Init: PoC

config/rock/mysql/my.cnf

@@ -0,0 +1,21 @@
+[mariadb]
+innodb_buffer_pool_size=4G
+sort_buffer_size = 12M
+read_buffer_size = 12M
+join_buffer_size = 16M
+mrr_buffer_size = 16M
+read_rnd_buffer_size = 16M
+sort_buffer_size = 128M
+net_buffer_length = 8K
+myisam_sort_buffer_size = 12M
+key_buffer_size = 1G
+tmp_table_size = 64M
+max_connections = 10
+thread_pool_size=4
+log-error
+sql-mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
+explicit-defaults-for-timestamp
+
+max_allowed_packet = 16M
+
+net_buffer_length = 1M

config/rock/nginx/site.conf

@@ -0,0 +1,18 @@
+server {
+    listen 8080 default;
+    index index.php index.html;
+    server_name rock.ru;
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log;
+    root /var/www/rock;
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass rock-php-fpm:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+}

k8s/app/memcached.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: memcached-deployment
+  namespace: rock
+  labels:
+    app: memcached
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: memcached
+  template:
+    metadata:
+      labels:
+        app: memcached
+    spec:
+      containers:
+      - name: memcached
+        image: memcached:alpine
+        ports:
+        - containerPort: 11211

k8s/app/mysql.yml

@@ -0,0 +1,50 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql-deployment
+  namespace: rock
+  labels:
+    app: mysql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      volumes:
+      - name: data-mysql
+        hostPath:
+          path: /rrr/data/mysql
+      - name: my-cnf
+        hostPath:
+          path: /rrr/config/rock/mysql/my.cnf
+      containers:
+      - name: mysql
+        image: mariadb:11.5
+        volumeMounts:
+          - name: data-mysql
+            mountPath: /var/lib/mysql
+          - name: my-cnf
+            mountPath: /etc/mysql/conf.d/override.cnf
+        env:
+        - name: MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
+          value: "true"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  namespace: rock
+spec:
+  selector:
+    app: mysql
+  ports:
+    - protocol: TCP
+      port: 3306
+      targetPort: 3306

k8s/app/nginx.yml

@@ -0,0 +1,73 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: rock
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      volumes:
+      - name: src-rock
+        hostPath:
+          path: /rrr/src/legacy_www/rock
+      - name: nginx-conf
+        hostPath:
+          path: /rrr/config/rock/nginx/site.conf
+      containers:
+      - name: nginx
+        image: nginx
+        volumeMounts:
+          - name: nginx-conf
+            mountPath: /etc/nginx/conf.d/site.conf
+          - name: src-rock
+            mountPath: /var/www/rock
+        ports:
+        - containerPort: 8080
+      - name: php
+        image: localhost:5001/php:5.3-2
+        volumeMounts:
+          - name: src-rock
+            mountPath: /var/www/rock
+        ports:
+        - containerPort: 9000
+        env:
+        - name: TZ
+          value: "Asia/Bangkok"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rock-php-fpm
+  namespace: rock
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 9000
+      targetPort: 9000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rock-http
+  namespace: rock
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080

k8s/app/phpmyadmin.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin
+  namespace: rock
+  labels:
+    app: pma
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pma
+  template:
+    metadata:
+      labels:
+        app: pma
+    spec:
+      containers:
+      - name: phpmyadmin
+        image: phpmyadmin:latest
+        ports:
+        - containerPort: 80
+        env:
+        - name: PMA_HOST
+          value: "mysql"

k8s/kind/kind-config.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /home/freddie/work/rrr/config
+        containerPath: /rrr/config
+      - hostPath: /home/freddie/work/rrr/data
+        containerPath: /rrr/data
+      - hostPath: /home/freddie/work/rrr/src
+        containerPath: /rrr/src

k8s/kind/setup.sh

@@ -0,0 +1,73 @@
+#!/bin/sh
+set -o errexit
+
+# 1. Create registry container unless it already exists
+reg_name='kind-registry'
+reg_port='5001'
+if [ "$(podman inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
+  podman run \
+    -d --restart=always -p "127.0.0.1:${reg_port}:5000" --network bridge --name "${reg_name}" \
+    registry:2
+fi
+
+# 2. Create kind cluster with containerd registry config dir enabled
+# TODO: kind will eventually enable this by default and this patch will
+# be unnecessary.
+#
+# See:
+# https://github.com/kubernetes-sigs/kind/issues/2875
+# https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
+# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
+cat <<EOF | kind create cluster --name=rock --config=-
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /home/freddie/work/rrr/config
+        containerPath: /rrr/config
+      - hostPath: /home/freddie/work/rrr/data
+        containerPath: /rrr/data
+      - hostPath: /home/freddie/work/rrr/src
+        containerPath: /rrr/src
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
+EOF
+
+# 3. Add the registry config to the nodes
+#
+# This is necessary because localhost resolves to loopback addresses that are
+# network-namespace local.
+# In other words: localhost in the container is not localhost on the host.
+#
+# We want a consistent name that works from both ends, so we tell containerd to
+# alias localhost:${reg_port} to the registry container when pulling images
+REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
+for node in $(kind get nodes --name rock); do
+  podman exec "${node}" mkdir -p "${REGISTRY_DIR}"
+  cat <<EOF | podman exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+[host."http://${reg_name}:5000"]
+EOF
+done
+
+# 4. Connect the registry to the cluster network if not already connected
+# This allows kind to bootstrap the network but ensures they're on the same network
+if [ "$(podman inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
+  podman network connect "kind" "${reg_name}"
+fi
+
+# 5. Document the local registry
+# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: local-registry-hosting
+  namespace: kube-public
+data:
+  localRegistryHosting.v1: |
+    host: "localhost:${reg_port}"
+    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
+EOF