Init: PoC

k8s/app/memcached.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: memcached-deployment
+  namespace: rock
+  labels:
+    app: memcached
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: memcached
+  template:
+    metadata:
+      labels:
+        app: memcached
+    spec:
+      containers:
+      - name: memcached
+        image: memcached:alpine
+        ports:
+        - containerPort: 11211

k8s/app/mysql.yml

@@ -0,0 +1,50 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql-deployment
+  namespace: rock
+  labels:
+    app: mysql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      volumes:
+      - name: data-mysql
+        hostPath:
+          path: /rrr/data/mysql
+      - name: my-cnf
+        hostPath:
+          path: /rrr/config/rock/mysql/my.cnf
+      containers:
+      - name: mysql
+        image: mariadb:11.5
+        volumeMounts:
+          - name: data-mysql
+            mountPath: /var/lib/mysql
+          - name: my-cnf
+            mountPath: /etc/mysql/conf.d/override.cnf
+        env:
+        - name: MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
+          value: "true"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  namespace: rock
+spec:
+  selector:
+    app: mysql
+  ports:
+    - protocol: TCP
+      port: 3306
+      targetPort: 3306

k8s/app/nginx.yml

@@ -0,0 +1,73 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: rock
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      volumes:
+      - name: src-rock
+        hostPath:
+          path: /rrr/src/legacy_www/rock
+      - name: nginx-conf
+        hostPath:
+          path: /rrr/config/rock/nginx/site.conf
+      containers:
+      - name: nginx
+        image: nginx
+        volumeMounts:
+          - name: nginx-conf
+            mountPath: /etc/nginx/conf.d/site.conf
+          - name: src-rock
+            mountPath: /var/www/rock
+        ports:
+        - containerPort: 8080
+      - name: php
+        image: localhost:5001/php:5.3-2
+        volumeMounts:
+          - name: src-rock
+            mountPath: /var/www/rock
+        ports:
+        - containerPort: 9000
+        env:
+        - name: TZ
+          value: "Asia/Bangkok"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rock-php-fpm
+  namespace: rock
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 9000
+      targetPort: 9000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rock-http
+  namespace: rock
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080

k8s/app/phpmyadmin.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin
+  namespace: rock
+  labels:
+    app: pma
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pma
+  template:
+    metadata:
+      labels:
+        app: pma
+    spec:
+      containers:
+      - name: phpmyadmin
+        image: phpmyadmin:latest
+        ports:
+        - containerPort: 80
+        env:
+        - name: PMA_HOST
+          value: "mysql"

k8s/kind/kind-config.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /home/freddie/work/rrr/config
+        containerPath: /rrr/config
+      - hostPath: /home/freddie/work/rrr/data
+        containerPath: /rrr/data
+      - hostPath: /home/freddie/work/rrr/src
+        containerPath: /rrr/src

k8s/kind/setup.sh

@@ -0,0 +1,73 @@
+#!/bin/sh
+set -o errexit
+
+# 1. Create registry container unless it already exists
+reg_name='kind-registry'
+reg_port='5001'
+if [ "$(podman inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+  podman run \
+    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --network bridge --name "${reg_name}" \
+    registry:2
+fi
+
+# 2. Create kind cluster with containerd registry config dir enabled
+# TODO: kind will eventually enable this by default and this patch will
+# be unnecessary.
+#
+# See:
+# https://github.com/kubernetes-sigs/kind/issues/2875
+# https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
+# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
+cat <<EOF | kind create cluster --name=rock --config=-
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /home/freddie/work/rrr/config
+        containerPath: /rrr/config
+      - hostPath: /home/freddie/work/rrr/data
+        containerPath: /rrr/data
+      - hostPath: /home/freddie/work/rrr/src
+        containerPath: /rrr/src
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
+EOF
+
+# 3. Add the registry config to the nodes
+#
+# This is necessary because localhost resolves to loopback addresses that are
+# network-namespace local.
+# In other words: localhost in the container is not localhost on the host.
+#
+# We want a consistent name that works from both ends, so we tell containerd to
+# alias localhost:${reg_port} to the registry container when pulling images
+REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
+for node in $(kind get nodes --name rock); do
+  podman exec "${node}" mkdir -p "${REGISTRY_DIR}"
+  cat <<EOF | podman exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+[host."http://${reg_name}:5000"]
+EOF
+done
+
+# 4. Connect the registry to the cluster network if not already connected
+# This allows kind to bootstrap the network but ensures they're on the same network
+if [ "$(podman inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+  podman network connect "kind" "${reg_name}"
+fi
+
+# 5. Document the local registry
+# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: local-registry-hosting
+  namespace: kube-public
+data:
+  localRegistryHosting.v1: |
+    host: "localhost:${reg_port}"
+    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
+EOF