From be9329d313efb70090ffef335f6f42d25f206859 Mon Sep 17 00:00:00 2001 From: Henry Winkel Date: Wed, 15 Apr 2026 19:51:29 +0200 Subject: [PATCH] ADD: implement migration and backup configurations for Nextcloud with Longhorn support --- .../manifest/backup/mariadb-backup.yaml | 18 +++ .../manifest/config-migration-pod.yaml | 34 +++++ .../longhornmirgation/apps-migration-pod.yaml | 34 +++++ .../mariadb-longhorn-pvc.yaml | 12 ++ .../longhornmirgation/mariadb-restore.yaml | 24 +++ .../manifest/mariadb-deployment.yaml | 7 +- .../Nextcloud/manifest/mariadb-pv-pvc.yaml | 22 +-- .../manifest/nextcloud-apps-pvc-longhorn.yaml | 12 ++ .../nextcloud-config-pvc-longhorn.yaml | 12 ++ .../manifest/nextcloud-deployment.yaml | 11 +- .../Nextcloud/manifest/nextcloud-pv-pvc.yaml | 5 +- k3s/apps/gitLab/manifest/runner.yaml | 139 ++++++++++++++++++ k3s/apps/gitLab/manifest/secret.yaml | 4 + k3s/apps/gitLab/manifest/service.yaml | 8 +- k3s/apps/longhorn/storageClass.yaml | 11 ++ 15 files changed, 326 insertions(+), 27 deletions(-) create mode 100644 k3s/apps/Nextcloud/manifest/backup/mariadb-backup.yaml create mode 100644 k3s/apps/Nextcloud/manifest/config-migration-pod.yaml create mode 100644 k3s/apps/Nextcloud/manifest/longhornmirgation/apps-migration-pod.yaml create mode 100644 k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-longhorn-pvc.yaml create mode 100644 k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-restore.yaml create mode 100644 k3s/apps/Nextcloud/manifest/nextcloud-apps-pvc-longhorn.yaml create mode 100644 k3s/apps/Nextcloud/manifest/nextcloud-config-pvc-longhorn.yaml create mode 100644 k3s/apps/gitLab/manifest/runner.yaml create mode 100644 k3s/apps/longhorn/storageClass.yaml diff --git a/k3s/apps/Nextcloud/manifest/backup/mariadb-backup.yaml b/k3s/apps/Nextcloud/manifest/backup/mariadb-backup.yaml new file mode 100644 index 0000000..31d905a --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/backup/mariadb-backup.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mariadb-backup + namespace: nextcloud +spec: + nodeName: knode0 # <-- FIXED ON node0 + containers: + - name: backup + image: busybox + command: ["sleep", "3600"] + volumeMounts: + - name: old + mountPath: /old + volumes: + - name: old + persistentVolumeClaim: + claimName: nextcloud-mariadb-pvc \ No newline at end of file diff --git a/k3s/apps/Nextcloud/manifest/config-migration-pod.yaml b/k3s/apps/Nextcloud/manifest/config-migration-pod.yaml new file mode 100644 index 0000000..d552f11 --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/config-migration-pod.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Pod +metadata: + name: config-migration + namespace: nextcloud +spec: + volumes: + - name: old-config + persistentVolumeClaim: + claimName: nextcloud-config-pvc + - name: new-config + persistentVolumeClaim: + claimName: nextcloud-config-pvc-longhorn + containers: + - name: migrator + image: alpine:3.18 + volumeMounts: + - name: old-config + mountPath: /old + - name: new-config + mountPath: /new + command: ['sh'] + args: + - -c + - | + echo "Copying config data..." + if [ "$(ls -A /old)" ]; then + cp -rv /old/* /new/ 2>/dev/null || true + echo "Config migration completed" + else + echo "Old config is empty" + fi + sleep infinity + restartPolicy: Never diff --git a/k3s/apps/Nextcloud/manifest/longhornmirgation/apps-migration-pod.yaml b/k3s/apps/Nextcloud/manifest/longhornmirgation/apps-migration-pod.yaml new file mode 100644 index 0000000..c52bcf4 --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/longhornmirgation/apps-migration-pod.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Pod +metadata: + name: apps-migration + namespace: nextcloud +spec: + volumes: + - name: old-apps + persistentVolumeClaim: + claimName: nextcloud-apps-pvc + - name: new-apps + persistentVolumeClaim: + claimName: nextcloud-apps-pvc-longhorn + containers: + - name: migrator + image: alpine:3.18 + volumeMounts: + - name: old-apps + mountPath: /old + - name: new-apps + mountPath: /new + command: ['sh'] + args: + - -c + - | + echo "Copying apps data..." + if [ "$(ls -A /old)" ]; then + cp -rv /old/* /new/ 2>/dev/null || true + echo "Apps migration completed" + else + echo "Old apps is empty" + fi + sleep infinity + restartPolicy: Never diff --git a/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-longhorn-pvc.yaml b/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-longhorn-pvc.yaml new file mode 100644 index 0000000..cde6d8e --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-longhorn-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-mariadb-pvc-longhorn + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-restore.yaml b/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-restore.yaml new file mode 100644 index 0000000..c00d4c0 --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/longhornmirgation/mariadb-restore.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mariadb-restore + namespace: nextcloud +spec: + nodeName: knode0 + containers: + - name: restore + image: busybox + command: ["sleep", "3600"] + volumeMounts: + - name: new + mountPath: /new + - name: oldbackup + mountPath: /backup + volumes: + - name: new + persistentVolumeClaim: + claimName: nextcloud-mariadb-pvc-longhorn + - name: oldbackup + hostPath: + path: /var/lib/nextcloud/mariadb-backup + type: DirectoryOrCreate \ No newline at end of file diff --git a/k3s/apps/Nextcloud/manifest/mariadb-deployment.yaml b/k3s/apps/Nextcloud/manifest/mariadb-deployment.yaml index 2808824..27bdcce 100644 --- a/k3s/apps/Nextcloud/manifest/mariadb-deployment.yaml +++ b/k3s/apps/Nextcloud/manifest/mariadb-deployment.yaml @@ -28,6 +28,11 @@ spec: value: nextcloud ports: - containerPort: 3306 + readinessProbe: + tcpSocket: + port: 3306 + initialDelaySeconds: 5 + periodSeconds: 10 resources: requests: memory: "256Mi" @@ -41,4 +46,4 @@ spec: volumes: - name: mariadb-data persistentVolumeClaim: - claimName: nextcloud-mariadb-pvc \ No newline at end of file + claimName: nextcloud-mariadb-pvc-longhorn \ No newline at end of file diff --git a/k3s/apps/Nextcloud/manifest/mariadb-pv-pvc.yaml b/k3s/apps/Nextcloud/manifest/mariadb-pv-pvc.yaml index eb78c6c..2161e29 100644 --- a/k3s/apps/Nextcloud/manifest/mariadb-pv-pvc.yaml +++ b/k3s/apps/Nextcloud/manifest/mariadb-pv-pvc.yaml @@ -9,24 +9,4 @@ spec: resources: requests: storage: 10Gi - storageClassName: local-path # <-- explicit default StorageClass ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nextcloud-mariadb-pv - labels: - app: mariadb -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-path - claimRef: - namespace: nextcloud - name: nextcloud-mariadb-pvc - hostPath: - path: /var/lib/nextcloud/mariadb-data - type: DirectoryOrCreate + storageClassName: longhorn diff --git a/k3s/apps/Nextcloud/manifest/nextcloud-apps-pvc-longhorn.yaml b/k3s/apps/Nextcloud/manifest/nextcloud-apps-pvc-longhorn.yaml new file mode 100644 index 0000000..be29fd3 --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/nextcloud-apps-pvc-longhorn.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-apps-pvc-longhorn + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/k3s/apps/Nextcloud/manifest/nextcloud-config-pvc-longhorn.yaml b/k3s/apps/Nextcloud/manifest/nextcloud-config-pvc-longhorn.yaml new file mode 100644 index 0000000..2bd4991 --- /dev/null +++ b/k3s/apps/Nextcloud/manifest/nextcloud-config-pvc-longhorn.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-config-pvc-longhorn + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi diff --git a/k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml b/k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml index 87086c0..ca429df 100644 --- a/k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml +++ b/k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml @@ -16,12 +16,19 @@ spec: # fsGroup sorgt dafür, dass gemountete Volumes die Gruppe www-data (33) bekommen securityContext: fsGroup: 33 + # Auf knode0 zwingen (hat Kernel 6.1 mit NFS - Kompatibilität) + nodeSelector: + kubernetes.io/hostname: knode0 # hostAliases mappt die öffentliche Domain intern auf die Service-ClusterIP, # damit der Pod henryathome.home64.de direkt intern erreicht (vermeidet externe Loopback/Firewall/403) hostAliases: - ip: "10.43.107.87" hostnames: - "henryathome.home64.de" + initContainers: + - name: wait-for-mariadb + image: busybox:1.34 + command: ['sh', '-c', 'until nc -z mariadb.nextcloud.svc.cluster.local 3306; do echo waiting for mariadb; sleep 2; done;'] containers: - name: nextcloud image: nextcloud:33-apache @@ -73,7 +80,7 @@ spec: claimName: nextcloud-data-pvc - name: config persistentVolumeClaim: - claimName: nextcloud-config-pvc + claimName: nextcloud-config-pvc-longhorn - name: apps persistentVolumeClaim: - claimName: nextcloud-apps-pvc \ No newline at end of file + claimName: nextcloud-apps-pvc-longhorn \ No newline at end of file diff --git a/k3s/apps/Nextcloud/manifest/nextcloud-pv-pvc.yaml b/k3s/apps/Nextcloud/manifest/nextcloud-pv-pvc.yaml index 7e7b03c..86a4a74 100644 --- a/k3s/apps/Nextcloud/manifest/nextcloud-pv-pvc.yaml +++ b/k3s/apps/Nextcloud/manifest/nextcloud-pv-pvc.yaml @@ -10,10 +10,13 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs mountOptions: - - vers=4 + - vers=3 - rsize=65536 - wsize=65536 - noatime + - soft + - timeo=20 + - retrans=2 nfs: server: 192.168.178.186 # <-- ERSETZEN: IP oder Hostname deiner NAS path: /volume1/Nextcloud/data # <-- ERSETZEN: Pfad zum Share auf der NAS (z.B. /volume1/nextcloud) diff --git a/k3s/apps/gitLab/manifest/runner.yaml b/k3s/apps/gitLab/manifest/runner.yaml new file mode 100644 index 0000000..3e7c913 --- /dev/null +++ b/k3s/apps/gitLab/manifest/runner.yaml @@ -0,0 +1,139 @@ +# ─── ServiceAccount ─────────────────────────────────────────────── +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitlab-runner + namespace: gitlab + +--- +# ─── Role ───────────────────────────────────────────────────────── +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gitlab-runner + namespace: gitlab +rules: + - apiGroups: [""] + resources: ["pods", "pods/exec", "pods/attach", "pods/log", "secrets", "configmaps", "services"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + +--- +# ─── RoleBinding ────────────────────────────────────────────────── +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gitlab-runner + namespace: gitlab +subjects: + - kind: ServiceAccount + name: gitlab-runner + namespace: gitlab +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: gitlab-runner + +--- +# ─── Secret (Runner Authentication Token, GitLab 16+) ──────────── +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-runner-secret + namespace: gitlab +type: Opaque +stringData: + runner-token: "glrt-3nNma_nEvL1Bq2zc8m5Zu286MQpwOjIKdDozCnU6MTAQ.01.181jg6jja" + +--- +# ─── ConfigMap (config.toml) ────────────────────────────────────── +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitlab-runner-config + namespace: gitlab +data: + config.toml: | + concurrent = 4 + check_interval = 10 + log_level = "info" + + [session_server] + session_timeout = 1800 + +--- +# ─── Deployment ─────────────────────────────────────────────────── +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitlab-runner + namespace: gitlab + labels: + app: gitlab-runner +spec: + replicas: 1 + selector: + matchLabels: + app: gitlab-runner + template: + metadata: + labels: + app: gitlab-runner + spec: + serviceAccountName: gitlab-runner + + initContainers: + - name: register-runner + image: gitlab/gitlab-runner:latest + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + gitlab-runner register \ + --non-interactive \ + --url "$CI_SERVER_URL" \ + --token "$RUNNER_TOKEN" \ + --executor kubernetes \ + --kubernetes-namespace gitlab \ + --kubernetes-service-account gitlab-runner \ + --kubernetes-pull-policy if-not-present \ + --kubernetes-privileged true \ + --output-limit 4096 \ + --kubernetes-cpu-request "100m" \ + --kubernetes-cpu-limit "500m" \ + --kubernetes-memory-request "256Mi" \ + --kubernetes-memory-limit "4Gi" + env: + - name: CI_SERVER_URL + value: "https://gitlab.henryathome.home64.de" + - name: RUNNER_TOKEN + valueFrom: + secretKeyRef: + name: gitlab-runner-secret + key: runner-token + volumeMounts: + - name: runner-config + mountPath: /etc/gitlab-runner + + containers: + - name: gitlab-runner + image: gitlab/gitlab-runner:latest + imagePullPolicy: IfNotPresent + command: ["gitlab-runner", "run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"] + env: + - name: CI_SERVER_URL + value: "https://gitlab.henryathome.home64.de" + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "1000m" + volumeMounts: + - name: runner-config + mountPath: /etc/gitlab-runner + + volumes: + - name: runner-config + emptyDir: {} diff --git a/k3s/apps/gitLab/manifest/secret.yaml b/k3s/apps/gitLab/manifest/secret.yaml index 7b8712e..af31665 100644 --- a/k3s/apps/gitLab/manifest/secret.yaml +++ b/k3s/apps/gitLab/manifest/secret.yaml @@ -18,6 +18,10 @@ stringData: } prometheus_monitoring['enable'] = false + registry_external_url 'https://registry.henryathome.home64.de' + registry_nginx['listen_port'] = 5050 + registry_nginx['listen_https'] = false + # Authentik SSO (OpenID Connect) gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect'] diff --git a/k3s/apps/gitLab/manifest/service.yaml b/k3s/apps/gitLab/manifest/service.yaml index a8b2171..9254545 100644 --- a/k3s/apps/gitLab/manifest/service.yaml +++ b/k3s/apps/gitLab/manifest/service.yaml @@ -17,9 +17,13 @@ spec: targetPort: 443 nodePort: 31443 - name: ssh - port: 31022 - targetPort: 31022 + port: 22 + targetPort: 22 nodePort: 31022 + - name: registry + port: 5050 + targetPort: 5050 + nodePort: 31050 type: NodePort # --- diff --git a/k3s/apps/longhorn/storageClass.yaml b/k3s/apps/longhorn/storageClass.yaml new file mode 100644 index 0000000..60f7b43 --- /dev/null +++ b/k3s/apps/longhorn/storageClass.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: longhorn-2replicas +provisioner: driver.longhorn.io +parameters: + numberOfReplicas: "2" + staleReplicaTimeout: "30" +reclaimPolicy: Delete +volumeBindingMode: Immediate +allowVolumeExpansion: true \ No newline at end of file