henry/HomeLabScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ADD: implement migration and backup configurations for Nextcloud with Longhorn support

Browse Source
This commit is contained in:
henry
2026-04-15 19:51:29 +02:00
parent 2ea9f3973f
commit be9329d313
15 changed files with 326 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
k3s/apps/Nextcloud/manifest/backup/mariadb-backup.yaml
+18
View File
@@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: mariadb-backup
namespace: nextcloud
spec:
nodeName: knode0 # <-- FIXED ON node0
containers:
- name: backup
image: busybox
command: ["sleep", "3600"]
volumeMounts:
- name: old
mountPath: /old
volumes:
- name: old
persistentVolumeClaim:
claimName: nextcloud-mariadb-pvc
k3s/apps/Nextcloud/manifest/config-migration-pod.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: v1
kind: Pod
metadata:
name: config-migration
namespace: nextcloud
spec:
volumes:
- name: old-config
persistentVolumeClaim:
claimName: nextcloud-config-pvc
- name: new-config
persistentVolumeClaim:
claimName: nextcloud-config-pvc-longhorn
containers:
- name: migrator
image: alpine:3.18
volumeMounts:
- name: old-config
mountPath: /old
- name: new-config
mountPath: /new
command: ['sh']
args:
- -c
- |
echo "Copying config data..."
if [ "$(ls -A /old)" ]; then
cp -rv /old/* /new/ 2>/dev/null || true
echo "Config migration completed"
else
echo "Old config is empty"
fi
sleep infinity
restartPolicy: Never
k3s/apps/Nextcloud/manifest/longhornmirgation/apps-migration-pod.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: v1
kind: Pod
metadata:
name: apps-migration
namespace: nextcloud
spec:
volumes:
- name: old-apps
persistentVolumeClaim:
claimName: nextcloud-apps-pvc
- name: new-apps
persistentVolumeClaim:
claimName: nextcloud-apps-pvc-longhorn
containers:
- name: migrator
image: alpine:3.18
volumeMounts:
- name: old-apps
mountPath: /old
- name: new-apps
mountPath: /new
command: ['sh']
args:
- -c
- |
echo "Copying apps data..."
if [ "$(ls -A /old)" ]; then
cp -rv /old/* /new/ 2>/dev/null || true
echo "Apps migration completed"
else
echo "Old apps is empty"
fi
sleep infinity
restartPolicy: Never
k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-longhorn-pvc.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-mariadb-pvc-longhorn
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 10Gi
k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-restore.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: v1
kind: Pod
metadata:
name: mariadb-restore
namespace: nextcloud
spec:
nodeName: knode0
containers:
- name: restore
image: busybox
command: ["sleep", "3600"]
volumeMounts:
- name: new
mountPath: /new
- name: oldbackup
mountPath: /backup
volumes:
- name: new
persistentVolumeClaim:
claimName: nextcloud-mariadb-pvc-longhorn
- name: oldbackup
hostPath:
path: /var/lib/nextcloud/mariadb-backup
type: DirectoryOrCreate
k3s/apps/Nextcloud/manifest/mariadb-deployment.yaml
+6 -1
View File
@@ -28,6 +28,11 @@ spec:
value: nextcloud
ports:
- containerPort: 3306
readinessProbe:
tcpSocket:
port: 3306
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
memory: "256Mi"
@@ -41,4 +46,4 @@ spec:
volumes:
- name: mariadb-data
persistentVolumeClaim:
claimName: nextcloud-mariadb-pvc
claimName: nextcloud-mariadb-pvc-longhorn
k3s/apps/Nextcloud/manifest/mariadb-pv-pvc.yaml
+1 -21
View File
@@ -9,24 +9,4 @@ spec:
resources:
requests:
storage: 10Gi
storageClassName: local-path # <-- explicit default StorageClass
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nextcloud-mariadb-pv
labels:
app: mariadb
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-path
claimRef:
namespace: nextcloud
name: nextcloud-mariadb-pvc
hostPath:
path: /var/lib/nextcloud/mariadb-data
type: DirectoryOrCreate
storageClassName: longhorn
k3s/apps/Nextcloud/manifest/nextcloud-apps-pvc-longhorn.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-apps-pvc-longhorn
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi
k3s/apps/Nextcloud/manifest/nextcloud-config-pvc-longhorn.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-config-pvc-longhorn
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 5Gi
k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml
+9 -2
View File
@@ -16,12 +16,19 @@ spec:
# fsGroup sorgt dafür, dass gemountete Volumes die Gruppe www-data (33) bekommen
securityContext:
fsGroup: 33
# Auf knode0 zwingen (hat Kernel 6.1 mit NFS - Kompatibilität)
nodeSelector:
kubernetes.io/hostname: knode0
# hostAliases mappt die öffentliche Domain intern auf die Service-ClusterIP,
# damit der Pod henryathome.home64.de direkt intern erreicht (vermeidet externe Loopback/Firewall/403)
hostAliases:
- ip: "10.43.107.87"
hostnames:
- "henryathome.home64.de"
initContainers:
- name: wait-for-mariadb
image: busybox:1.34
command: ['sh', '-c', 'until nc -z mariadb.nextcloud.svc.cluster.local 3306; do echo waiting for mariadb; sleep 2; done;']
containers:
- name: nextcloud
image: nextcloud:33-apache
@@ -73,7 +80,7 @@ spec:
claimName: nextcloud-data-pvc
- name: config
persistentVolumeClaim:
claimName: nextcloud-config-pvc
claimName: nextcloud-config-pvc-longhorn
- name: apps
persistentVolumeClaim:
claimName: nextcloud-apps-pvc
claimName: nextcloud-apps-pvc-longhorn
k3s/apps/Nextcloud/manifest/nextcloud-pv-pvc.yaml
+4 -1
View File
@@ -10,10 +10,13 @@ spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
mountOptions:
- vers=4
- vers=3
- rsize=65536
- wsize=65536
- noatime
- soft
- timeo=20
- retrans=2
nfs:
server: 192.168.178.186 # <-- ERSETZEN: IP oder Hostname deiner NAS
path: /volume1/Nextcloud/data # <-- ERSETZEN: Pfad zum Share auf der NAS (z.B. /volume1/nextcloud)
k3s/apps/gitLab/manifest/runner.yaml
+139
View File
@@ -0,0 +1,139 @@
# ─── ServiceAccount ───────────────────────────────────────────────
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-runner
namespace: gitlab
---
# ─── Role ─────────────────────────────────────────────────────────
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitlab-runner
namespace: gitlab
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/attach", "pods/log", "secrets", "configmaps", "services"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
---
# ─── RoleBinding ──────────────────────────────────────────────────
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitlab-runner
namespace: gitlab
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: gitlab
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: gitlab-runner
---
# ─── Secret (Runner Authentication Token, GitLab 16+) ────────────
apiVersion: v1
kind: Secret
metadata:
name: gitlab-runner-secret
namespace: gitlab
type: Opaque
stringData:
runner-token: "glrt-3nNma_nEvL1Bq2zc8m5Zu286MQpwOjIKdDozCnU6MTAQ.01.181jg6jja"
---
# ─── ConfigMap (config.toml) ──────────────────────────────────────
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-runner-config
namespace: gitlab
data:
config.toml: |
concurrent = 4
check_interval = 10
log_level = "info"
[session_server]
session_timeout = 1800
---
# ─── Deployment ───────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitlab-runner
namespace: gitlab
labels:
app: gitlab-runner
spec:
replicas: 1
selector:
matchLabels:
app: gitlab-runner
template:
metadata:
labels:
app: gitlab-runner
spec:
serviceAccountName: gitlab-runner
initContainers:
- name: register-runner
image: gitlab/gitlab-runner:latest
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
gitlab-runner register \
--non-interactive \
--url "$CI_SERVER_URL" \
--token "$RUNNER_TOKEN" \
--executor kubernetes \
--kubernetes-namespace gitlab \
--kubernetes-service-account gitlab-runner \
--kubernetes-pull-policy if-not-present \
--kubernetes-privileged true \
--output-limit 4096 \
--kubernetes-cpu-request "100m" \
--kubernetes-cpu-limit "500m" \
--kubernetes-memory-request "256Mi" \
--kubernetes-memory-limit "4Gi"
env:
- name: CI_SERVER_URL
value: "https://gitlab.henryathome.home64.de"
- name: RUNNER_TOKEN
valueFrom:
secretKeyRef:
name: gitlab-runner-secret
key: runner-token
volumeMounts:
- name: runner-config
mountPath: /etc/gitlab-runner
containers:
- name: gitlab-runner
image: gitlab/gitlab-runner:latest
imagePullPolicy: IfNotPresent
command: ["gitlab-runner", "run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]
env:
- name: CI_SERVER_URL
value: "https://gitlab.henryathome.home64.de"
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "1000m"
volumeMounts:
- name: runner-config
mountPath: /etc/gitlab-runner
volumes:
- name: runner-config
emptyDir: {}
k3s/apps/gitLab/manifest/secret.yaml
+4
View File
@@ -18,6 +18,10 @@ stringData:
}
prometheus_monitoring['enable'] = false
registry_external_url 'https://registry.henryathome.home64.de'
registry_nginx['listen_port'] = 5050
registry_nginx['listen_https'] = false
# Authentik SSO (OpenID Connect)
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
k3s/apps/gitLab/manifest/service.yaml
+6 -2
View File
@@ -17,9 +17,13 @@ spec:
targetPort: 443
nodePort: 31443
- name: ssh
port: 31022
targetPort: 31022
port: 22
targetPort: 22
nodePort: 31022
- name: registry
port: 5050
targetPort: 5050
nodePort: 31050
type: NodePort
# ---
k3s/apps/longhorn/storageClass.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn-2replicas
provisioner: driver.longhorn.io
parameters:
numberOfReplicas: "2"
staleReplicaTimeout: "30"
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true