From 98f934b705d5de479cef73bcf2c891cb31dafb95 Mon Sep 17 00:00:00 2001 From: Erki Aas Date: Thu, 27 Nov 2025 21:20:58 +0200 Subject: [PATCH] Migrate gitea to dedicated mariadb --- gitea/application.yaml | 16 +++---- gitea/mariadb.yml | 99 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+), 8 deletions(-) create mode 100644 gitea/mariadb.yml diff --git a/gitea/application.yaml b/gitea/application.yaml index 2cda14a..8b6bab8 100644 --- a/gitea/application.yaml +++ b/gitea/application.yaml @@ -92,12 +92,12 @@ spec: - name: MYSQL_PWD valueFrom: secretKeyRef: - name: gitea-secrets - key: GITEA__DATABASE__PASSWD + name: mariadb-secrets + key: MYSQL_PASSWORD command: - /bin/bash - -c - - mysql -u kspace_git kspace_git -h mariadb.infra.k-space.ee -p${MYSQL_PWD} < /tmp/update.sql + - mysql -u gitea gitea -h mariadb -p${MYSQL_PWD} < /tmp/update.sql --- apiVersion: apps/v1 kind: StatefulSet @@ -164,11 +164,11 @@ spec: - name: GITEA__DATABASE__DB_TYPE value: mysql - name: GITEA__DATABASE__HOST - value: mariadb.infra.k-space.ee:3306 + value: mariadb:3306 - name: GITEA__DATABASE__NAME - value: kspace_git + value: gitea - name: GITEA__DATABASE__USER - value: kspace_git + value: gitea - name: GITEA__DATABASE__SSL_MODE value: disable - name: GITEA__DATABASE__LOG_SQL @@ -209,8 +209,8 @@ spec: - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: - name: gitea-secrets - key: GITEA__DATABASE__PASSWD + name: mariadb-secrets + key: MYSQL_PASSWORD - name: GITEA__MAILER__PASSWD valueFrom: secretKeyRef: diff --git a/gitea/mariadb.yml b/gitea/mariadb.yml new file mode 100644 index 0000000..e273338 --- /dev/null +++ b/gitea/mariadb.yml @@ -0,0 +1,99 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mariadb +spec: + revisionHistoryLimit: 0 + serviceName: mariadb + selector: + matchLabels: + app: mariadb + replicas: 1 + template: + metadata: + labels: + app: mariadb + annotations: + prometheus.io/port: '9104' + prometheus.io/scrape: 'true' + spec: + containers: + - name: exporter + image: mirror.gcr.io/prom/mysqld-exporter:latest + args: + - --mysqld.username + - exporter + - name: mariadb + image: mirror.gcr.io/library/mariadb:12.1 + imagePullPolicy: Always + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-secrets + key: MYSQL_ROOT_PASSWORD + - name: MYSQL_USER + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MYSQL_DATABASE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-secrets + key: MYSQL_PASSWORD + volumeMounts: + - name: mariadb-data + mountPath: /var/lib/mysql + - name: mariadb-init + mountPath: /docker-entrypoint-initdb.d + volumes: + - name: mariadb-init + configMap: + name: mariadb-init-config + volumeClaimTemplates: + - metadata: + name: mariadb-data + spec: + storageClassName: ceph-rbd + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi +--- +apiVersion: codemowers.cloud/v1beta1 +kind: SecretClaim +metadata: + name: mariadb-secrets +spec: + size: 32 + mapping: + - key: MYSQL_ROOT_PASSWORD + value: "%(plaintext)s" + - key: MYSQL_PASSWORD + value: "%(plaintext)s" +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb +spec: + ports: + - protocol: TCP + port: 3306 + selector: + app: mariadb +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-init-config +data: + initdb.sql: | + CREATE USER 'exporter'@'127.0.0.1' WITH MAX_USER_CONNECTIONS 3; + GRANT PROCESS, REPLICATION CLIENT, SLAVE MONITOR, SELECT ON *.* TO 'exporter'@'127.0.0.1';