From 81256d1f6180badf25644fde3e26811f5667ced4 Mon Sep 17 00:00:00 2001
From: Udo Waechter <udo@maketank.net>
Date: Thu, 25 Jun 2020 09:33:22 +0200
Subject: [PATCH] this is a chaos

---
 .gitmodules                                   |  27 ++
 cluster-monitoring                            |   2 +-
 dashboard-adminuser.yaml                      |   6 -
 docker-apt-cacher-ng                          |   1 +
 docker-registry/README.md                     |   9 +
 docker-registry/certs/docker-registry.lan     |  52 +++
 docker-registry/certs/docker-registry.lan.crt |  34 ++
 docker-registry/docker-registry-ui.yaml       |  85 +++++
 docker-registry/registry-deployment.yaml      | 138 +++++++
 gluster-kubernetes                            |   1 +
 helm                                          |   1 +
 ingress-nginx                                 |   1 +
 kube-router                                   |   1 +
 mariadb/README.md                             |   2 +
 mariadb/docker/Dockerfile                     | 104 ++++++
 mariadb/docker/docker-entrypoint.sh           | 351 ++++++++++++++++++
 mariadb/mariadb-deployment.yaml               |  47 +++
 mariadb/mariadb-pv.yaml                       |  14 +
 mosquitto/charts                              |   1 +
 pihole-helm                                   |   1 +
 pihole-kubernetes                             |   1 +
 21 files changed, 872 insertions(+), 7 deletions(-)
 create mode 160000 docker-apt-cacher-ng
 create mode 100644 docker-registry/README.md
 create mode 100644 docker-registry/certs/docker-registry.lan
 create mode 100644 docker-registry/certs/docker-registry.lan.crt
 create mode 100644 docker-registry/docker-registry-ui.yaml
 create mode 100644 docker-registry/registry-deployment.yaml
 create mode 160000 gluster-kubernetes
 create mode 160000 helm
 create mode 160000 ingress-nginx
 create mode 160000 kube-router
 create mode 100644 mariadb/README.md
 create mode 100644 mariadb/docker/Dockerfile
 create mode 100755 mariadb/docker/docker-entrypoint.sh
 create mode 100644 mariadb/mariadb-deployment.yaml
 create mode 100644 mariadb/mariadb-pv.yaml
 create mode 160000 mosquitto/charts
 create mode 160000 pihole-helm
 create mode 160000 pihole-kubernetes

diff --git a/.gitmodules b/.gitmodules
index 9b2e617..2d06d51 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,30 @@
 [submodule "cluster-monitoring"]
 	path = cluster-monitoring
 	url = https://github.com/carlosedp/cluster-monitoring.git
+[submodule "gluster-kubernetes"]
+	path = gluster-kubernetes
+	url = https://github.com/jayflory/gluster-kubernetes.git
+[submodule "kubernetes-ingress"]
+	path = kubernetes-ingress
+	url = https://github.com/haproxytech/kubernetes-ingress.git
+[submodule "ingress-nginx"]
+	path = ingress-nginx
+	url = https://github.com/kubernetes/ingress-nginx.git
+[submodule "pihole-kubernetes"]
+	path = pihole-kubernetes
+	url = https://github.com/MoJo2600/pihole-kubernetes.git
+[submodule "pihole-helm"]
+	path = pihole-helm
+	url = https://github.com/ChrisPhillips-cminion/pihole-helm.git
+[submodule "helm"]
+	path = helm
+	url = https://github.com/helm/helm.git
+[submodule "docker-apt-cacher-ng"]
+	path = docker-apt-cacher-ng
+	url = https://github.com/sameersbn/docker-apt-cacher-ng.git
+[submodule "kube-router"]
+	path = kube-router
+	url = https://github.com/cloudnativelabs/kube-router.git
+[submodule "mosquitto/charts"]
+	path = mosquitto/charts
+	url = https://github.com/smizy/charts.git
diff --git a/cluster-monitoring b/cluster-monitoring
index 40c9318..ad1d165 160000
--- a/cluster-monitoring
+++ b/cluster-monitoring
@@ -1 +1 @@
-Subproject commit 40c9318d236bc8749fa1af27547c516dae9aad2d
+Subproject commit ad1d165158447faf8354eb5cba4433c3963fe995
diff --git a/dashboard-adminuser.yaml b/dashboard-adminuser.yaml
index 0e4a88b..6db3be5 100644
--- a/dashboard-adminuser.yaml
+++ b/dashboard-adminuser.yaml
@@ -1,9 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: admin-user
-  namespace: kubernetes-dashboard
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
diff --git a/docker-apt-cacher-ng b/docker-apt-cacher-ng
new file mode 160000
index 0000000..6090c34
--- /dev/null
+++ b/docker-apt-cacher-ng
@@ -0,0 +1 @@
+Subproject commit 6090c343e1dcba33e7c322df96f47278ea455433
diff --git a/docker-registry/README.md b/docker-registry/README.md
new file mode 100644
index 0000000..1b811e2
--- /dev/null
+++ b/docker-registry/README.md
@@ -0,0 +1,9 @@
+Docker-ui
+
+Build it for arm64:
+
+docker build --platform linux/arm64 -t joxit/docker-registry-ui:static -f static.dockerfile github.com/Joxit/docker-registry-ui
+
+
+docker tag 1494c11066f5 docker-registry.lan/docker-registry-ui:arm64
+docker push docker-registry.lan/docker-registry-ui:arm64
diff --git a/docker-registry/certs/docker-registry.lan b/docker-registry/certs/docker-registry.lan
new file mode 100644
index 0000000..45c4d05
--- /dev/null
+++ b/docker-registry/certs/docker-registry.lan
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCaHN7wa2QK9qD3
+ovn7ZZiKQ+E/f54MnHGgdlTcskTuiysbS4rqUC49MzWRZjxzxukbwF0a1yOOJUSM
+YgOeDntRU4T49FLxY3YAZ9RV4Lr6qU8Tz45Ez4N7RLa3QLqY2wf3BEy32k8SqHsI
+XMt0DV93w6q1eqW95XRNDDJF0xm4Oa4yaew0tNCx8Senv51jZ8lOX8CJljnE2Sil
+P0HBFwfJqKk9qZg5WstQZFsr3D1wTpMZ3UmnzDN3EEBLJkvcAJvdo2E8TGb29UcD
+OopHCeixdoKJw/BBdDCXDoSs9N+pDmoY7QSQaXP91sybP/zrcvrIFTT39IFrARRh
+5X9QvCnJxhHXPhqqSeAE4YzTGHJV3BdpIVMPMWUHL9TfLFJxbUGImE2IUQZxSb2i
+Wy8w9mnt4SFARGUIr0+tOmEDQ7smlFUke9yIPnti01OogfDNR4/szpwYvfE5+xG6
+Vp0W590HxL6JE3nqaTJu+KIkBcRzroZZghmNEKik2MeRIxHjCpjvNr2INLn30S81
+NhdP4uZdCeI5sERFaFOCgA64MPTtPYjQRV7BFwpN3+alUK8zVtXat/n5HyxvqrzG
+s7IHA/GyCLjfsh9sWDhsfgsuIZzL+KblYnU1XPhRko4BQ2Y3GwA0QGFvM0+J1z/V
+r3ieyio37CbEuVugMQ/VYYl8UYE0TwIDAQABAoICAC+rnopfraJ2h3QSRaEt2/Fo
+7dPmdc0Q11T7RWS+//OJuNvIkj/IbYUgwgEnzqtBa/nZlvMmeSkO/hUufE/3ys1t
+OESJzt48FdQqSdQGn8/Jb1yBZ1CBn/oRVzN4IkAGAIC4I8L7FFqBIw2DJqvPNyik
+rblVJs+GmmL60tImal5B+VA+04G6LJPeNJX+/4AwKmTD2Zq1jUkGozv6RSylIxON
+yEv6mcuj+h/z6v+2MIr8wyPM/2uYDpNVw417WxvCVHRKhVlRiMf7NuwYv40Z05CR
+R++1XCvi9OTE6OVXGZgBjXAIYNEKzYZHWyLquCFcf5ZEeQ35485llxhxFOC0U3hL
+lT8pI6EFnRiTi+Eq+7GOmvKYjNda6UtUVYPFIX0Ff3IkkwJ53rYdrar4xLnpmeUF
+LcJhGJdfJSsvO2mdiLEFm/K7dQxDadusYPYFeUK4CGgoIsauf6XzdWbxJgv4qcOJ
+dMzt2uLxpq5k7pQ5HU96Pa9g1flR1vaAtZ4htTMbQ6o7nrUoc8+zoo8pBYW6/zi+
+OXf/9BvDQ/dQvtAF+gJQMfGDO5J0x5+yr+Jp7LKjlmG5B2bYMYF9/uZQTgY5kla5
+uqihCZVZ14uojbXA3eqHvmtRfFqQ4Us3s0BUDm4W5PUe6jwJ8TavP+XJIjcCLU2c
+kOrKZ0ZtIXwTUqKE5Z2BAoIBAQDKXleKtzEvvOWihxzuUmQYIT2HzrMG14s1M7wo
+YF0ARaQTxX5HH2lYN7znWb/RpcDSj+IBNV4PxEOHVNCTWhev/PnFmm6FuqopJDIZ
+sumP3jJg0K2/MFjBsHXNqacqjqMKlWFnuYqDHZSRX1bjC9IWB6HfS9Wjm2XrgBGx
+xFTcAZ3kXX4NlVMz/JgWMKLRY+qGtDWG11sT+oAge81La+MRz/R/fAhf3K+0iDaK
+F1iX8jXIcRfqk9OLafRcuIkS4q4rV6D9bI9xjbTz2tsm3b/wJezoSC06mTHoUEoG
+p3MIPZ6ETDADDlB9hsWS23p2ueuUOCHg19+n30ah6qWx7UzjAoIBAQDC9KBAYr0T
+sf7o5FA+Xp/N6ALxarNa1b15TjFtwSfvwZrrg02QQIpQCR70vy6wiczkTcmRCi4P
+uiiVQz8abWbOW+aG4ThTpkOZDbCEVghFzGWPZjRsyrlhcegdS5FL4fCBrtUzOs7e
+e+YtgyPrvmHamhMvKYWfW/DWfxOoBFoL9GTuC1646Va63u3MmLMflzYhj4dgbsm0
+ut70aK3RAFkLVwswmx+OPINeSpEz6iIRArF4aSi8rH2eaMp4QiXz+zXSP+Bm4XTN
+C6HrQeyOmiEtXcZemZVnUtkJBdkW+iRiiD3+xLEX11c/kzcyIeNpaGu9LckXuxqY
+chu4XOVHLaKlAoIBAFapGfIESyL3UJtOIvyH+ec/bNsYkB/w8+M/mWbtBUaVjBMP
+culAMVue2t1z2KoNwkopZY5A7VvxHz33+y3u2c/6lHejj4rjCfV+U5ofvNdoPsio
+9I64RHoFeB0vdq/Jz1Y77C+ADCnj4/hxDINET54xfIdkMUPTy0yTVoB65CAm7Reb
+Vdy5Qp0zoWl3QHJMyGURDQ8GcDFZB79hZOPUerPpCvoBApESr4evATQXlU/UYGXK
+0IQa8+9y2ztNpx2YRx+2cfG0qKTnG0OGSG0XbxeHFjHOntfGPNIQd/LriF5SDOz4
+t2LHoX5v1XHzXTk0mwapFxDzQQrhmZzDIFvWlCMCggEANLHORtjpZlNsJSLhFZqZ
+8xvM/9fpVpoDNrCN566XztQzvYimBGGNgQiWF209f3YfrW3hF5T60kFtCrs8aTY8
+3XY1nyttAB8mkk4C8iIW5lbS9KmZbfZ1mQMizBhK04nkagkJk2lH1RcEJjUWFnhF
+FsMigFLmzSYauL9sXrOeazDJvxXPqodXa/cpq21yrQ1AEl4rJ0OKvZDtBn7szFsd
+tlT2r1KeeuGcWHYrPS8BujtSIMu7uROeeJy2bT7j50h1Sbj+PJCf83Q7dc1B1WGP
+qiV4osU8fssD4s5z2SQPhZpxt1UO0PThnkt6VdCXGTyiMmYXvpRSIfZly7VAO7b4
+CQKCAQEAoVcWk9yQ5fD+uQ40duvjpzeNxBjttFLHe1CeOCIPtA3KBak4O+MNwZMz
+oVUe2V/vb3kGpngF56d1hrBa4iQhvq4mGfnF/ZsbQHa4BZyaFIFvcOwZsgCjAO65
+MpbybhRiOMMtu0Bg/H1hH2dzatugrqfVDYRnt9EgpDl7gkdVvmRu9khMWGHLv9qJ
+gVeH5dNlpty3gkpSjJgTpEuKF7Yzw4seHpjkiwzIitgE2F7Xrv+6GtYOs0iziJTx
+ZNq3BtxzCGe6MamLkXOj5DREhQMqAxJTUo/AYRNRiOeq+AdYgoAulse7HIO8q77E
+i+DOL/C63wFKJddUnKSXCf+iAJraGw==
+-----END PRIVATE KEY-----
diff --git a/docker-registry/certs/docker-registry.lan.crt b/docker-registry/certs/docker-registry.lan.crt
new file mode 100644
index 0000000..642b1e3
--- /dev/null
+++ b/docker-registry/certs/docker-registry.lan.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF2zCCA8OgAwIBAgIUCvX0FglFpG7UJJe6QruGhfKwglUwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy
+bGluMQ4wDAYDVQQKDAVjaGFvczEcMBoGA1UEAwwTZG9ja2VyLXJlZ2lzdHJ5Lmxh
+bTEdMBsGCSqGSIb3DQEJARYOcm9vdEBjaGFvcy5sYW4wIBcNMjAwNjI0MTUxODE5
+WhgPMjEyMDA1MzExNTE4MTlaMHwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJs
+aW4xDzANBgNVBAcMBkJlcmxpbjEOMAwGA1UECgwFY2hhb3MxHDAaBgNVBAMME2Rv
+Y2tlci1yZWdpc3RyeS5sYW0xHTAbBgkqhkiG9w0BCQEWDnJvb3RAY2hhb3MubGFu
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmhze8GtkCvag96L5+2WY
+ikPhP3+eDJxxoHZU3LJE7osrG0uK6lAuPTM1kWY8c8bpG8BdGtcjjiVEjGIDng57
+UVOE+PRS8WN2AGfUVeC6+qlPE8+ORM+De0S2t0C6mNsH9wRMt9pPEqh7CFzLdA1f
+d8OqtXqlveV0TQwyRdMZuDmuMmnsNLTQsfEnp7+dY2fJTl/AiZY5xNkopT9BwRcH
+yaipPamYOVrLUGRbK9w9cE6TGd1Jp8wzdxBASyZL3ACb3aNhPExm9vVHAzqKRwno
+sXaCicPwQXQwlw6ErPTfqQ5qGO0EkGlz/dbMmz/863L6yBU09/SBawEUYeV/ULwp
+ycYR1z4aqkngBOGM0xhyVdwXaSFTDzFlBy/U3yxScW1BiJhNiFEGcUm9olsvMPZp
+7eEhQERlCK9PrTphA0O7JpRVJHvciD57YtNTqIHwzUeP7M6cGL3xOfsRuladFufd
+B8S+iRN56mkybviiJAXEc66GWYIZjRCopNjHkSMR4wqY7za9iDS599EvNTYXT+Lm
+XQniObBERWhTgoAOuDD07T2I0EVewRcKTd/mpVCvM1bV2rf5+R8sb6q8xrOyBwPx
+sgi437IfbFg4bH4LLiGcy/im5WJ1NVz4UZKOAUNmNxsANEBhbzNPidc/1a94nsoq
+N+wmxLlboDEP1WGJfFGBNE8CAwEAAaNTMFEwHQYDVR0OBBYEFCtnUlt2y35MUJ0x
+YSvt8G3vi0NMMB8GA1UdIwQYMBaAFCtnUlt2y35MUJ0xYSvt8G3vi0NMMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEXDBh9NNZza6Vjzwcll7uAc
+x22ghoDinHOdfNWe9Hgocmj/Ci4M7f8TL35Zlm2PhOfYaol88uVIOiTKrf2USY2J
+7RSvpl34voiWR8HBtkIFvmiUE2GR5I8gA21H8xaenIbg1Pj9V+E4SgIN1V9lX6S1
+tjNVbhs/mU6YqyNytkjCuwJgCMPgXx4wwPZqaBqGJ5IrJfag0ZahT0IfKSzKtc8M
+HBeXTy7Ck7WUOQWRCe289CBkYHZ+ScdnXnJao7uLvpuoUpu6/WPAnMN1t7KUO4tU
+Z0SwNpY/Xsq3pjwTk2ZJwhFI1baaOyDZJW0+l2D48q7ADavq72NlPerZFkIN6Uvh
+iyb4A/dzZWeZPIJinLtC6Bip5epg03KR0O4D/rYHbn6uVTq894ThIAXt1Q8fFVGb
+oX+AK+ERCWc4ost+pr+Dk78bJUEcHCMRIGaWUVfzXvCagrx4eRLwoaLTovPHVvVl
+on61w57W8csoj8lh3TX5t0MB4s87twHlErRIALqMd+m5K+2CPeWRd/6ZpmCGuL9s
+bT+Rde3Sqw45N3Asw795yA73Av0coq8pB2DyDR5SoHkMD1rzJIVg4lBCwMSR3IJk
+hiIO2qV1xNFrnA3ggKZSyDkH8eOR0dAmtthX6nDGvUbFsMFYnXli5wngTuXdHiYo
+Lpilp6oWJLkzjfyGR3Um
+-----END CERTIFICATE-----
diff --git a/docker-registry/docker-registry-ui.yaml b/docker-registry/docker-registry-ui.yaml
new file mode 100644
index 0000000..819685a
--- /dev/null
+++ b/docker-registry/docker-registry-ui.yaml
@@ -0,0 +1,85 @@
+#https://github.com/Joxit/docker-registry-ui
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: docker-registry-ui
+  namespace: docker-registry
+  labels:
+    app: registry-ui
+    release: docker-registry-ui
+    app/version: "1.2.1"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry-ui
+      release: docker-registry-ui
+  template:
+    metadata:
+      labels:
+        app: registry-ui
+        release: docker-registry-ui
+    spec:
+      containers:
+        - name: registry-ui
+          image: "docker-registry.lan/docker-registry-ui:arm64"
+          imagePullPolicy: Always
+          env:
+            - name: URL
+              value: "http://docker-registry.lan"
+            - name: REGISTRY_TITLE
+              value: "Docker registry UI"
+            - name: DELETE_IMAGES
+              value: "false"
+            - name: REGISTRY_URL
+              value: "http://docker-registry-ui.lan"
+            - name: PULL_URL
+              value: "http://docker-registry.lan"
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: docker-registry
+  name: docker-registry-ui
+  labels:
+    app: registry-ui
+    release: docker-registry-ui
+    app/version: "1.2.1"
+spec:
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+      app: registry-ui
+      release: docker-registry-ui
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+    name: docker-registry-ui
+    namespace: docker-registry
+spec:
+    rules:
+    - host: docker-registry-ui.lan
+      http:
+          paths:
+          - backend:
+              serviceName: docker-registry-ui
+              servicePort: http
+            path: / 
diff --git a/docker-registry/registry-deployment.yaml b/docker-registry/registry-deployment.yaml
new file mode 100644
index 0000000..3e76151
--- /dev/null
+++ b/docker-registry/registry-deployment.yaml
@@ -0,0 +1,138 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: docker-registry
+spec:
+    finalizers:
+    - kubernetes
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: docker-registry
+  namespace: docker-registry
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+spec:
+  storageClassName: fast
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment 
+metadata:
+  name: registry
+  labels:
+    app: registry
+  namespace: docker-registry
+spec:
+  replicas: 1
+  selector:
+      matchLabels:
+          app: registry
+  template:
+      metadata:
+          labels:
+              app: registry
+      spec:
+        containers:
+        - name: registry
+          image: registry:2
+          imagePullPolicy: Always
+          env:
+          - name: REGISTRY_HTTP_SECRET
+            value: "ThisIsTotallySecret"
+          ports:
+            - containerPort: 5000
+          volumeMounts:
+            - mountPath: /var/lib/registry
+              name: registry-data
+            - mountPath: /etc/docker/registry
+              name: config
+        volumes:
+          - name: registry-data
+            persistentVolumeClaim:
+                claimName: docker-registry 
+          - name: config
+            configMap:
+              defaultMode: 420
+              name: docker-registry-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: docker-registry-config
+  namespace: docker-registry
+  labels:
+    app: registry
+data:
+  config.yml: |-
+    version: 0.1
+    log:
+      fields:
+        service: registry
+    storage:
+      delete:
+        enabled: true
+      cache:
+        blobdescriptor: inmemory
+      filesystem:
+        rootdirectory: /var/lib/registry
+    http:
+      addr: :5000
+      headers:
+        X-Content-Type-Options: [nosniff]
+        Access-Control-Allow-Origin: ['*']
+        Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
+        Access-Control-Allow-Headers: ['Authorization', 'Accept']
+        Access-Control-Max-Age: [1728000]
+        Access-Control-Allow-Credentials: [true]
+        Access-Control-Expose-Headers: ['Docker-Content-Digest']            
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: registry
+  namespace: docker-registry
+spec:
+  selector:
+    app: registry
+  ports:
+    - port: 5000
+      targetPort: 5000
+---
+apiVersion: v1
+data:
+  proxy-connect-timeout: "30"
+  proxy-read-timeout: "1801"
+  proxy-send-timeout: "1801"
+  proxy-body-size: "0"
+  client-max-body-size: "0"
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+---
+apiVersion: networking.k8s.io/v1beta1 
+kind: Ingress
+metadata:
+    name: docker-registry
+    namespace: docker-registry
+    annotations:
+      nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30
+      nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800
+      nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800
+      nginx.ingress.kubernetes.io/proxy-body-size: 0 
+spec:
+    rules:
+    - host: docker-registry.lan
+      http:
+          paths:
+          - backend:
+              serviceName: registry
+              servicePort: 5000 
+            path: /
diff --git a/gluster-kubernetes b/gluster-kubernetes
new file mode 160000
index 0000000..4f3693b
--- /dev/null
+++ b/gluster-kubernetes
@@ -0,0 +1 @@
+Subproject commit 4f3693b6354957c994f27ee91a6066630769a38c
diff --git a/helm b/helm
new file mode 160000
index 0000000..a28d695
--- /dev/null
+++ b/helm
@@ -0,0 +1 @@
+Subproject commit a28d695c43ad5b889923c5cf0e7694503bdb47df
diff --git a/ingress-nginx b/ingress-nginx
new file mode 160000
index 0000000..928ea08
--- /dev/null
+++ b/ingress-nginx
@@ -0,0 +1 @@
+Subproject commit 928ea085708d6acd866b241d0e8f0140d8231926
diff --git a/kube-router b/kube-router
new file mode 160000
index 0000000..a23017d
--- /dev/null
+++ b/kube-router
@@ -0,0 +1 @@
+Subproject commit a23017d58f8fd3bfd7c4161a2d5a3d18f07fb32b
diff --git a/mariadb/README.md b/mariadb/README.md
new file mode 100644
index 0000000..3d2b929
--- /dev/null
+++ b/mariadb/README.md
@@ -0,0 +1,2 @@
+Access Mysql POD:
+kubectl exec -it <PODNAME> bash
diff --git a/mariadb/docker/Dockerfile b/mariadb/docker/Dockerfile
new file mode 100644
index 0000000..736b43c
--- /dev/null
+++ b/mariadb/docker/Dockerfile
@@ -0,0 +1,104 @@
+# vim:set ft=dockerfile:
+FROM debian:buster-slim
+
+# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r mysql && useradd -r -g mysql mysql
+
+# https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
+RUN set -ex; \
+	apt-get update; \
+	if ! which gpg; then \
+		apt-get install -y --no-install-recommends gnupg; \
+	fi; \
+	if ! gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \
+# Ubuntu includes "gnupg" (not "gnupg2", but still 2.x), but not dirmngr, and gnupg 2.x requires dirmngr
+# so, if we're not running gnupg 1.x, explicitly install dirmngr too
+		apt-get install -y --no-install-recommends dirmngr; \
+	fi; \
+	rm -rf /var/lib/apt/lists/*; 
+
+# add gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.12
+RUN set -eux; \
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends ca-certificates wget; \
+	rm -rf /var/lib/apt/lists/*; \
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
+	gosu nobody true
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+# install "pwgen" for randomizing passwords
+# install "tzdata" for /usr/share/zoneinfo/
+# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
+RUN set -ex; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		pwgen \
+		tzdata \
+		xz-utils \
+		prometheus-mysqld-exporter \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+# bashbrew-architectures: amd64 arm64v8 ppc64le
+#ENV MARIADB_MAJOR 10.3
+#ENV MARIADB_VERSION 1:10.3.22-0+deb10u1
+# release-status:RC
+# (https://downloads.mariadb.org/mariadb/+releases/)
+
+# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies
+#  libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed
+
+# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
+# also, we set debconf keys to make APT a little quieter
+RUN set -ex; \
+	{ \
+		echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password password 'unused'; \
+		echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password_again password 'unused'; \
+	} | debconf-set-selections; \
+	apt-get update; \
+	apt-get install -y \
+		"mariadb-server" \
+# mariadb-backup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos
+		mariadb-backup \
+		socat \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+# comment out any "user" entires in the MySQL config ("docker-entrypoint.sh" or "--user" will handle user switching)
+	sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf /etc/mysql/conf.d/*; \
+	echo '[mysqld]\ninnodb_use_native_aio = 0\ninnodb_file_per_table = 1\n' >>/etc/mysql/conf.d/innodb_aio.cnf; \
+# purge and re-create /var/lib/mysql with appropriate ownership
+	rm -rf /var/lib/mysql; \
+	mkdir -p /var/lib/mysql /var/run/mysqld; \
+	chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
+# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
+	chmod 777 /var/run/mysqld; \
+# comment out a few problematic configuration values
+	find /etc/mysql/ -name '*.cnf' -print0 \
+		| xargs -0 grep -lZE '^(bind-address|log)' \
+		| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'; \
+# don't reverse lookup hostnames, they are usually another container
+	echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf; \
+	echo '[client]\nhost=localhost\nuser=prometheus\npassword=prom01\n' >/etc/prometheus-mysql-exporter
+VOLUME /var/lib/mysql
+
+COPY docker-entrypoint.sh /usr/local/bin/
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+EXPOSE 9104 3306
+CMD ["mysqld"]
diff --git a/mariadb/docker/docker-entrypoint.sh b/mariadb/docker/docker-entrypoint.sh
new file mode 100755
index 0000000..9666c84
--- /dev/null
+++ b/mariadb/docker/docker-entrypoint.sh
@@ -0,0 +1,351 @@
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# logging functions
+mysql_log() {
+	local type="$1"; shift
+	printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+}
+mysql_note() {
+	mysql_log Note "$@"
+}
+mysql_warn() {
+	mysql_log Warn "$@" >&2
+}
+mysql_error() {
+	mysql_log ERROR "$@" >&2
+	exit 1
+}
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		mysql_error "Both $var and $fileVar are set (but are exclusive)"
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+	# https://unix.stackexchange.com/a/215279
+	[ "${#FUNCNAME[@]}" -ge 2 ] \
+		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+		&& [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+	# mysql here for backwards compatibility "${mysql[@]}"
+	mysql=( docker_process_sql )
+
+	echo
+	local f
+	for f; do
+		case "$f" in
+			*.sh)
+				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+				# https://github.com/docker-library/postgres/pull/452
+				if [ -x "$f" ]; then
+					mysql_note "$0: running $f"
+					"$f"
+				else
+					mysql_note "$0: sourcing $f"
+					. "$f"
+				fi
+				;;
+			*.sql)    mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+			*.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+			*.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+			*)        mysql_warn "$0: ignoring $f" ;;
+		esac
+		echo
+	done
+}
+
+mysql_check_config() {
+	local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
+	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+		mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
+	fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+mysql_get_config() {
+	local conf="$1"; shift
+	"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+		| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+	# match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
+}
+
+# Do a temporary startup of the MySQL server, for init purposes
+docker_temp_server_start() {
+	"$@" --skip-networking --socket="${SOCKET}" &
+	mysql_note "Waiting for server startup"
+	local i
+	for i in {30..0}; do
+		# only use the root password if the database has already been initializaed
+		# so that it won't try to fill in a password file when it hasn't been set yet
+		extraArgs=()
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			extraArgs+=( '--dont-use-mysql-root-password' )
+		fi
+		if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+			break
+		fi
+		sleep 1
+	done
+	if [ "$i" = 0 ]; then
+		mysql_error "Unable to start server."
+	fi
+}
+
+# Stop the server. When using a local socket file mysqladmin will block until
+# the shutdown is complete.
+docker_temp_server_stop() {
+	if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+		mysql_error "Unable to shut down server."
+	fi
+}
+
+# Verify that the minimally required password settings are set for new databases.
+docker_verify_minimum_env() {
+	if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+		mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+	fi
+}
+
+# creates folders for the database
+# also ensures permission for user mysql of run as root
+docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+	# TODO other directories that are used by default? like /var/lib/mysql-files
+	# see https://github.com/docker-library/mysql/issues/562
+	mkdir -p "$DATADIR"
+
+	if [ "$user" = "0" ]; then
+		# this will cause less disk access than `chown -R`
+		find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+	fi
+}
+
+# initializes the database directory
+docker_init_database_dir() {
+	mysql_note "Initializing database files"
+	installArgs=( --datadir="$DATADIR" --rpm )
+	if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+		# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+		# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+		# (this flag doesn't exist in 10.0 and below)
+		installArgs+=( --auth-root-authentication-method=normal )
+	fi
+	# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+	mysql_install_db "${installArgs[@]}" "${@:2}"
+	mysql_note "Database files initialized"
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
+	# Get config
+	declare -g DATADIR SOCKET
+	DATADIR="$(mysql_get_config 'datadir' "$@")"
+	SOCKET="$(mysql_get_config 'socket' "$@")"
+
+	# Initialize values that might be stored in a file
+	file_env 'MYSQL_ROOT_HOST' '%'
+	file_env 'MYSQL_DATABASE'
+	file_env 'MYSQL_USER'
+	file_env 'MYSQL_PASSWORD'
+	file_env 'MYSQL_ROOT_PASSWORD'
+
+	declare -g DATABASE_ALREADY_EXISTS
+	if [ -d "$DATADIR/mysql" ]; then
+		DATABASE_ALREADY_EXISTS='true'
+	fi
+}
+
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
+#    ie: docker_process_sql --database=mydb <<<'INSERT ...'
+#    ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
+docker_process_sql() {
+	passfileArgs=()
+	if [ '--dont-use-mysql-root-password' = "$1" ]; then
+		passfileArgs+=( "$1" )
+		shift
+	fi
+	# args sent in can override this db, since they will be later in the command
+	if [ -n "$MYSQL_DATABASE" ]; then
+		set -- --database="$MYSQL_DATABASE" "$@"
+	fi
+
+	mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+}
+
+# Initializes database with timezone info and root password, plus optional extra db/user
+docker_setup_db() {
+	# Load timezone info into database
+	if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+		# sed is for https://bugs.mysql.com/bug.php?id=20545
+		mysql_tzinfo_to_sql /usr/share/zoneinfo \
+			| sed 's/Local time zone must be set--see zic manual page/FCTY/' \
+			| docker_process_sql --dont-use-mysql-root-password --database=mysql
+			# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+	fi
+	# Generate random root password
+	if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+		export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+		mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+	fi
+	# Sets root password and creates root users for non-localhost hosts
+	local rootCreate=
+	# default root to listen for connections from anywhere
+	if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+		# no, we don't care if read finds a terminating character in this heredoc
+		# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+		read -r -d '' rootCreate <<-EOSQL || true
+			CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+			GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+		EOSQL
+	fi
+
+	# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+	docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+		-- What's done in this file shouldn't be replicated
+		--  or products like mysql-fabric won't work
+		SET @@SESSION.SQL_LOG_BIN=0;
+
+		DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+		SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+		-- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+		-- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+		DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
+		GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+		FLUSH PRIVILEGES ;
+		${rootCreate}
+		DROP DATABASE IF EXISTS test ;
+	EOSQL
+
+	# Creates a custom database and user if specified
+	if [ -n "$MYSQL_DATABASE" ]; then
+		mysql_note "Creating database ${MYSQL_DATABASE}"
+		docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
+	fi
+
+	docker_process_sql --database=mysql <<<"CREATE USER 'prometheus'@'127.0.0.1' IDENTIFIED BY 'prom01' ;"
+	docker_process_sql --database=mysql <<<"GRANT ALL ON *.* TO 'prometheus'@'127.0.0.1' ;"
+	docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
+	
+	if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+		mysql_note "Creating user ${MYSQL_USER}"
+		docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
+
+		if [ -n "$MYSQL_DATABASE" ]; then
+			mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+			docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;"
+		fi
+
+		docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
+	fi
+}
+
+_mysql_passfile() {
+	# echo the password to the "file" the client uses
+	# the client command will use process substitution to create a file on the fly
+	# ie: --defaults-extra-file=<( _mysql_passfile )
+	if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+		cat <<-EOF
+			[client]
+			password="${MYSQL_ROOT_PASSWORD}"
+		EOF
+	fi
+}
+
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_mysql_want_help() {
+	local arg
+	for arg; do
+		case "$arg" in
+			-'?'|--help|--print-defaults|-V|--version)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+
+_main() {
+	# if command starts with an option, prepend mysqld
+	if [ "${1:0:1}" = '-' ]; then
+		set -- mysqld "$@"
+	fi
+
+	# skip setup if they aren't running mysqld or want an option that stops mysqld
+	if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+		mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+		mysql_check_config "$@"
+		# Load various environment variables
+		docker_setup_env "$@"
+		docker_create_db_directories
+
+		# If container is started as root user, restart as dedicated mysql user
+		if [ "$(id -u)" = "0" ]; then
+			mysql_note "Switching to dedicated user 'mysql'"
+			exec gosu mysql "$BASH_SOURCE" "$@"
+		fi
+
+		# there's no database, so it needs to be initialized
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			docker_verify_minimum_env
+
+			# check dir permissions to reduce likelihood of half-initialized database
+			ls /docker-entrypoint-initdb.d/ > /dev/null
+
+			docker_init_database_dir "$@"
+
+			mysql_note "Starting temporary server"
+			docker_temp_server_start "$@"
+			mysql_note "Temporary server started."
+
+			docker_setup_db
+			docker_process_init_files /docker-entrypoint-initdb.d/*
+
+			mysql_note "Stopping temporary server"
+			docker_temp_server_stop
+			mysql_note "Temporary server stopped"
+
+			echo
+			mysql_note "MySQL init process done. Ready for start up."
+			echo
+		fi
+	fi
+	/usr/bin/prometheus-mysqld-exporter --config.my-cnf /etc/prometheus-mysql-exporter&
+	exec "$@"
+}
+
+# If we are sourced from elsewhere, don't perform any further actions
+if ! _is_sourced; then
+	_main "$@"
+fi
diff --git a/mariadb/mariadb-deployment.yaml b/mariadb/mariadb-deployment.yaml
new file mode 100644
index 0000000..8dec30a
--- /dev/null
+++ b/mariadb/mariadb-deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb 
+spec:
+  ports:
+  - name: mysql 
+    port: 3306
+  - name: metrics 
+    port: 9104
+  selector:
+    app: mariadb 
+  type: LoadBalancer
+  loadBalancerIP: 172.23.255.4
+---
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+  name: mariadb 
+spec:
+  selector:
+    matchLabels:
+      app: mariadb 
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mariadb 
+    spec:
+      containers:
+      - image: docker-registry.lan/mariadb:arm64 
+        name: mariadb
+        env:
+          # Use secret in real usage
+        - name: MYSQL_ROOT_PASSWORD
+          value: 54MzzfHHTA9qJX64Pvdn
+        ports:
+        - containerPort: 3306
+          name: mariadb
+        volumeMounts:
+        - name: mariadb-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mariadb-persistent-storage
+        persistentVolumeClaim:
+          claimName: mariadb-pv-claim
diff --git a/mariadb/mariadb-pv.yaml b/mariadb/mariadb-pv.yaml
new file mode 100644
index 0000000..2153fc2
--- /dev/null
+++ b/mariadb/mariadb-pv.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pv-claim
+  annotations:
+        volume.beta.kubernetes.io/storage-provisioner: "nfs-storage"
+        volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+spec:
+  storageClassName: "fast"
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/mosquitto/charts b/mosquitto/charts
new file mode 160000
index 0000000..731a767
--- /dev/null
+++ b/mosquitto/charts
@@ -0,0 +1 @@
+Subproject commit 731a76763ae97d300a2b6044618b079568524b68
diff --git a/pihole-helm b/pihole-helm
new file mode 160000
index 0000000..454c7b2
--- /dev/null
+++ b/pihole-helm
@@ -0,0 +1 @@
+Subproject commit 454c7b24ca621b3bf00ab290d64c5a2a8477bb78
diff --git a/pihole-kubernetes b/pihole-kubernetes
new file mode 160000
index 0000000..52c9395
--- /dev/null
+++ b/pihole-kubernetes
@@ -0,0 +1 @@
+Subproject commit 52c9395d12376ce001d58d572d6b5f1c50ed4ca5