examples

k8s example with DHI , first version (only database)

Author: Tob1as

examples/fpm-nginx-dhi-k8s/README.md

@@ -0,0 +1,57 @@
+# PHP - Examples: PHP-FPM & NGINX & MySQL (using DHI) for K8s/Kubernetes
+
+## Steps:
+1. ```kubectl apply -f namespace.yaml```
+2. Registry Login (needed for DHI), see below.
+2. ```kubectl apply -f volumes.yaml```
+3. ```kubectl apply -f wsc-db.yaml```
+    * create database and user and set permission:
+      ```sh
+      # Database
+      kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE DATABASE ${MYSQL_DATABASE};"'
+      # User with Password and Permission for Database
+      kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE USER \"${MYSQL_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_PASSWORD}\"; GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO \"${MYSQL_USER}\"@\"%\";"'
+      ```
+    * create exporter user with password and set permission:
+      ```sh
+      kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE USER \"${MYSQL_EXPORTER_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_EXPORTER_PASSWORD}\"; GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO \"${MYSQL_EXPORTER_USER}\"@\"%\";"'
+      ```
+    * check:
+      ```sh
+      kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -h localhost -uroot -e "SELECT user, host, max_user_connections FROM mysql.user;"'
+      kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -h localhost -uroot -e "SELECT host, user, db FROM mysql.db;"'
+      ```
+    * Now you can edit `wsc-db.yaml` and use `MYSQL_EXPORTER_USER` and `MYSQLD_EXPORTER_PASSWORD` for exporter and optional use other user instead root for healtcheck.
+4. ```kubectl apply -f wsc-web.yaml```
+5. copy wsc files to html folder in wsc-web deployment: ```kubectl cp ....```
+6. ...
+
+## Registry Login
+
+Login to docker.io and dhi.io Registries!
+
+```sh
+# Steps:
+
+# 1. User and Password
+REGISTRY_USER_NAME="<username>"      # Docker Hub Username
+REGISTRY_USER_PASSWORD="<password>"  # Password or Token
+
+# 2. Registry: Docker Hub
+REGISTRY_NAME="index.docker.io/v1/"
+K8S_REGCRED_NAME="regcred-dockerhub"
+
+# 3. Login command
+kubectl create secret docker-registry ${K8S_REGCRED_NAME} \
+--docker-server="${REGISTRY_NAME}" \
+--docker-username="${REGISTRY_USER_NAME}" \
+--docker-password="${REGISTRY_USER_PASSWORD}" \
+--save-config --dry-run=client -o yaml | \
+kubectl --namespace=wsc apply -f -
+
+# 4. Registry: DHI
+REGISTRY_NAME="dhi.io"
+K8S_REGCRED_NAME="regcred-dhi"
+
+# 5. repeat "3. Login command" again
+```

examples/fpm-nginx-dhi-k8s/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wsc

examples/fpm-nginx-dhi-k8s/volumes.yaml

@@ -0,0 +1,41 @@
+# https://github.com/rancher/local-path-provisioner
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wsc-db-data
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: local-path # set to your class
+  resources:
+    requests:
+      storage: 5Gi
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wsc-web-data
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-web
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: wsc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: local-path # set to your class
+  resources:
+    requests:
+      storage: 15Gi

examples/fpm-nginx-dhi-k8s/wsc-db.yaml

@@ -0,0 +1,243 @@
+# WSC-DB (MySQL-Database)
+# Source: https://github.com/Tob1as/docker-php
+# other konfig example: https://github.com/Tob1as/docker-kubernetes-collection/blob/master/examples_k8s/mariadb.yaml
+# 
+# used Images:
+# - https://dhi.io/catalog/mysql
+# - https://dhi.io/catalog/mysqld-exporter (Docs: https://github.com/prometheus/mysqld_exporter)
+# 
+# TODO: only do this commands after first start when using dhi mysql image (create database and user with password from environment vars):
+# kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE DATABASE ${MYSQL_DATABASE};"'
+# kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE USER \"${MYSQL_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_PASSWORD}\"; GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO \"${MYSQL_USER}\"@\"%\";"'
+# kubectl -n wsc exec -it deployment/wsc-db -c mysql -- sh -c 'mysql -uroot -e "CREATE USER \"${MYSQL_EXPORTER_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_EXPORTER_PASSWORD}\"; GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO \"${MYSQL_EXPORTER_USER}\"@\"%\";"'
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wsc-db-env-config
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+data:
+  MYSQL_OPTIONS: "--innodb-buffer-pool-size=512M" # only support in DHI (instead of own *.cnf file)
+  # the following variables require manual intervention in order to be used (kubectl exec command):
+  MYSQL_DATABASE: "woltlab_suite"
+  MYSQL_USER: "woltlab_suite"
+  MYSQL_EXPORTER_USER: "exporter"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wsc-db-env-secret
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+stringData:
+  MYSQL_ROOT_PASSWORD: "my-secret-pw"    # required !
+  # the following variables require manual intervention in order to be used (kubectl exec command):
+  MYSQL_PASSWORD: "my-secret-pw"
+  MYSQL_EXPORTER_PASSWORD: "my-secret-pw"
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wsc-db
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: wsc-db
+      app.kubernetes.io/component: database
+      app.kubernetes.io/part-of: wsc
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: wsc-db
+        app.kubernetes.io/component: database
+        app.kubernetes.io/part-of: wsc
+    spec:
+      imagePullSecrets:
+      - name: regcred-dockerhub
+      - name: regcred-dhi
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 65532
+      containers:
+      - name: mysql
+        image: dhi.io/mysql:8.4-debian13
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: wsc-db-env-config
+            optional: true
+        - secretRef:
+            name: wsc-db-env-secret
+            #optional: true
+        ports:
+        - containerPort: 3306
+          name: mysql
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command: ["/bin/sh", "-c", "mysqladmin ping -h localhost -P 3306 -u root || exit 1"]
+            #command: ["/bin/sh", "-c", "mysqladmin ping -h localhost -P 3306 --user=$MYSQL_USER --password=$MYSQL_PASSWORD || exit 1"]
+          #tcpSocket:
+          #  port: 3306
+          initialDelaySeconds: 10
+          periodSeconds: 30
+          timeoutSeconds: 5
+          failureThreshold: 3
+          successThreshold: 1
+        livenessProbe:
+          exec:
+            command: ["/bin/sh", "-c", "mysqladmin ping -h localhost -P 3306 -u root || exit 1"]
+            #command: ["/bin/sh", "-c", "mysqladmin ping -h localhost -P 3306 --user=$MYSQL_USER --password=$MYSQL_PASSWORD || exit 1"]
+          #tcpSocket:
+          #  port: 3306
+          initialDelaySeconds: 10
+          periodSeconds: 30
+          timeoutSeconds: 5
+          failureThreshold: 3
+          successThreshold: 1
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "0.5"
+          limits:
+            memory: "1Gi"
+            cpu: "1.0"
+        volumeMounts:
+        - name: wsc-db-data
+          mountPath: /var/lib/mysql
+      - name: exporter
+        image: dhi.io/mysqld-exporter:0.18-debian13
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 9104
+          name: exporter
+          protocol: TCP
+        env:
+        - name: MYSQL_EXPORTER_USER
+          value: "root"
+        #- name: MYSQL_EXPORTER_USER
+        #  valueFrom:
+        #    configMapKeyRef:
+        #      name: wsc-db-env-config
+        #      key: MYSQL_EXPORTER_USER
+        #      #optional: true
+        #- name: MYSQLD_EXPORTER_PASSWORD
+        #  valueFrom:
+        #    secretKeyRef:
+        #      name: wsc-db-env-secret
+        #      key: MYSQL_EXPORTER_PASSWORD
+        #      optional: true
+        args:
+        - "--web.listen-address=:9104"
+        - "--web.telemetry-path=/metrics"
+        - "--mysqld.address=localhost:3306"
+        - "--mysqld.username=$(MYSQL_EXPORTER_USER)"
+        - "--log.level=info"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "0.1"
+          limits:
+            memory: "128Mi"
+            cpu: "0.5"
+      volumes:
+      - name: wsc-db-data
+        persistentVolumeClaim:
+          claimName: wsc-db-data
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wsc-db
+  namespace: wsc
+  labels:
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+spec:
+  type: ClusterIP
+  ports:
+  - name: "mysql"
+    protocol: TCP
+    port: 3306
+    targetPort: 3306
+  - name: "exporter"
+    protocol: TCP
+    port: 9104
+    targetPort: 9104
+  selector: # deployment
+    app.kubernetes.io/name: wsc-db
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: wsc
+
+# Port-Forward/Tunnel to localhost
+# kubectl -n wsc port-forward service/wsc-db 3306:3306
+# kubectl -n wsc port-forward service/wsc-db 9104:9104
+
+#---
+#
+### After this line ONLY for Monitoring !
+#
+#apiVersion: monitoring.coreos.com/v1
+#kind: ServiceMonitor
+#metadata:
+#  name: wsc-db
+#  namespace: wsc
+#  labels:
+#    app.kubernetes.io/name: wsc-db
+#    app.kubernetes.io/component: database
+#    app.kubernetes.io/part-of: wsc
+#spec:
+#  endpoints:
+#  - path: /metrics
+#    scheme: http
+#    port: exporter # 9104
+#    targetPort: 9104
+#  selector:
+#    matchLabels: # service
+#      app.kubernetes.io/name: wsc-db
+#      app.kubernetes.io/component: database
+#      app.kubernetes.io/part-of: wsc
+#
+#---
+#
+## Examples: https://samber.github.io/awesome-prometheus-alerts/rules#mysql
+#
+#apiVersion: monitoring.coreos.com/v1
+#kind: PrometheusRule
+#metadata:
+#  name: mysql
+#  namespace: wsc
+#  labels:
+#    app: mysql
+#spec:
+#  groups:
+#    - name: mysql.rules
+#      rules:
+#      - alert: {}
+#      - alert: {}
+#      - alert: {}
+ 

examples/fpm-nginx-dhi-k8s/wsc-web.yaml

@@ -0,0 +1,2 @@
+# WSC-WEB (PHP-FPM + NGINX)
+# Source: https://github.com/Tob1as/docker-php

examples/fpm-nginx-dhi/docker-compose.yml

@@ -93,7 +93,7 @@ services:
       timeout: 5s
       retries: 3
       # check with: "docker inspect --format='{{json .State.Health}}' wsc-db | jq"
-    # TODO: only do this commands after first start when using dhi mysql image (create database and user with password form environment vars):
+    # TODO: only do this commands after first start when using dhi mysql image (create database and user with password from environment vars):
     # docker exec -it wsc-db bash -c 'mysql -uroot -e "CREATE DATABASE ${MYSQL_DATABASE};"'
     # docker exec -it wsc-db bash -c 'mysql -uroot -e "CREATE USER \"${MYSQL_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_PASSWORD}\"; GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO \"${MYSQL_USER}\"@\"%\";"'