From bc434ff3b5fe85ab43ddfb6187ac33c597194850 Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Fri, 27 Aug 2021 00:57:25 -0400 Subject: [PATCH] reconfigure nextcloud --- .gitignore | 2 + .postgres/initdb.sql | 8 -- .../bases/drone/drone-runner-deployment.yaml | 2 +- .../bases/grafana/provision/datasources.yaml | 2 +- kustomize/bases/nextcloud/ingress.yaml | 22 ------ kustomize/bases/nextcloud/kustomization.yaml | 15 +--- .../bases/nextcloud/nextcloud-cronjob.yaml | 17 +++-- .../bases/nextcloud/nextcloud-deployment.yaml | 57 ++++++-------- .../bases/nextcloud/nextcloud-ingress.yaml | 18 +++++ kustomize/bases/postgres/kustomization.yaml | 11 +++ .../bases/postgres/postgres-statefulset.yaml | 75 +++++++++++++++++++ .../namespaces/nextcloud/kustomization.yaml | 1 - kustomize/overlays/dev/kustomization.yaml | 13 +++- kustomize/overlays/prod/kustomization.yaml | 6 ++ .../patches/nextcloud-deployment-patch.yaml | 12 +++ setup-dev-cluster.sh | 61 +++++++-------- 16 files changed, 200 insertions(+), 122 deletions(-) delete mode 100644 .postgres/initdb.sql delete mode 100644 kustomize/bases/nextcloud/ingress.yaml create mode 100644 kustomize/bases/nextcloud/nextcloud-ingress.yaml create mode 100644 kustomize/bases/postgres/kustomization.yaml create mode 100644 kustomize/bases/postgres/postgres-statefulset.yaml create mode 100644 kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml diff --git a/.gitignore b/.gitignore index 7eec3fd..3f63163 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,5 @@ tags .env kubectl/ build/ +.nfs/ +!.gitkeep \ No newline at end of file diff --git a/.postgres/initdb.sql b/.postgres/initdb.sql deleted file mode 100644 index 5be376e..0000000 --- a/.postgres/initdb.sql +++ /dev/null @@ -1,8 +0,0 @@ -CREATE USER gitea WITH PASSWORD 'changeme'; -CREATE DATABASE gitea WITH OWNER gitea; - -CREATE USER grafana WITH password 'changeme'; -CREATE DATABASE grafana WITH OWNER grafana; - -CREATE USER nextcloud WITH PASSWORD 'changeme'; -CREATE DATABASE nextcloud WITH OWNER nextcloud; diff --git a/kustomize/bases/drone/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml index af793e8..477c4e7 100644 --- a/kustomize/bases/drone/drone-runner-deployment.yaml +++ b/kustomize/bases/drone/drone-runner-deployment.yaml @@ -21,7 +21,7 @@ spec: image: drone/drone-runner-kube env: - name: DRONE_RPC_HOST - value: drone.gitea.svc + value: drone.gitea.svc.cluster.local - name: DRONE_RPC_PROTO value: http - name: DRONE_RPC_SECRET diff --git a/kustomize/bases/grafana/provision/datasources.yaml b/kustomize/bases/grafana/provision/datasources.yaml index 7b54bb2..ffd9b4e 100644 --- a/kustomize/bases/grafana/provision/datasources.yaml +++ b/kustomize/bases/grafana/provision/datasources.yaml @@ -3,5 +3,5 @@ datasources: - name: prometheus type: prometheus access: proxy - url: http://prometheus-operated.monitoring.svc:9090 + url: http://prometheus-operated.monitoring.svc.cluster.local:9090 is_default: true diff --git a/kustomize/bases/nextcloud/ingress.yaml b/kustomize/bases/nextcloud/ingress.yaml deleted file mode 100644 index b474d2a..0000000 --- a/kustomize/bases/nextcloud/ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: nextcloud - labels: - app.kubernetes.io/name: nextcloud - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - ${NEXTCLOUD_EXTERNAL_HOST} - secretName: letsencrypt-cert - rules: - - host: ${NEXTCLOUD_EXTERNAL_HOST} - http: - paths: - - path: / - backend: - serviceName: nextcloud - servicePort: http \ No newline at end of file diff --git a/kustomize/bases/nextcloud/kustomization.yaml b/kustomize/bases/nextcloud/kustomization.yaml index 6f33143..e9f3988 100644 --- a/kustomize/bases/nextcloud/kustomization.yaml +++ b/kustomize/bases/nextcloud/kustomization.yaml @@ -1,14 +1,7 @@ +bases: + - ../postgres + resources: - nextcloud-deployment.yaml - nextcloud-cronjob.yaml - - ingress.yaml - -secretGenerator: - - name: postgres-credentials-secret - type: Opaque - behavior: create - literals: - - host=172.18.1.2:5432 - - database=nextcloud - - username=nextcloud - - password=changeme + - nextcloud-ingress.yaml diff --git a/kustomize/bases/nextcloud/nextcloud-cronjob.yaml b/kustomize/bases/nextcloud/nextcloud-cronjob.yaml index a974fe4..b1e4985 100644 --- a/kustomize/bases/nextcloud/nextcloud-cronjob.yaml +++ b/kustomize/bases/nextcloud/nextcloud-cronjob.yaml @@ -1,9 +1,10 @@ -apiVersion: batch/v1beta1 +apiVersion: batch/v1 kind: CronJob metadata: name: nextcloud-cronjob spec: - schedule: "*/15 * * * *" + schedule: "*/5 * * * *" + concurrencyPolicy: Forbid jobTemplate: spec: template: @@ -11,18 +12,18 @@ spec: restartPolicy: OnFailure containers: - name: nextcloud - image: nextcloud:18.0.4 + image: nextcloud securityContext: runAsUser: 33 runAsGroup: 33 - volumeMounts: - - name: nextcloud-data - mountPath: /var/www/html command: - php - -f - /var/www/html/cron.php + volumeMounts: + - name: nextcloud-pv + mountPath: /var/www/html volumes: - - name: nextcloud-data + - name: nextcloud-pv persistentVolumeClaim: - claimName: nextcloud-data + claimName: nextcloud-pvc diff --git a/kustomize/bases/nextcloud/nextcloud-deployment.yaml b/kustomize/bases/nextcloud/nextcloud-deployment.yaml index bc2bfdf..37c7e97 100644 --- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml @@ -5,6 +5,9 @@ metadata: labels: app.kubernetes.io/name: nextcloud spec: + replicas: 1 + strategy: + type: Recreate selector: matchLabels: app.kubernetes.io/name: nextcloud @@ -15,16 +18,17 @@ spec: spec: containers: - name: nextcloud - image: nextcloud:19.0.2 + image: nextcloud env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace - name: TRUSTED_PROXIES value: 10.0.0.0/8 - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - name: postgres-credentials-secret - key: host - - name: POSTGRES_DATABASE + value: postgres.$(NAMESPACE).svc.cluster.local + - name: POSTGRES_DB valueFrom: secretKeyRef: name: postgres-credentials-secret @@ -42,46 +46,31 @@ spec: ports: - name: http containerPort: 80 + resources: + requests: + cpu: 750m + memory: 75Mi + limits: + cpu: 1000m + memory: 1Gi volumeMounts: - - name: nextcloud-data + - name: nextcloud-pv mountPath: /var/www/html volumes: - - name: nextcloud-data + - name: nextcloud-pv persistentVolumeClaim: - claimName: nextcloud-data ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nextcloud-data-nfs - labels: - app.kubernetes.io/name: nextcloud -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 100Mi - nfs: - server: nfs-localhost - path: /nextcloud - mountOptions: ["vers=4"] + claimName: nextcloud-pvc --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: nextcloud-data - labels: - app.kubernetes.io/name: nextcloud + name: nextcloud-pvc spec: - storageClassName: "" accessModes: - - ReadWriteMany + - ReadWriteOnce resources: requests: - storage: 100Mi - selector: - matchLabels: - app.kubernetes.io/name: nextcloud + storage: 20Gi --- apiVersion: v1 kind: Service diff --git a/kustomize/bases/nextcloud/nextcloud-ingress.yaml b/kustomize/bases/nextcloud/nextcloud-ingress.yaml new file mode 100644 index 0000000..0719afc --- /dev/null +++ b/kustomize/bases/nextcloud/nextcloud-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + labels: + app.kubernetes.io/name: nextcloud +spec: + rules: + - host: ${NEXTCLOUD_EXTERNAL_HOST} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + name: http diff --git a/kustomize/bases/postgres/kustomization.yaml b/kustomize/bases/postgres/kustomization.yaml new file mode 100644 index 0000000..e4d1189 --- /dev/null +++ b/kustomize/bases/postgres/kustomization.yaml @@ -0,0 +1,11 @@ +resources: + - postgres-statefulset.yaml + +secretGenerator: + - name: postgres-credentials-secret + type: Opaque + behavior: create + literals: + - database=changeme + - username=changeme + - password=changeme diff --git a/kustomize/bases/postgres/postgres-statefulset.yaml b/kustomize/bases/postgres/postgres-statefulset.yaml new file mode 100644 index 0000000..cdbf1c0 --- /dev/null +++ b/kustomize/bases/postgres/postgres-statefulset.yaml @@ -0,0 +1,75 @@ +# PostgreSQL StatefulSet +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres + labels: + app.kubernetes.io/name: postgres +spec: + serviceName: postgres + selector: + matchLabels: + app.kubernetes.io/name: postgres + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: postgres + spec: + containers: + - name: postgres + image: postgres + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: postgres-credentials-secret + key: database + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-credentials-secret + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-credentials-secret + key: password + - name: PGDATA + value: /data/pgdata + ports: + - name: postgres + containerPort: 5432 + resources: + requests: + cpu: 500m + memory: 2Gi + limits: + cpu: 1000m + memory: 4Gi + volumeMounts: + - name: postgres-pvc + mountPath: /data + # Volume Claim + volumeClaimTemplates: + - metadata: + name: postgres-pvc + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app.kubernetes.io/name: postgres +spec: + selector: + app.kubernetes.io/name: postgres + ports: + - name: postgres + port: 5432 + targetPort: postgres \ No newline at end of file diff --git a/kustomize/namespaces/nextcloud/kustomization.yaml b/kustomize/namespaces/nextcloud/kustomization.yaml index 47c56ac..60ca2f2 100644 --- a/kustomize/namespaces/nextcloud/kustomization.yaml +++ b/kustomize/namespaces/nextcloud/kustomization.yaml @@ -1,6 +1,5 @@ bases: - ../../bases/nextcloud - # - ../../base/postgres resources: - namespace.yaml diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml index 7007e83..fbc2d7c 100644 --- a/kustomize/overlays/dev/kustomization.yaml +++ b/kustomize/overlays/dev/kustomization.yaml @@ -3,7 +3,7 @@ bases: - ../../namespaces/gitea - ../../namespaces/grafana - ../../namespaces/monitoring - # - ../../namespaces/nextcloud + - ../../namespaces/nextcloud images: - name: gitea/gitea @@ -14,6 +14,10 @@ images: newtag: 2.0.6 - name: drone/drone-runner-kube newtag: 1.0.0-beta.9 + - name: nextcloud + newtag: 22.1.0 + - name: postgres + newtag: 9.6.23 secretGenerator: - name: drone-secret @@ -30,6 +34,13 @@ secretGenerator: literals: - client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692 - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh + - name: postgres-credentials-secret + type: Opaque + behavior: replace + literals: + - database=nextcloud + - username=nextcloud + - password=nextcloud # allow "kubectl apply -l managed-by=kustomize --prune ..." commonlabels: diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index 0fcdc2b..cf7612d 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -38,3 +38,9 @@ transformers: - transformers/placeholders.yaml - transformers/ssm-secrets.yaml +# patchesJson6902: +# - target: +# version: v1 +# kind: Deployment +# name: nextcloud +# path: patches/nextcloud-deployment-patch.yaml diff --git a/kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml b/kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml new file mode 100644 index 0000000..9d713c8 --- /dev/null +++ b/kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml @@ -0,0 +1,12 @@ +- op: add + path: /spec/template/spec/containers/0/volumeMounts/0 + value: + name: nextcloud-data-nfs + mountPath: /data +- op: add + path: /spec/template/spec/volumes/0 + value: + name: nextcloud-data-nfs + nfs: + server: 172.31.0.10 + path: /data \ No newline at end of file diff --git a/setup-dev-cluster.sh b/setup-dev-cluster.sh index 03102ed..5e1a1b5 100755 --- a/setup-dev-cluster.sh +++ b/setup-dev-cluster.sh @@ -38,48 +38,39 @@ if ! docker ps -a | grep registry-localhost &>/dev/null; then docker run -d \ --name registry-localhost \ --net "k3d-$cluster_name" \ - --ip 172.18.1.1 \ --volume local_registry:/var/lib/registry \ --restart always \ -p 5000:5000 \ registry:2 fi -# local postgres database -if ! docker ps -a | grep postgres-localhost &>/dev/null; then - docker volume create local_postgres - docker run -d \ - --name postgres-localhost \ - --net "k3d-$cluster_name" \ - --ip 172.18.1.2 \ - --volume local_postgres:/var/lib/postgresql/data \ - --volume "$PWD/.postgres/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql:ro" \ - --restart always \ - --env POSTGRES_PASSWORD=changeme \ - -p 5432:5432 \ - postgres:9.6 - sleep 10 -fi - # local nfs server -if ! docker ps -a | grep nfs-localhost &>/dev/null; then - docker volume create local_nfs - docker run -d \ - --name nfs-localhost \ - --net "k3d-$cluster_name" \ - --ip 172.18.1.3 \ - --volume nfs_local:/data \ - --volume /lib/modules:/lib/modules:ro \ - --restart always \ - --cap-add SYS_ADMIN \ - --cap-add SYS_MODULE \ - --env NFS_EXPORT_0='/data *(rw,async,insecure,no_subtree_check,no_root_squash,fsid=0)' \ - --env NFS_DISABLE_VERSION_3=YES \ - --env NFS_LOG_LEVEL=DEBUG \ - -p 2049:2049 \ - erichough/nfs-server:2.2.1 - sleep 10 -fi +# if ! docker ps -a | grep nfs-localhost &>/dev/null; then +# docker volume create local_nfs +# docker run -d \ +# --name nfs-localhost \ +# --net "k3d-$cluster_name" \ +# --ip 172.31.0.10 \ +# --volume "$PWD/.nfs/nextcould:/data/nextcloud" \ +# --volume /lib/modules:/lib/modules:ro \ +# --restart always \ +# --cap-add SYS_ADMIN \ +# --cap-add SYS_MODULE \ +# --env NFS_EXPORT_0='/data *(rw,sync,insecure,no_subtree_check,no_root_squash,fsid=0)' \ +# --env NFS_LOG_LEVEL=DEBUG \ +# -p 2049:2049 \ +# erichough/nfs-server:2.2.1 +# sleep 10 +# fi +# sudo modprobe netfs +# sudo modprobe fscache +# sudo modprobe sunrpc +# sudo modprobe grace +# sudo modprobe lockd +# sudo modprobe nfs +# sudo modprobe nfs_acl +# sudo modprobe auth_rpcgss +# sudo modprobe nfsd # k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null # kubectl apply -f "$auto_deploy_manifest"