diff --git a/deploy/mysql/Makefile b/deploy/mysql/Makefile index 0e23e02..b84bc14 100644 --- a/deploy/mysql/Makefile +++ b/deploy/mysql/Makefile @@ -22,7 +22,7 @@ mariadb-secret: --from-literal=MYSQL_ROOT_PASSWORD=root \ --dry-run=client -o yaml | kubectl apply -f - -mariadb-kine-secret: mariadb-secret +mariadb-kine-secret: @\ CA=$$(cat $(ROOT_DIR)/certs/ca.crt | base64 | tr -d '\n') \ CRT=$$(cat $(ROOT_DIR)/certs/server.crt | base64 | tr -d '\n') \ diff --git a/deploy/mysql/README.md b/deploy/mysql/README.md index 36e68ec..b044557 100644 --- a/deploy/mysql/README.md +++ b/deploy/mysql/README.md @@ -6,38 +6,77 @@ Kamaji project is developed using [kind](https://kind.sigs.k8s.io), therefore, M There is a Makefile to help with the process: -* **Full Installation** +# Setup + +Setup of the MySQL/MariaDB backend can be easily issued with a single command. ```bash $ make mariadb ``` -This action will perform all the necessary stuffs to have MariaDB as kubernetes storage backend using kine. +This action will perform all the necessary stuffs to have MariaDB as Kubernetes storage backend using kine. -* **Certificate creation** +```shell +rm -rf /home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs && mkdir /home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs +cfssl gencert -initca /home/prometherion/Documents/clastix/kamaji/deploy/mysql/ca-csr.json | cfssljson -bare /home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs/ca +2022/08/18 23:52:56 [INFO] generating a new CA key and certificate from CSR +2022/08/18 23:52:56 [INFO] generate received request +2022/08/18 23:52:56 [INFO] received CSR +2022/08/18 23:52:56 [INFO] generating key: rsa-2048 +2022/08/18 23:52:56 [INFO] encoded CSR +2022/08/18 23:52:56 [INFO] signed certificate with serial number 310428005543054656774215122317606431230766314770 +cfssl gencert -ca=/home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs/ca.crt -ca-key=/home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs/ca.key \ + -config=/home/prometherion/Documents/clastix/kamaji/deploy/mysql/config.json -profile=server \ + /home/prometherion/Documents/clastix/kamaji/deploy/mysql/server-csr.json | cfssljson -bare /home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs/server +2022/08/18 23:52:56 [INFO] generate received request +2022/08/18 23:52:56 [INFO] received CSR +2022/08/18 23:52:56 [INFO] generating key: rsa-2048 +2022/08/18 23:52:56 [INFO] encoded CSR +2022/08/18 23:52:56 [INFO] signed certificate with serial number 582698914718104852311252458344736030793138969927 +chmod 644 /home/prometherion/Documents/clastix/kamaji/deploy/mysql/certs/* +secret/mysql-config created +secret/kine-secret created +serviceaccount/mariadb created +service/mariadb created +deployment.apps/mariadb created +persistentvolumeclaim/pvc-mariadb created +``` + +## Certificate creation ```bash $ make mariadb-certificates ``` -Communication between kine and the backend is encrypted, therefore, some certificates must be created. +Communication between kine and the backend is encrypted, therefore, a CA and a certificate from it must be created. -* **Secret Deployment** +## Secret Deployment ```bash $ make mariadb-secrets ``` -Previous certificates and MySQL configuration have to be available in order to be used. They will be under the secret `kamaji-system:mysql-config`. +Previous certificates and MySQL configuration have to be available in order to be used. +They will be under the secret `kamaji-system:mysql-config`, used by the MySQL/MariaDB instance. -* **Deployment** +## Kine Secret + +```bash +$ make mariadb-kine-secret +``` + +Organize the required Kine data such as username, password, CA, certificate, and private key to be stored in the Kamaji desired format. + +## Deployment ```bash $ make mariadb-deployment ``` -* **Uninstall Everything** +Finally, starts the MySQL/MariaDB installation with all the required settings, such as SSL connection, and configuration. + +# Cleanup ```bash -$ make destroy -``` \ No newline at end of file +$ make mariadb-destroy +```