mariadb

prepare

k8s is ready
argocd is ready and logged in
(optional) ingress is ready
- only required by phpmyadmin in the tests
(optional) cert-manager is ready
- the clusterissuer named self-signed-ca-issuer is ready
- only required by phpmyadmin in the tests
(optional) kube-prometheus-stack is ready
- only required by with-metrics feature
- the kube-prometheus-stack is installed in the monitor namespace
- the serviceMonitorNamespaceSelector is {}
- the matchLabels of serviceMonitorSelector is release: kube-prometheus-stack
- grafana is exposed by ingress
  - https://grafana.dev.geekcity.tech:32443/

installation

prepare mariadb.yaml

simple

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: mariadb
spec:
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: mariadb
    targetRevision: 16.3.2
    helm:
      releaseName: mariadb
      values: |
        architecture: standalone
        auth:
          database: geekcity
          username: ben.wangz
          existingSecret: mariadb-credentials
        primary:
          extraFlags: "--character-set-server=utf8mb4 --collation-server=utf8mb4_bin"
          persistence:
            enabled: false
        secondary:
          replicaCount: 1
          persistence:
            enabled: false
        image:
          registry: docker.io
          pullPolicy: IfNotPresent
        volumePermissions:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
        metrics:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
  destination:
    server: https://kubernetes.default.svc
    namespace: database

with-metrics

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: mariadb
spec:
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: mariadb
    targetRevision: 16.3.2
    helm:
      releaseName: mariadb
      values: |
        architecture: standalone
        auth:
          database: geekcity
          username: ben.wangz
          existingSecret: mariadb-credentials
        primary:
          extraFlags: "--character-set-server=utf8mb4 --collation-server=utf8mb4_bin"
          persistence:
            enabled: false
        secondary:
          replicaCount: 1
          persistence:
            enabled: false
        image:
          registry: docker.io
          pullPolicy: IfNotPresent
        volumePermissions:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
        metrics:
          enabled: true
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
          annotations:
            prometheus.io/scrape: "true"
            prometheus.io/port: "9104"
          serviceMonitor:
            enabled: true
            namespace: monitor
            jobLabel: mariadb
            interval: 30s
            labels:
              release: kube-prometheus-stack
          prometheusRule:
            enabled: true
            namespace: monitor
            additionalLabels:
              release: kube-prometheus-stack
            rules:
            - alert: MariaDB-Down
              expr: absent(up{job="mariadb"} == 1)
              for: 5m
              labels:
                severity: warning
                service: mariadb
              annotations:
                summary: MariaDB instance is down
                message: 'MariaDB instance {{ `{{` }} $labels.instance {{ `}}` }} is down'
  destination:
    server: https://kubernetes.default.svc
    namespace: database

prepare credentials secret

kubectl get namespaces database > /dev/null 2>&1 || kubectl create namespace database
kubectl -n database create secret generic mariadb-credentials \
    --from-literal=mariadb-root-password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16) \
    --from-literal=mariadb-replication-password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16) \
    --from-literal=mariadb-password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)

apply to k8s

kubectl -n argocd apply -f mariadb.yaml

sync by argocd
- ```
argocd app sync argocd/mariadb
```

expose interface

prepare mariadb-expose.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: mariadb
  name: mariadb-expose
spec:
  ports:
  - name: mysql
    port: 3306
    protocol: TCP
    targetPort: mysql
    nodePort: 32306
  selector:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: mariadb
    app.kubernetes.io/name: mariadb
  type: NodePort

apply to k8s

kubectl -n database apply -f mariadb-expose.yaml

tests with cli

with root user

ROOT_PASSWORD=$(kubectl -n database get secret mariadb-credentials -o jsonpath='{.data.mariadb-root-password}' | base64 -d)
podman run --rm \
    -e MYSQL_PWD=${ROOT_PASSWORD} \
    -it docker.io/library/mariadb:11.2.2-jammy \
    mariadb \
    --host host.containers.internal \
    --port 32306 \
    --user root \
    --database mysql \
    --execute 'show databases'

with normal user

PASSWORD=$(kubectl -n database get secret mariadb-credentials -o jsonpath='{.data.mariadb-password}' | base64 -d)
podman run --rm \
    -e MYSQL_PWD=${PASSWORD} \
    -it docker.io/library/mariadb:11.2.2-jammy \
    mariadb \
    --host host.containers.internal \
    --port 32306 \
    --user ben.wangz \
    --database geekcity \
    --execute 'show databases'

test with phpmyadmin

prepare phpmyadmin.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: phpmyadmin
spec:
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: phpmyadmin
    targetRevision: 14.5.2
    helm:
      releaseName: phpmyadmin
      values: |
        image:
          registry: docker.io
          pullPolicy: IfNotPresent
        replicas: 1
        ingress:
          enabled: true
          annotations:
            cert-manager.io/cluster-issuer: self-signed-ca-issuer
            nginx.ingress.kubernetes.io/rewrite-target: /$1
          hostname: phpmyadmin.dev.geekcity.tech
          ingressClassName: nginx
          path: /?(.*)
          tls: true
        metrics:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
  destination:
    server: https://kubernetes.default.svc
    namespace: database

apply to k8s

kubectl -n argocd apply -f phpmyadmin.yaml

sync by argocd
- ```
argocd app sync argocd/phpmyadmin
```
open with browser: https://phpmyadmin.dev.geekcity.tech:32443
- phpmyadmin.dev.geekcity.tech should be resolved to nginx-ingress
  - for example, add $K8S_MASTER_IP phpmyadmin.dev.geekcity.tech to /etc/hosts

server: mariadb.database:3306

username: root

password

kubectl -n database get secret mariadb-credentials -o jsonpath='{.data.mariadb-root-password}' | base64 -d

username: ben.wangz

password

kubectl -n database get secret mariadb-credentials -o jsonpath='{.data.mariadb-password}' | base64 -d

dashboard from grafana

only for with-metrics feature
open with browser and login grafana
import dashboard
- https://grafana.dev.geekcity.tech:32443/dashboard/import
- import dashboard with uid 14057