apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: db
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
  # clusterID is the namespace where the rook cluster is running
  # If you change this namespace, also change the namespace below where the secret namespaces are defined
  clusterID: rook-ceph

  # CephFS filesystem name into which the volume shall be created
  fsName: gitea

  # Ceph pool into which the volume shall be created
  # Required for provisionVolume: "true"
  pool: gitea-replicated

  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
  # in the same namespace as the cluster.
  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph

reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db
  namespace: gitea
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 16Gi
  storageClassName: db
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: db
  namespace: gitea
  labels:
    app: db
spec:
  replicas: 1
  selector:
    matchLabels:
      app: db
  template:
    metadata:
      labels:
        app: db
    spec:
      containers:
      - name: db
        image: mariadb:10.5
        imagePullPolicy: "IfNotPresent"
        ports:
        - name: mysql
          containerPort: 3306
        env:
        - name: MARIADB_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: root.pw
        - name: MARIADB_USER
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: username
              optional: false
        - name: MARIADB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: user.pw
              optional: false
        - name: MARIADB_DATABASE
          value: gitea
        #livenessProbe:
        #  exec:
        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
        #  initialDelaySeconds: 120
        #  periodSeconds: 10
        #  timeoutSeconds: 1
        #  successThreshold: 1
        #  failureThreshold: 3
        #readinessProbe:
        #  exec:
        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
        #  initialDelaySeconds: 30
        #  periodSeconds: 10
        #  timeoutSeconds: 1
        #  successThreshold: 1
        #  failureThreshold: 3
        volumeMounts:
        - mountPath: /var/lib/mysql
          name: data
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: db
          readOnly: false
---
apiVersion: v1
kind: Service
metadata:
  name: db
  namespace: gitea
spec:
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv6
  ipFamilyPolicy: SingleStack
  ports:
  - name: mysql
    port: 3306
    protocol: TCP
    targetPort: 3306
  selector:
    app: db
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: db-backup
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
  # clusterID is the namespace where the rook cluster is running
  # If you change this namespace, also change the namespace below where the secret namespaces are defined
  clusterID: rook-ceph

  # CephFS filesystem name into which the volume shall be created
  fsName: gitea

  # Ceph pool into which the volume shall be created
  # Required for provisionVolume: "true"
  pool: gitea-replicated

  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
  # in the same namespace as the cluster.
  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph

reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db-backup
  namespace: gitea
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: db-backup
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: db-backup
  namespace: gitea
  labels:
    app: db-backup
spec:
  replicas: 1
  selector:
    matchLabels:
      app: db-backup
  template:
    metadata:
      labels:
        app: db-backup
    spec:
      containers:
      - name: db-backup
        image: rsprta/mariadb-backup
        imagePullPolicy: "IfNotPresent"
        env:
        - name: CRON_TIMER
          value: "@daily"
        - name: MARIADB_HOST
          value: db
        - name: MARIADB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: root.pw
        - name: MARIADB_USER
          value: root
        - name: MARIADB_PORT
          value: "3306"
        volumeMounts:
        - mountPath: /backup
          name: backup
      volumes:
      - name: backup
        persistentVolumeClaim:
          claimName: db-backup
          readOnly: false