building an debian-stable image

mariadb and postgres and all of that
2021-02-22 13:08:48 +01:00 · 2021-02-20 22:40:49 +01:00
11 changed files with 167 additions and 44 deletions
--- a/_CI-CD/debian-stable/Dockerfile
+++ b/_CI-CD/debian-stable/Dockerfile
@@ -0,0 +1,9 @@
 FROM debian:stable-slim
 RUN sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.list && \
 	sed -i 's@security.debian.org@apt-cache.lan/security.debian.org@g' /etc/apt/sources.list && \
 	apt-get update && apt-get install -y \
 	dig procps nmap bash iputils-ping && \
 	apt-get clean -y && \ 
 	rm -rf /var/lib/apt/lists/* && \
 	rm -rf /var/cache/apt/*
--- a/_CI-CD/debian-stable/tekton-debian-stable.yaml
+++ b/_CI-CD/debian-stable/tekton-debian-stable.yaml
@@ -0,0 +1,84 @@
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
 metadata:
  name: chaos-kubernetes-git
 spec:
  type: git
  params:
    - name: revision
      value: master
    - name: url
      value: http://git-ui.lan/chaos/kubernetes.git
    - name: submodules
      value: "false"
 ---
 apiVersion: tekton.dev/v1alpha1
 kind: PipelineResource
 metadata:
  name: img-debian-stable
 spec:
  type: image
  params:
    - name: url
      value: cr.lan/debian-stable
 ---
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: build-debian-stable
 spec:
  params:
    - name: pathToContainerFile
      type: string
      default: $(resources.inputs.source.path)/_CI-CD/debian-stable/Dockerfile
    - name: pathToContext
      type: string
      default: $(resources.inputs.source.path)/_CI-CD/debian-stable
  resources:
    inputs:
      - name: source
        type: git
    outputs:
      - name: builtImage
        type: image
  steps:
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:arm64
      command:
        - /kaniko/executor
      args:
        - --dockerfile=$(params.pathToContainerFile)
        - --destination=$(resources.outputs.builtImage.url)
        - --context=$(params.pathToContext)
        - --skip-tls-verify
  #workspaces:
  #  - name: workspace
  #    mountPath: /workspace
 ---
 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
  name: img-debian-stable
 spec:
  taskRef:
    name: build-debian-stable
  params:
    - name: pathToContainerFile
      value: Dockerfile
  resources:
    inputs:
      - name: source
        resourceRef:
          name: chaos-kubernetes-git
    outputs:
      - name: builtImage
        resourceRef:
          name: img-debian-stable
 #  workspaces:
 #  - name: workspace
 #    persistentVolumeClaim:
 #      claimName: tektoncd-workspaces
 #    subPath: workspaces
--- a/_sys/descheduler-cronjob.yaml
+++ b/_sys/descheduler-cronjob.yaml
@@ -5,7 +5,7 @@ metadata:
  name: descheduler-cronjob
  namespace: kube-system
 spec:
-  schedule: "*/2 * * * *"
+  schedule: "40 */1 * * *"
  concurrencyPolicy: "Forbid"
  jobTemplate:
    spec:
--- a/apps/distcc/distcc-deployment.yaml
+++ b/apps/distcc/distcc-deployment.yaml
@@ -5,9 +5,8 @@ metadata:
    app: distcc
    release: stable
  name: distcc
  namespace: default
 spec:
-  replicas: 5
+  replicas: 4
  selector:
    matchLabels:
      app: distcc
@@ -21,7 +20,7 @@ spec:
    spec:
      containers:
      - name: distcc
-        image: cr.lan/distcc:aarch64
+        image: cr.lan/distcc
        imagePullPolicy: Always
 #env:
 #- name: OPTIONS
@@ -35,10 +34,10 @@ spec:
          protocol: TCP
        resources:
          limits:
-            cpu: 1
+            cpu: 4
            memory: 128Mi
          requests:
-            cpu: 1
+            cpu: 50m
            memory: 64Mi
      dnsPolicy: ClusterFirst
      restartPolicy: Always
@@ -55,26 +54,25 @@ spec:
                values:
                - distcc
            topologyKey: kubernetes.io/hostname
---
+#---
-apiVersion: v1
+#apiVersion: v1
-kind: Service
+#kind: Service
-metadata:
+#metadata:
-  labels:
+#  labels:
-    app: distcc
+#    app: distcc
-    release: stable
+#    release: stable
-  namespace: default
+#  name: distcc
-  name: distcc
+#spec:
-spec:
+#  externalTrafficPolicy: Cluster
-  externalTrafficPolicy: Cluster
+#  ports:
-  ports:
+#  - name: distcc-data
-  - name: distcc-data
+#    port: 3632
-    port: 3632
+#    targetPort: 3632
-    targetPort: 3632
+#    protocol: TCP
-    protocol: TCP
+#  - name: distcc-stats
-  - name: distcc-stats
+#    port: 3633
-    port: 3633
+#    targetPort: 3633
-    targetPort: 3633
+#    protocol: TCP
-    protocol: TCP
+#  selector:
-  selector:
+#    app: distcc
-    app: distcc
+#  type: LoadBalancer
  type: LoadBalancer
--- a/apps/gitea.yaml
+++ b/apps/gitea.yaml
@@ -32,6 +32,16 @@ spec:
              value: "1000"
            - name: TZ
              value: "Europe/Berlin"
            - name: DB_TYPE
              value: postgres
            - name: DB_HOST
              value: postgres.live-env.svc.cluster.local:5432
            - name: DB_NAME
              value: gitea
            - name: DB_USER
              value: gitea
            - name: DB_PASSWD
              value: giteaEu94XSS4gKpheSBoMsIs
          volumeMounts:
            - name: gitea
              mountPath: /data
@@ -84,6 +94,7 @@ metadata:
    app: gitea
 spec:
  type: LoadBalancer
  loadBalancerIP: 172.23.255.2
  ports:
    - port: 3000
      targetPort: http
--- a/apps/mariadb/mariadb-deployment.yaml
+++ b/apps/mariadb/mariadb-deployment.yaml
@@ -98,4 +98,4 @@ spec:
  claimRef:
    kind: PersistentVolumeClaim
    name: mariadb-data
-    namespace: default
+    namspace: live-env
--- a/apps/mariadb/mariadb/Dockerfile
+++ b/apps/mariadb/mariadb/Dockerfile
@@ -6,6 +6,8 @@ RUN groupadd -r mysql && useradd -r -g mysql mysql
 # https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
 RUN set -ex; \
 	sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.list; \
 	sed -i 's@security.debian.org@apt-cache.lan/security.debian.org@g' /etc/apt/sources.list; \
 	apt-get update; \
 	if ! which gpg; then \
 		apt-get install -y --no-install-recommends gnupg; \
@@ -93,6 +95,7 @@ RUN set -ex; \
 		| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'; \
 # don't reverse lookup hostnames, they are usually another container
 	echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf; \
 	mkdir -p /run/mysqld; \
 	apt-get clean -y;
 VOLUME /var/lib/mysql
--- a/apps/mosquitto/deployment.yaml
+++ b/apps/mosquitto/deployment.yaml
@@ -6,7 +6,6 @@ metadata:
    app: mosquitto
    release: mqtt
  name: mqtt-mosquitto
  namespace: default
 spec:
  replicas: 1
  selector:
@@ -63,7 +62,7 @@ spec:
          name: mosquitto-data
          subPath: mosquitto/data
      - name: mosquitto-exporter
-        image: cr.lan/mosquitto-exporter
+        image: cr.lan/mosquitto-exporter:arm64
        imagePullPolicy: Always
        ports:
        - containerPort: 9234
@@ -96,7 +95,6 @@ metadata:
    labels:
        app: mosquitto
        release: mqtt
    namespace: default
    name: mqtt-mosquitto
 spec:
    externalTrafficPolicy: Cluster
@@ -121,7 +119,6 @@ metadata:
    app: mosquitto
    release: mqtt
  name: mqtt-mosquitto
  namespace: default
 spec:
  accessModes:
  - ReadWriteOnce
@@ -135,7 +132,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
    name: mqtt-mosquitto
    namespace: default
    labels:
      app: mosquitto
      release: mqtt
--- a/apps/mosquitto/tekton-image-build-prometheus-exporter.yaml
+++ b/apps/mosquitto/tekton-image-build-prometheus-exporter.yaml
@@ -45,12 +45,13 @@ spec:
      script: |
        #!/usr/bin/env bash
        cd $(resources.inputs.source.path)
        ls -al
        export GOARCH=arm64 
        export GOPATH=/usr/src/gopath
        export GOCACHE=/usr/src/gocache
        go env
-        go get
+        go get github.com/sapcc/mosquitto-exporter
-        make -j4 build CGO_ENABLED=1
+        make -j4 build CGO_ENABLED=0
    - name: build-and-push
      image: gcr.io/kaniko-project/executor:arm64
      command:
--- a/apps/pihole-deployment.yaml
+++ b/apps/pihole-deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: pihole-password
-  namespace: default
+  namespace: live-env 
 type: Opaque
 data:
  password: YWRtaW4yMDIw
@@ -172,7 +172,7 @@ metadata:
  labels:
    app: pihole
  name: pihole-tcp
-  namespace: default
+  namespace: live-env 
 spec:
  type: LoadBalancer
  loadBalancerIP: 172.23.255.253
@@ -204,7 +204,7 @@ metadata:
  labels:
    app: pihole
  name: pihole-udp
-  namespace: default
+  namespace: live-env 
 spec:
  type: LoadBalancer
  loadBalancerIP: 172.23.255.253
--- a/apps/postgresql/postgresql-deploy.yaml
+++ b/apps/postgresql/postgresql-deploy.yaml
@@ -40,7 +40,7 @@ spec:
      volumes:
      - name: postgres-disk
        persistentVolumeClaim:
-          claimName: postgres
+          claimName: postgres-data
 #  volumeClaimTemplates:
 #  - metadata:
 #      name: postgres-disk
@@ -54,17 +54,37 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: postgres
+  name: postgres-data
  labels:
    app: postgres
 spec:
  storageClassName: nfs-ssd
  volumeName: postgres-data
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
-      storage: 20Mi
+      storage: 40Gi
-# service.yml
+---
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: postgres-data 
 spec:
  storageClassName: "nfs-ssd"
  nfs:
    path: /data/raid1-ssd/k8s-data/postgres-data
    server: ebin01
  capacity:
    storage: 40Gi
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  persistentVolumeReclaimPolicy: Retain
  claimRef:
    kind: PersistentVolumeClaim
    name: postgres-data
    namespace: live-env
 ---
 apiVersion: v1
 kind: Service
@@ -77,6 +97,7 @@ spec:
  selector:
    env: live
  type: LoadBalancer
  loadBalancerIP: 172.23.255.4
  ports:
  - port: 5432
    targetPort: 5432
Author	SHA1	Message	Date
Udo Waechter	aaaf6fa29f	building an debian-stable image	2021-02-22 13:08:48 +01:00
Udo Waechter	3538f407e8	mariadb and postgres and all of that	2021-02-20 22:40:49 +01:00