feat: add mariadb

kubernetes/main/apps/database/kustomization.yaml

@@ -6,4 +6,5 @@ resources:
 - ./postgresql/ks.yaml
 - ./redis
 - ./minio
-- ./mysql
+- ./mysql
+- ./mariadb/ks.yaml

kubernetes/main/apps/database/mariadb/crds/helm-release.yaml

@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator-crds
+  namespace: database
+spec:
+  chart:
+    spec:
+      chart: mariadb-operator-crds
+      version: 0.37.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  interval: 30m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3

kubernetes/main/apps/database/mariadb/crds/helm-repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://helm.mariadb.com/mariadb-operator

kubernetes/main/apps/database/mariadb/crds/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- helm-repository.yaml
+- helm-release.yaml

kubernetes/main/apps/database/mariadb/database/db.yaml

@@ -0,0 +1,11 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: mariadb
+spec:
+  rootPasswordSecretKeyRef:
+    name: mariadb-secrets
+    key: MARIADB_ROOT_PASSWORD
+  storage:
+    size: 2Gi
+    storageClassName: openebs-zfs-mainpool

kubernetes/main/apps/database/mariadb/database/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- db.yaml
+- secret.sops.yaml

kubernetes/main/apps/database/mariadb/database/secret.sops.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mariadb-secrets
+    labels:
+        k8s.mariadb.com/watch: null
+stringData:
+    MARIADB_ROOT_PASSWORD: ENC[AES256_GCM,data:1yAkRvtIjsBY944raOrlncrd/iBHnaCqAVc3KJRZHlY=,iv:DIYkBfWsZERr9sqwxs7Thwb75cdo+7S2wB/XIWo+EcE=,tag:RYu/QqHg3x5k/JS6timQYQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-11T23:52:26Z"
+    mac: ENC[AES256_GCM,data:TaagPQ0+BQyZdFU9vyOg5LCjYfdBHz63TJ198xJjFOv1e0ftyvPsG+n0NgpZq7mtHcLqw+JG80rlSgjjOym2jdPwHWEhpRr2qXeydjs+/IsOxy1Vn4s9ZRjuR1vcl/F81vpaDXo4Xd7bdpy5igEnsioLLzp2spOJGiBjCdzqDUY=,iv:R0dg3FQUkp247tsOmL6hoWD5c1/eztQnQK5siK/lR3A=,tag:lZCLvz1qhhxnaqBgnPF61A==,type:str]
+    pgp:
+        - created_at: "2025-03-11T23:52:26Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovAQ//TK1bjaVbf/EVJUykKpK6DE8gGFYqPa8/IZd5qGl0OJQu
+            90JtavnZcpfA3v3tuwJ4NfG2RiMOxpAniDICHHoPDLE+lp5ZekdC2hUokMTrn5mb
+            NUfJsrKxk7Tasp7ALmAaifJWqcmsbFA5GT9Vt2jpBsl0xHhF2q1Z3VVcwTk3Pv9D
+            R3+FPvy40s3c+J1w2+4XmF1ut3ffovLcCI6jKzeyArGtwEYkeFanO60NAP/FKB/X
+            eBvSrNg47MJXT2FsjO82BcuYA1rOW/NDDa+IAj4QULIakBC70UdjDqnNzwbP9FSu
+            Le5Zy6Ax1jjJmLr7Gs4SHY1bZS0VRFBRia/DSZF6h80qQ7V4Cop5HDjJTfBy2Uch
+            Smx0eHgV4XBtJJewALrz8jeadAfrQqkALTb+vDPTpS/9Sv4AS5RzyDesHq3w6FT6
+            P0H3L8Ad+3gsofup0f0SDajaWEY8d4MqnzQ6nfePrTZF1zmmss5MMwhM0dh05Gj1
+            aCFOfOL9iNJXZBIcP8LrrG00fRfeDnUfvfR/a4W1KaK8wNOZGsk4VYMFQyr5vRjF
+            c8pPmVx33Q3mWvDvnCFvjJxBrr9+j8k7AtqdJBE6suMgQN806RyjzNePfXi/rnJ3
+            H6PERdcciGiGLvzyodSZ69qqoBP0esGTJ5VUldhAW1JiCo4et7alBmNgPQol9PKF
+            AgwDXjg0p2IN1X8BD/4xYqVReeEhYPz6TJAMJz1RZMYBgyjIchKUOYEuD/hkvzfw
+            CSwPrgNV+ocBSQErmjT5XILOaezwX97LrmG7Nve5X8h/8GTvQBGIqlCRQ213wmpc
+            K6SJs7sXcLlO9vhDUNnjCf9bbkL64820LDWSt14wM7eUlcnJ/O93isNxttpQqvkt
+            cgtU2m9YFtY+NsRC9GllCJSsKGyUmp0wLHnKWa4CACXZ03qNefNOjMy7n3fNbfkF
+            qCk2QvpDE/D02VlfKsN4PzqptPClv9S1OzJAHaWOJJDM4L1F4wnOby2H9QFVCBS7
+            0edK/94zHNOYWKW6mLburvt97WI+Pa2oSiG93JKFZWG7zbpovGGrtqVpzFcOg2Cr
+            ILuV17Ms559CICQBQNbp32nH8QNORrb7YLIJGH8pLodgl4Vrk2HnxOJyqQfx0MRU
+            AurFUwyqa5rbhqaDQq+dWAJkXnZHAW/lvoC3OLbNsWgwQAntblDH0pAaIZPy48aW
+            6CzmfDYtoMmXk+gUeeMDrqTMuOXNyGAiqlCnNLayb7nrXIwVEzYS+rEkhFqHQPVR
+            168+uwLZoO4ubQlqNMHH08IC2Z0PgrkyIh79STQn//a9rg8sLxi0eDO4rtcdZeJi
+            eRE0vBpJ2xWK6FbtCeBEh6L+gbLF2BoGUKOBvWPQ1NCOYr6Z7CR1CNlVfopsadRo
+            AQkCENBv+WuM8shr1beGaFeZc5veTb23PZ2ff9LnxK4BI5Xwz4yrqymPm3U3MUwY
+            DXu3aRMBBWlY8k1CB4bayXkXtunzTw14MJM0K6l8odxLb/rYOpS80DxUDSwSV+Cu
+            MFft5VyZzOs=
+            =xFKz
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2025-03-11T23:52:26Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ//dgyVsRBjBqGIfqbI39jPQqI2mSHge9TFMKePioAITVBF
+            xkzVXXg6vAB3xvMbB6f8mQbnBzk0Ju0gGMnZ7K0XQqYsPrYV6lmXIGm52eavF/uP
+            7B/j37pxO4PoYA1qi3t/Be9/58h2g5+sI9m0uRGcozgmnpVzttLUDzkmAyEXm3LL
+            SmfaiEZ2kCs89SNdowOqGId4J1jwe8xqH/SDpbdUQEdhhuZ4hkWlWuEIqCqx1V0J
+            yzGuOY1PZp06TGPGlYcUsBIHfVQrlXlPVz4zCSbLq4UeIg+4Nzwo/GZzcWkPrl2T
+            hBI/pIWtb0en/ealePcn+YsliT0lfG83Iva90HqorHjkX4i9ro0PRzCzCwK5OAQ+
+            VJanLTLG0szg4IG8Ti0FXuqEU4firgC9P5FGiAXmDF4BlG3fx77dcqE7rUCcAlvK
+            eYU82uRSqoXrQQd9+E7A1gcRZ6VWPt6KolhiH4Gi+6MYrzBDAOkhDqUFVitCDm7r
+            AZvFLIzwAHoV/Y1G8E3KvKg3LUFLEYO10j5muzuvPG3635q7WeL0ifuAKSK+Lgv+
+            V49pR47WLzAH/2hheIydiZdr5WLfvzyp8kZjXkxda15s4sSmyfSV0XU7yIxxxor9
+            TjKYIc3EASjM+U1ERS/QiyYKx4yFoHT1LGNICoM6panfLj3p8xiZ15/JY/WOhnLU
+            aAEJAhD1smYbnJY9levzdHOvLBt9i4mJvv0prcjKlTkp50rSd3dTxnShITV1PeCY
+            Y65TQIJ+uh6Se0Q8UBjimsjnJBOxIc7FPtwbKIw1lY/UzaRhKWr4HswhAmXGehB6
+            e4yoLMaTXB5e
+            =m+sg
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4

kubernetes/main/apps/database/mariadb/ks.yaml

@@ -0,0 +1,87 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-operator-crds
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/crds
+  prune: true
+  # cannot specify a namespace since the crds kustomization also creates a helm-repository
+  # in the flux-system namespace.
+  #targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/operator
+  prune: true
+  targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: mariadb-operator-crds
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-database
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/database
+  prune: true
+  targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: mariadb-operator
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets

kubernetes/main/apps/database/mariadb/operator/helm-release.yaml

@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+spec:
+  chart:
+    spec:
+      chart: mariadb-operator
+      version: 0.37.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  interval: 30m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    # - name: minio
+    #   namespace: database
+    - name: openebs
+      namespace: openebs-system
+    - name: mariadb-operator-crds
+      namespace: database
+  values:
+    metrics:
+      enabled: true

kubernetes/main/apps/database/mariadb/operator/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- helm-release.yaml