Migrate gitea to dedicated mariadb

gitea/application.yaml

@@ -92,12 +92,12 @@ spec:
             - name: MYSQL_PWD
               valueFrom:
                 secretKeyRef:
-                  name: gitea-secrets
-                  key: GITEA__DATABASE__PASSWD
+                  name: mariadb-secrets
+                  key: MYSQL_PASSWORD
           command:
             - /bin/bash
             - -c
-            - mysql -u kspace_git kspace_git -h mariadb.infra.k-space.ee -p${MYSQL_PWD} < /tmp/update.sql
+            - mysql -u gitea gitea -h mariadb -p${MYSQL_PWD} < /tmp/update.sql
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -164,11 +164,11 @@ spec:
             - name: GITEA__DATABASE__DB_TYPE
               value: mysql
             - name: GITEA__DATABASE__HOST
-              value: mariadb.infra.k-space.ee:3306
+              value: mariadb:3306
             - name: GITEA__DATABASE__NAME
-              value: kspace_git
+              value: gitea
             - name: GITEA__DATABASE__USER
-              value: kspace_git
+              value: gitea
             - name: GITEA__DATABASE__SSL_MODE
               value: disable
             - name: GITEA__DATABASE__LOG_SQL
@@ -209,8 +209,8 @@ spec:
             - name: GITEA__DATABASE__PASSWD
               valueFrom:
                 secretKeyRef:
-                  name: gitea-secrets
-                  key: GITEA__DATABASE__PASSWD
+                  name: mariadb-secrets
+                  key: MYSQL_PASSWORD
             - name: GITEA__MAILER__PASSWD
               valueFrom:
                 secretKeyRef:

gitea/mariadb.yml

@@ -0,0 +1,99 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mariadb
+spec:
+  revisionHistoryLimit: 0
+  serviceName: mariadb
+  selector:
+    matchLabels:
+      app: mariadb
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mariadb
+      annotations:
+        prometheus.io/port: '9104'
+        prometheus.io/scrape: 'true'
+    spec:
+      containers:
+      - name: exporter
+        image: mirror.gcr.io/prom/mysqld-exporter:latest
+        args: 
+        - --mysqld.username
+        - exporter
+      - name: mariadb
+        image: mirror.gcr.io/library/mariadb:12.1
+        imagePullPolicy: Always
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mariadb-secrets
+              key: MYSQL_ROOT_PASSWORD
+        - name: MYSQL_USER
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MYSQL_DATABASE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mariadb-secrets
+              key: MYSQL_PASSWORD
+        volumeMounts:
+        - name: mariadb-data
+          mountPath: /var/lib/mysql
+        - name: mariadb-init
+          mountPath: /docker-entrypoint-initdb.d
+      volumes:
+        - name: mariadb-init
+          configMap:
+            name: mariadb-init-config
+  volumeClaimTemplates:
+  - metadata:
+      name: mariadb-data
+    spec:
+      storageClassName: ceph-rbd
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 2Gi
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: mariadb-secrets
+spec:
+  size: 32
+  mapping:
+    - key: MYSQL_ROOT_PASSWORD
+      value: "%(plaintext)s"
+    - key: MYSQL_PASSWORD
+      value: "%(plaintext)s"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+spec:
+  ports:
+    - protocol: TCP
+      port: 3306
+  selector:
+    app: mariadb
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-init-config
+data:
+  initdb.sql: |
+    CREATE USER 'exporter'@'127.0.0.1' WITH MAX_USER_CONNECTIONS 3;
+    GRANT PROCESS, REPLICATION CLIENT, SLAVE MONITOR, SELECT ON *.* TO 'exporter'@'127.0.0.1';