From 754eba7fb87142a79f721904497a6785c3dfa5b7 Mon Sep 17 00:00:00 2001 From: outductor Date: Sat, 13 Jan 2024 21:45:52 +0900 Subject: [PATCH] fix hacknmd --- .../apps/growi-system/hackmd/mariadb.yaml | 73 +++++++++++++++++++ .../apps/growi-system/hackmd/statefulset.yaml | 10 +-- terraform/main.tf | 18 +++++ terraform/onp_cluster_secrets.tf | 19 ++++- 4 files changed, 114 insertions(+), 6 deletions(-) create mode 100644 seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/mariadb.yaml diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/mariadb.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/mariadb.yaml new file mode 100644 index 000000000..bda5070e9 --- /dev/null +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/mariadb.yaml @@ -0,0 +1,73 @@ +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: MariaDB +metadata: + namespace: growi-system + name: hackmd-mariadb +spec: + rootPasswordSecretKeyRef: + name: hackmd-mariadb + key: root-password + + database: hackmd + username: hackmd + passwordSecretKeyRef: + name: hackmd-mariadb + key: hackmd-password + + image: mariadb:10.11.6 + imagePullPolicy: IfNotPresent + + port: 3306 + + volumeClaimTemplate: + resources: + requests: + storage: 10Gi + storageClassName: synology-iscsi-storage + accessModes: + - ReadWriteOnce + + # myCnf: | + # [mariadb] + # innodb_buffer_pool_size = 1G + # innodb_log_file_size = 256M + # innodb_flush_log_at_trx_commit = 2 + # innodb_write_io_threads = 8 + # innodb_io_capacity = 1000 + # max_allowed_packet = 256M + + livenessProbe: + exec: + command: + - bash + - -c + - mysql -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + + readinessProbe: + exec: + command: + - bash + - -c + - mysql -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + + metrics: + enabled: true + exporter: + image: prom/mysqld-exporter:v0.15.1 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 512Mi + serviceMonitor: + prometheusRelease: prometheus + interval: 10s + scrapeTimeout: 10s diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml index 45333a7e3..fabf6436b 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml @@ -29,11 +29,11 @@ spec: value: "false" - name: GROWI_URI value: https://wiki.onp-k8s.admin.seichi.click - # - name: CMD_DB_URL - # valueFrom: - # secretKeyRef: - # name: hackmd-mariadb-url - # key: db-url + - name: CMD_DB_URL + valueFrom: + secretKeyRef: + name: hackmd-mariadb + key: db-url ports: - name: http containerPort: 3000 diff --git a/terraform/main.tf b/terraform/main.tf index a5323ad4a..7767bd25c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -330,4 +330,22 @@ variable "growi_github_sso_client_secret" { sensitive = true } +variable "hackmd_mariadb_root_password" { + description = "HackMD MariaDB root password for Growi" + type = string + sensitive = true +} + +variable "hackmd_mariadb_hackmd_password" { + description = "HackMD MariaDB hackmd password for Growi" + type = string + sensitive = true +} + +variable "hackmd_mariadb_hackmd_db_url" { + description = "HackMD MariaDB hackmd DB URL for Growi" + type = string + sensitive = true +} + #endregion diff --git a/terraform/onp_cluster_secrets.tf b/terraform/onp_cluster_secrets.tf index 2c4bc7098..eedb4e365 100644 --- a/terraform/onp_cluster_secrets.tf +++ b/terraform/onp_cluster_secrets.tf @@ -289,9 +289,26 @@ resource "kubernetes_secret" "growi_github_sso" { } data = { - "OAUTH_GITHUB_CLIENT_ID" = var.growi_github_sso_client_id + "OAUTH_GITHUB_CLIENT_ID" = var.growi_github_sso_client_id "OAUTH_GITHUB_CLIENT_SECRET" = var.growi_github_sso_client_secret } type = "Opaque" } + +resource "kubernetes_secret" "hackmd_mariadb" { + depends_on = [kubernetes_namespace.growi_system] + + metadata { + name = "hackmd-mariadb" + namespace = "growi-system" + } + + data = { + root-password = var.hackmd_mariadb_root_password + hackmd-password = var.hackmd_mariadb_hackmd_password + db-url = var.hackmd_mariadb_hackmd_db_url + } + + type = "Opaque" +}