lsst-it · dtapiacl · May 7, 2025
diff --git a/fleet/lib/metallb-conf/overlays/luan/ipaddresspool-openvpndb.yaml b/fleet/lib/metallb-conf/overlays/luan/ipaddresspool-openvpndb.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  addresses:
+  - 139.229.135.51/32
+  autoAssign: false
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - openvpndb
diff --git a/fleet/lib/metallb-conf/overlays/pillan/ipaddresspool-openvpndb.yaml b/fleet/lib/metallb-conf/overlays/pillan/ipaddresspool-openvpndb.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  addresses:
+  - 140.252.146.45/32
+  autoAssign: false
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - openvpndb
diff --git a/fleet/lib/metallb-conf/overlays/ruka/ipaddresspool-openvpndb.yaml b/fleet/lib/metallb-conf/overlays/ruka/ipaddresspool-openvpndb.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  addresses:
+  - 139.229.134.140/32
+  autoAssign: false
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - openvpndb
diff --git a/fleet/lib/metallb-conf/overlays/yepun/ipaddresspool-openvpndb.yaml b/fleet/lib/metallb-conf/overlays/yepun/ipaddresspool-openvpndb.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  addresses:
+  - 139.229.160.84/32
+  autoAssign: false
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: openvpndb
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - openvpndb
diff --git a/fleet/lib/openvpn-db-pre/base/external-secret-dockerhub.yaml b/fleet/lib/openvpn-db-pre/base/external-secret-dockerhub.yaml
@@ -0,0 +1,34 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: dockerhub-secret
+  namespace: openvpn-db
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  target:
+    name: dockerhub-secret
+    creationPolicy: Owner
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: |
+          {
+            "auths": {
+              "docker.io": {
+                "username": "{{ .dockerhub_username }}",
+                "password": "{{ .dockerhub_token }}",
+                "auth": "{{ printf "%s:%s" .dockerhub_username .dockerhub_token | b64enc }}"
+              }
+            }
+          }
+  data:
+    - secretKey: dockerhub_username
+      remoteRef:
+        key: lsstitadmin-docker-hub
+        property: username
+    - secretKey: dockerhub_token
+      remoteRef:
+        key: lsstitadmin-docker-hub
+        property: docker hub api token
diff --git a/fleet/lib/openvpn-db-pre/base/external-secret-openvpndb.yaml b/fleet/lib/openvpn-db-pre/base/external-secret-openvpndb.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mariadb-secrets
+  namespace: openvpn-db
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  target:
+    name: mariadb-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: mariadb-root-password
+      remoteRef:
+        key: openvpn-mariadb-credentials
+        property: mariadb-root-password
+    - secretKey: mariadb-replication-password
+      remoteRef:
+        key: openvpn-mariadb-credentials
+        property: mariadb-replication-password
diff --git a/fleet/lib/openvpn-db-pre/base/kustomization.yaml b/fleet/lib/openvpn-db-pre/base/kustomization.yaml
@@ -0,0 +1,4 @@
+---
+resources:
+- external-secret-openvpndb.yaml
+- external-secret-dockerhub.yaml
diff --git a/fleet/lib/openvpn-db-pre/fleet.yaml b/fleet/lib/openvpn-db-pre/fleet.yaml
@@ -0,0 +1,7 @@
+---
+defaultNamespace: openvpn-db
+labels:
+  bundle: openvpn-db-pre
+name: openvpn-db-pre
+kustomize:
+  dir: base
diff --git a/fleet/lib/openvpn-db/fleet.yaml b/fleet/lib/openvpn-db/fleet.yaml
@@ -0,0 +1,37 @@
+---
+defaultNamespace: &name openvpn-db
+labels:
+  bundle: *name
+dependsOn:
+  - name: openvpn-db-pre
+    namespace: openvpn-db
+helm:
+  chart: oci://registry-1.docker.io/bitnamicharts/mariadb
+  releaseName: mariadb
+  version: 20.5.3
+  takeOwnership: true
+  timeoutSeconds: 300
+  waitForJobs: true
+  valuesFiles:
+    - values.yaml
+targetCustomizations:
+  - name: ruka
+    clusterName: ruka
+    helm:
+      valuesFiles:
+        - overlays/ruka/values.yaml
+  - name: yepun
+    clusterName: yepun
+    helm:
+      valuesFiles:
+        - overlays/yepun/values.yaml
+  - name: luan
+    clusterName: luan
+    helm:
+      valuesFiles:
+        - overlays/luan/values.yaml
+  - name: pillan
+    clusterName: pillan
+    helm:
+      valuesFiles:
+        - overlays/pillan/values.yaml
diff --git a/fleet/lib/openvpn-db/overlays/luan/values.yaml b/fleet/lib/openvpn-db/overlays/luan/values.yaml
@@ -0,0 +1,8 @@
+primary:
+  service:
+    type: LoadBalancer
+    loadBalancerIP: 139.229.135.51
+    ports:
+      mysql: 3306
+    annotations:
+      metallb.universe.tf/address-pool: openvpndb
diff --git a/fleet/lib/openvpn-db/overlays/pillan/values.yaml b/fleet/lib/openvpn-db/overlays/pillan/values.yaml
@@ -0,0 +1,8 @@
+primary:
+  service:
+    type: LoadBalancer
+    loadBalancerIP: 140.252.146.45
+    ports:
+      mysql: 3306
+    annotations:
+      metallb.universe.tf/address-pool: openvpndb
diff --git a/fleet/lib/openvpn-db/overlays/ruka/values.yaml b/fleet/lib/openvpn-db/overlays/ruka/values.yaml
@@ -0,0 +1,8 @@
+primary:
+  service:
+    type: LoadBalancer
+    loadBalancerIP: 139.229.134.140
+    ports:
+      mysql: 3306
+    annotations:
+      metallb.universe.tf/address-pool: openvpndb
diff --git a/fleet/lib/openvpn-db/overlays/yepun/values.yaml b/fleet/lib/openvpn-db/overlays/yepun/values.yaml
@@ -0,0 +1,8 @@
+primary:
+  service:
+    type: LoadBalancer
+    loadBalancerIP: 139.229.160.84
+    ports:
+      mysql: 3306
+    annotations:
+      metallb.universe.tf/address-pool: openvpndb
diff --git a/fleet/lib/openvpn-db/values.yaml b/fleet/lib/openvpn-db/values.yaml
@@ -0,0 +1,77 @@
+# Image configuration (unchanged)
+image:
+  registry: docker.io
+  repository: bitnami/mariadb
+  tag: 11.5.2-debian-12-r7
+  pullPolicy: IfNotPresent
+  pullSecrets:
+    - dockerhub-secret
+
+# Architecture
+architecture: replication
+
+auth:
+  existingSecret: mariadb-secrets
+
+primary:
+  persistence:
+    enabled: true
+    size: 10Gi
+    storageClass: rook-ceph-block
+  configuration: |-
+    [mysqld]
+    skip-name-resolve
+    explicit_defaults_for_timestamp
+    basedir=/opt/bitnami/mariadb
+    datadir=/bitnami/mariadb/data
+    plugin_dir=/opt/bitnami/mariadb/plugin
+    port=3306
+    socket=/opt/bitnami/mariadb/tmp/mysql.sock
+    tmpdir=/opt/bitnami/mariadb/tmp
+    max_allowed_packet=64M
+    bind-address=0.0.0.0
+    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
+    log-error=/opt/bitnami/mariadb/logs/mysqld.log
+    log_bin=/opt/bitnami/mariadb/logs/mariadb-bin.log
+    character-set-server=UTF8
+    collation-server=utf8_general_ci
+    innodb_buffer_pool_size=6G
+    slow_query_log=1
+    slow_query_log_file=/opt/bitnami/mariadb/logs/slow.log
+    long_query_time=1
+    expire_logs_days=30
+    max_connections=300
+    wait_timeout=28800
+    net_read_timeout=60
+    net_write_timeout=60
+    net_retry_count=10
+    [client]
+    port=3306
+    socket=/opt/bitnami/mariadb/tmp/mysql.sock
+    default-character-set=UTF8
+    plugin_dir=/opt/bitnami/mariadb/plugin
+    [manager]
+    port=3306
+    socket=/opt/bitnami/mariadb/tmp/mysql.sock
+    pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
+  resources:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 4
+      memory: 8Gi
+
+secondary:
+  replicaCount: 2
+  persistence:
+    enabled: true
+    size: 10Gi
+    storageClass: rook-ceph-block
+  resources:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 2
+      memory: 4Gi
diff --git a/fleet/s/cp/c/yepun/openvpn-db b/fleet/s/cp/c/yepun/openvpn-db
@@ -0,0 +1 @@
+../../../../lib/openvpn-db
diff --git a/fleet/s/cp/c/yepun/openvpn-db-pre b/fleet/s/cp/c/yepun/openvpn-db-pre
@@ -0,0 +1 @@
+../../../../lib/openvpn-db-pre
diff --git a/fleet/s/dev/c/ruka/openvpn-db b/fleet/s/dev/c/ruka/openvpn-db
@@ -0,0 +1 @@
+../../../../lib/openvpn-db
diff --git a/fleet/s/dev/c/ruka/openvpn-db-pre b/fleet/s/dev/c/ruka/openvpn-db-pre
@@ -0,0 +1 @@
+../../../../lib/openvpn-db-pre
diff --git a/fleet/s/ls/c/luan/openvpn-db b/fleet/s/ls/c/luan/openvpn-db
@@ -0,0 +1 @@
+../../../../lib/openvpn-db
diff --git a/fleet/s/ls/c/luan/openvpn-db-pre b/fleet/s/ls/c/luan/openvpn-db-pre
@@ -0,0 +1 @@
+../../../../lib/openvpn-db-pre
diff --git a/fleet/s/tu/c/pillan/openvpn-db b/fleet/s/tu/c/pillan/openvpn-db
@@ -0,0 +1 @@
+../../../../lib/openvpn-db
diff --git a/fleet/s/tu/c/pillan/openvpn-db-pre b/fleet/s/tu/c/pillan/openvpn-db-pre
@@ -0,0 +1 @@
+../../../../lib/openvpn-db-pre