add mariadb cluster

kubernetes/apps/database/mariadb/cluster/backup.yaml

@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-backup
+spec:
+  mariaDbRef:
+    name: mariadb
+  timeZone: "America/Chicago"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  storage:
+    s3:
+      endpoint: s3.hsn.dev
+      bucket: mariadb
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY

kubernetes/apps/database/mariadb/cluster/externalsecret.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name mariadb
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: mariadb-secret
+    template:
+      engineVersion: v2
+      data:
+        AWS_ACCESS_KEY_ID: "{{ .minio_mariadb_access_key }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .minio_mariadb_secret_key }}"
+  dataFrom:
+    - extract:
+        key: minio
+      rewrite:
+        - regexp:
+            source: "[-]"
+            target: "_"
+        - regexp:
+            source: "(.*)"
+            target: "minio_$1"

kubernetes/apps/database/mariadb/cluster/gatus.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-gatus-ep
+  labels:
+    gatus.io/enabled: "true"
+data:
+  config.yaml: |
+    endpoints:
+      - name: mariadb
+        group: infrastructure
+        url: tcp://mariadb.database.svc.cluster.local:3306
+        interval: 1m
+        ui:
+          hide-url: true
+          hide-hostname: true
+        conditions:
+          - "[CONNECTED] == true"
+        alerts:
+          - type: pushover

kubernetes/apps/database/mariadb/cluster/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./backup.yaml
+  - ./externalsecret.yaml
+  - ./gatus.yaml
+  - ./mariadb.yaml

kubernetes/apps/database/mariadb/cluster/mariadb.yaml

@@ -0,0 +1,38 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/mariadb_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: &name mariadb
+spec:
+  # renovate: datasource=docker depName=docker.io/library/mariadb
+  image: docker.io/library/mariadb:11.6.2
+  replicas: 3
+  storage:
+    size: 5Gi
+    storageClassName: openebs-hostpath
+  bootstrapFrom:
+    backupRef:
+      name: mariadb-backup
+  maxScale:
+    enabled: true
+    kubernetesService:
+      type: LoadBalancer
+      metadata:
+        annotations:
+          io.cilium/lb-ipam-ips: 10.1.1.39
+    connection:
+      secretName: mxs-connection
+      port: 3306
+  galera:
+    enabled: true
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch
+  service:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        io.cilium/lb-ipam-ips: 10.1.1.33

kubernetes/apps/database/mariadb/ks.yaml

@@ -40,3 +40,25 @@ spec:
   wait: true
   interval: 30m
   timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/database/mariadb/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  timeout: 5m