feat: add MariaDB operator and backup configurations

kubernetes/main/apps/storage/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
   - ./cloudnative-pg/ks.yaml
   - ./dragonfly/ks.yaml
   - ./emqx/ks.yaml
+  - ./mariadb/ks.yaml
   - ./minio/ks.yaml
   - ./percona/ks.yaml
   - ./snapshot-controller/ks.yaml

kubernetes/main/apps/storage/mariadb/cluster/backup.yaml

@@ -0,0 +1,78 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-backup
+spec:
+  mariaDbRef:
+    name: mariadb
+  timeZone: "Europe/Lisbon"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  stagingStorage:
+    persistentVolumeClaim:
+      storageClassName: openebs-hostpath
+      resources:
+        requests:
+          storage: 6Gi
+      accessModes:
+        - ReadWriteOnce
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
+  storage:
+    s3:
+      endpoint: s3.rafaribe.com
+      bucket: mariadb
+      prefix: full/
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-pterodactyl-backup
+  namespace: database
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  timeZone: "Europe/Lisbon"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  stagingStorage:
+    persistentVolumeClaim:
+      storageClassName: openebs-hostpath
+      resources:
+        requests:
+          storage: 6Gi
+      accessModes:
+        - ReadWriteOnce
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
+  databases:
+    - pterodactyl
+  storage:
+    s3:
+      endpoint: s3.rafaribe.com
+      bucket: mariadb
+      prefix: pterodactyl/
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY

kubernetes/main/apps/storage/mariadb/cluster/externalsecret.yaml

@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name mariadb
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: akeyless-secret-store
+  target:
+    name: mariadb-secret
+    template:
+      engineVersion: v2
+      data:
+        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"
+  dataFrom:
+    - extract:
+        key: /minio

kubernetes/main/apps/storage/mariadb/cluster/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./backup.yaml
+  - ./externalsecret.yaml
+  - ./mariadb.yaml

kubernetes/main/apps/storage/mariadb/cluster/mariadb.yaml

@@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/mariadb_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: &name mariadb
+spec:
+  # renovate: datasource=docker depName=docker.io/library/mariadb
+  image: docker.io/library/mariadb:11.6.2
+  replicas: 3
+  storage:
+    size: 5Gi
+    storageClassName: openebs-hostpath
+  # bootstrapFrom:
+  #   backupRef:
+  #     name: mariadb-backup
+  nodeSelector:
+    kubernetes.io/arch: amd64
+  maxScale:
+    enabled: true
+    kubernetesService:
+      type: LoadBalancer
+      metadata:
+        annotations:
+          io.cilium/lb-ipam-ips: ${LB_MARIADB_OPERATOR_MAXSCALE} 
+    connection:
+      secretName: mxs-connection
+      port: 3306
+  galera:
+    enabled: true
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
+  service:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        io.cilium/lb-ipam-ips: ${LB_MARIADB_OPERATOR_SCALE} 

kubernetes/main/apps/storage/mariadb/cluster/restore.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/restore_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Restore
+metadata:
+  name: restore
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  backupRef:
+    name: mariadb-backup
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch

kubernetes/main/apps/storage/mariadb/crds/helmrelease.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator-crds
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator-crds
+      version: 0.36.0
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+      interval: 5m

kubernetes/main/apps/storage/mariadb/crds/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml

kubernetes/main/apps/storage/mariadb/ks.yaml

@@ -0,0 +1,64 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-operator
+  namespace: flux-system
+spec:
+  targetNamespace: storage
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/storage/mariadb/operator
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-operator-crds
+  namespace: flux-system
+spec:
+  targetNamespace: storage
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/storage/mariadb/crds
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: storage
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/storage/mariadb/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: true
+  interval: 30m
+  timeout: 5m

kubernetes/main/apps/storage/mariadb/operator/helmrelease.yaml

@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator
+      version: 0.36.0
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+      interval: 5m
+  values:
+    logLevel: debug
+    image:
+      repository: ghcr.io/mariadb-operator/mariadb-operator
+      pullPolicy: IfNotPresent
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    webhook:
+      certificate:
+        certManager: true
+      serviceMonitor:
+        enabled: true

kubernetes/main/apps/storage/mariadb/operator/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml

kubernetes/shared/repos/helm/kustomization.yaml

@@ -42,6 +42,7 @@ resources:
   - ./kyverno.yaml
   - ./k8stz.yaml
   - ./lwolf.yaml
+  - ./mariadb-operator.yaml
   - ./mayastor-chart.yaml
   - ./metallb.yaml
   - ./mojo2600.yaml

kubernetes/shared/repos/helm/mariadb-operator.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://mariadb-operator.github.io/mariadb-operator

kubernetes/shared/settings/cluster-settings.yaml

@@ -20,6 +20,8 @@ data:
   LB_BLOCKY: 10.0.1.110
   LB_PLEX: 10.0.1.111
   LB_SYNCTHING: 10.0.1.112
+  LB_MARIADB_OPERATOR_MAXSCALE: 10.0.1.113
+  LB_MARIADB_OPERATOR_SCALE: 10.0.1.114
   # Utility IP Range 10.0.1.121 - 10.0.1.130
   LB_NGINX_INTERNAL_UTILITY: 10.0.1.121
   LB_NGINX_EXTERNAL_UTILITY: 10.0.1.122