+++ b	2020-08-03 08:34:06.230277210 -0400
++++ b	2020-08-10 23:14:00.823784738 -0400
 @@ -19,7 +19,7 @@
  metadata:
    name: certificaterequests.cert-manager.io
@@ -147,3 +147,12 @@
  ---
  # Source: cert-manager/templates/service.yaml
  apiVersion: v1
+@@ -19338,7 +19333,7 @@
+           - --secure-port=10250
+           - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
+           - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
+-          - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
++          - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc
+           ports:
+           - name: https
+             containerPort: 10250

kustomize/bases/cert-manager/cert-manager.yaml

@@ -3,7 +3,7 @@ kind: RemoteResources
 metadata:
   name: cert-manager
 resources:
-  - url: https://github.com/jetstack/cert-manager/releases/download/v0.16.0/cert-manager.yaml
+  - url: https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml
-    sha256: 5770f5f01c10a902355b3522b8ce44508ebb6ec88955efde9a443afe5b3969d7
+    sha256: 75e7cc1fb42f759860ab896aaa404c0d8c8d5896274d3739eccb193ed1075dd9
-    patches:
+    # patches:
-      - cert-manager-namespace.patch
+    #   - cert-manager-namespace.patch

kustomize/bases/drone/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+  - drone-server-deployment.yaml
+  - drone-runner-deployment.yaml

kustomize/bases/gitea/gitea-deployment.yaml

@@ -32,7 +32,10 @@ spec:
             - name: DB_TYPE
               value: mysql
             - name: DB_HOST
-              value: mariadb.gitea.svc:3306
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: host
             - name: DB_NAME
               valueFrom:
                 secretKeyRef:

kustomize/bases/gitea/kustomization.yaml

@@ -1,7 +1,5 @@
 resources:
   - gitea-deployment.yaml
-  - drone-server-deployment.yaml
-  - drone-runner-deployment.yaml
   - ingress.yaml
 
 secretGenerator:
@@ -9,15 +7,16 @@ secretGenerator:
     type: Opaque
     behavior: create
     literals:
+      - host=mariadb.localhost:3306
       - database=gitea
       - username=gitea
-      - password=replaceme
+      - password=changeme
   - name: drone-secret
     type: Opaque
     literals:
-      - rpc_secret=replaceme
+      - rpc_secret=changeme
   - name: drone-gitea-oauth-secret
     type: Opaque
     literals:
-      - client_id=replaceme
+      - client_id=changeme
-      - client_secret=replaceme
+      - client_secret=changeme

kustomize/bases/grafana/grafana-deployment.yaml

@@ -24,7 +24,10 @@ spec:
             - name: GF_DATABASE_TYPE
               value: mysql
             - name: GF_DATABASE_HOST
-              value: mariadb.grafana.svc:3306
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: host
             - name: GF_DATABASE_NAME
               valueFrom:
                 secretKeyRef:

kustomize/bases/grafana/kustomization.yaml

@@ -12,6 +12,7 @@ secretGenerator:
     type: Opaque
     behavior: create
     literals:
+      - host=mariadb.localhost:3306
       - database=grafana
       - username=grafana
-      - password=replaceme
+      - password=changeme

kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch

@@ -1,5 +1,5 @@
---- a	2020-08-03 08:27:39.420706235 -0400
+--- a	2020-08-10 23:16:01.598069317 -0400
-+++ b	2020-08-03 08:29:09.257135444 -0400
++++ b	2020-08-10 23:16:35.401656793 -0400
 @@ -1,14 +1,4 @@
 -
 -apiVersion: v1
@@ -253,11 +253,13 @@
  spec:
    template:
      metadata:
-@@ -525,7 +515,7 @@
+@@ -524,8 +514,8 @@
+           imagePullPolicy: IfNotPresent
            args:
              - create
-             - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
+-            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
 -            - --namespace=ingress-nginx
++            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.kube-system.svc
 +            - --namespace=kube-system
              - --secret-name=ingress-nginx-admission
        restartPolicy: OnFailure

kustomize/bases/nextcloud/kustomization.yaml

@@ -8,6 +8,7 @@ secretGenerator:
     type: Opaque
     behavior: create
     literals:
+      - host=mariadb.localhost:3306
       - database=nextcloud
       - username=nextcloud
-      - password=replaceme
+      - password=changeme

kustomize/bases/nextcloud/nextcloud-deployment.yaml

@@ -20,7 +20,10 @@ spec:
             - name: TRUSTED_PROXIES
               value: 10.0.0.0/8
             - name: MYSQL_HOST
-              value: mariadb.nextcloud.svc:3306
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: host
             - name: MYSQL_DATABASE
               valueFrom:
                 secretKeyRef:

kustomize/namespaces/cert-manager/kustomization.yaml

@@ -0,0 +1,4 @@
+bases:
+  - ../../bases/cert-manager
+
+# namespace: cert-manager

kustomize/namespaces/kube-system/kustomization.yaml

@@ -1,5 +1,4 @@
 bases:
   - ../../bases/ingress-nginx
-  - ../../bases/cert-manager
 
 namespace: kube-system

kustomize/overlays/dev-auto-deploy/kustomization.yaml

@@ -1,5 +1,6 @@
 bases:
   - ../../namespaces/kube-system
+  - ../../namespaces/cert-manager
 
 # allow "kubectl apply -l managed-by=auto-deploy --prune ..."
 commonlabels:

setup-dev-cluster.sh

@@ -27,8 +27,9 @@ if ! k3d cluster list "$cluster_name" &>/dev/null; then
         --agents 3 \
         --k3s-server-arg '--no-deploy=traefik' \
         --volume "$k3s_registry_config:/etc/rancher/k3s/registries.yaml" \
-        -p 8080:80@loadbalancer
+        -p 80:80@loadbalancer \
-    sleep 1
+        -p 443:443@loadbalancer
+    sleep 10
 fi
         # --volume ":/var/lib/rancher/k3s/server/manifests/auto-deploy.yaml" \
 
@@ -44,6 +45,36 @@ if ! docker ps -a | grep registry.localhost &>/dev/null; then
     docker network connect "k3d-$cluster_name" registry.localhost
 fi
 
+# local mariadb database
+if ! docker ps -a | grep mariadb.localhost &>/dev/null; then
+    docker volume create local_mariadb
+    docker run -d \
+        --name mariadb.localhost \
+        --volume local_mariadb:/var/lib/mysql \
+        --restart always \
+        --env MYSQL_ROOT_PASSWORD=changeme \
+        -p 3306:3306 \
+        mariadb:10.5
+    docker network connect "k3d-$cluster_name" mariadb.localhost
+    sleep 10
+fi
+
+docker exec mariadb.localhost mysql -vv -uroot -pchangeme -e "
+CREATE DATABASE IF NOT EXISTS gitea;
+CREATE USER  IF NOT EXISTS 'gitea'@'%' IDENTIFIED BY 'changeme';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'%';
+
+CREATE DATABASE IF NOT EXISTS grafana;
+CREATE USER IF NOT EXISTS 'grafana'@'%' IDENTIFIED BY 'changeme';
+GRANT ALL PRIVILEGES ON grafana.* TO 'grafana'@'%';
+
+CREATE DATABASE IF NOT EXISTS nextcloud;
+CREATE USER  IF NOT EXISTS 'nextcloud'@'%' IDENTIFIED BY 'changeme';
+GRANT ALL PRIVILEGES ON grafana.* TO 'nextcloud'@'%';
+
+FLUSH PRIVILEGES;
+"
+
 k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null
 kubectl apply -f "$auto_deploy_manifest"
 kubectl get nodes