K8s/MediaWiki: Difference between revisions
Jump to navigation
Jump to search
| Line 186: | Line 186: | ||
---- | ---- | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
cat << YML | \ | cat <<'YML'| \ | ||
kubectl -n chorke-wiki-mediawiki \ | kubectl -n chorke-wiki-mediawiki \ | ||
patch configmap apache --type merge --patch-file=/dev/stdin | patch configmap apache --type merge --patch-file=/dev/stdin | ||
Revision as of 01:32, 29 July 2025
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/hetzner-aa-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/chorke-wiki-mediawiki/data-mediawiki-0/images/
chown -R 200:200 /var/minikube/pvc/chorke-wiki-mediawiki/
chmod -R 750 /var/minikube/pvc/chorke-wiki-mediawiki/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: chorke-wiki-mediawiki-data-mediawiki-0
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/chorke-wiki-mediawiki/data-mediawiki-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
ssh -qt shahed@hetzner-ab.local.or.tunnel.ip bash
set +o history
echo -n 'Password: ';read -s CHORKE_MEDIAWIKI;export CHORKE_MEDIAWIKI;echo
# Password: sadaqah!
cat <<'SQL'| sudo -i -u root mariadb
\! echo " "
SELECT concat(user, '@', host) AS 'user\n+--------------------------+' FROM mysql.user ORDER BY 1 ASC;
\! echo " "
-- SHOW databases;
SELECT schema_name AS 'database\n+--------------------------+' FROM information_schema.schemata ORDER BY 1 ASC;
SQL
cat << DDL | sudo -i -u root mariadb
CREATE DATABASE IF NOT EXISTS chorke_wiki_mediawiki;
CREATE USER IF NOT EXISTS chorke_wiki_mediawiki@'%' IDENTIFIED BY '${CHORKE_MEDIAWIKI}';
GRANT ALL PRIVILEGES ON chorke_wiki_mediawiki.* TO chorke_wiki_mediawiki@'%';
FLUSH PRIVILEGES;
DDL
echo -n 'Password: ';read -s MYSQL_PWD;export MYSQL_PWD;echo
# Password: sadaqah!
sudo -i -u root \
mariadb -D chorke_wiki_mediawiki
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki -P 3306 -h 10.20.0.1
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki -P 3306 -h 10.20.13.1
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki -P 3306 -h 192.168.49.1
set -o history
exit
|
ssh -qt shahed@hetzner-aa.local.or.tunnel.ip bash
set +o history
echo -n 'Password: ';read -s MYSQL_PWD;export MYSQL_PWD;echo
# Password: sadaqah!
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki -P 3306 -h 10.20.31.3
mariadb -D chorke_wiki_mediawiki -u chorke_wiki_mediawiki -P 3306 -h 10.20.41.2
set -o history
exit
|
ssh -qt shahed@hetzner-ab.local.or.tunnel.ip bash
cat <<'DDL'| sudo -i -u root mariadb
\! echo " "
REVOKE ALL PRIVILEGES ON chorke_wiki_mediawiki.* FROM chorke_wiki_mediawiki@'%';
DROP DATABASE IF EXISTS chorke_wiki_mediawiki;
DROP USER IF EXISTS chorke_wiki_mediawiki@'%';
FLUSH PRIVILEGES;
DDL
exit
|
K8s » Secret
|
K8s » Secret | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns chorke-wiki-mediawiki
kubectl get ns|grep chorke-wiki-mediawiki
|
cat <<'CFG'| \
kubectl -n chorke-wiki-mediawiki \
create configmap apache --from-file=000-default.conf=/dev/stdin
<VirtualHost *:80>
ServerName wiki.chorke.org
ServerAdmin info@chorke.org
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# AllowEncodedSlashes NoDecode
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
CFG
cat <<'YML'| \
kubectl -n chorke-wiki-mediawiki \
patch configmap apache --type merge --patch-file=/dev/stdin
---
data:
.htaccess: |
RewriteEngine On
# skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# rewrite all other urls to index.php
RewriteRule ^(.*)$ index.php [L]
YML
kubectl -n chorke-wiki-mediawiki \
create configmap mediawiki --from-file=${HOME}/Documents/mediawiki-playground/
:'
├── chorke-logo.png
└── favicon.ico
'
cat <<'PHP'| \
kubectl -n chorke-wiki-mediawiki \
create secret generic mediawiki --from-file=LocalSettings.php=/dev/stdin
<?php
# This file was automatically generated by the MediaWiki 1.44.0
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/MainConfigSchema.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;
$wgSitename = "Chorke Wiki";
$wgMetaNamespace = "Chorke";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "";
$wgArticlePath = "/$1";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "https://wiki.chorke.org";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogos = [
'1x' => "$wgResourceBasePath/resources/assets/chorke-logo.png",
'icon' => "$wgResourceBasePath/resources/assets/chorke-logo.png",
];
## UPO means: this is also a user preference option
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "info@chorke.org";
$wgPasswordSender = "info@chorke.org";
$wgEnotifUserTalk = true; # UPO
$wgEnotifWatchlist = true; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "10.20.31.3";
$wgDBname = "chorke_wiki_mediawiki";
$wgDBuser = "chorke_wiki_mediawiki";
$wgDBpassword = "sadaqah!";
# MySQL specific settings
$wgDBprefix = "";
$wgDBssl = false;
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
# Shared database table
# This has no effect unless $wgSharedDB is also set.
$wgSharedTables[] = "actor";
## Shared memory settings
$wgMainCacheType = CACHE_ACCEL;
$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = true;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = true;
# Site language code, should be one of the list in ./includes/languages/data/Names.php
$wgLanguageCode = "en";
# Time zone
$wgLocaltimezone = "UTC";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#$wgCacheDirectory = "$IP/cache";
$wgSecretKey = "7d05b3115e92a36f844c5cb67dd85c31586bb0e7b8231f7f9b714bd28f470663";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgUpgradeKey = "d707f8de62a8322d";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "https://creativecommons.org/publicdomain/zero/1.0/";
$wgRightsText = "Creative Commons Zero (Public Domain)";
$wgRightsIcon = "$wgResourceBasePath/resources/assets/licenses/cc-0.png";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";
# The following permissions were set based on your choice in the installer
$wgGroupPermissions["*"]["createaccount"] = false;
$wgGroupPermissions["*"]["edit"] = false;
## Default skin: you can change the default skin. Use the internal symbolic
## names, e.g. 'vector' or 'monobook':
$wgDefaultSkin = "vector";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MinervaNeue' );
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# Enabled extensions. Most of the extensions are enabled by adding
# wfLoadExtension( 'ExtensionName' );
# to LocalSettings.php. Check specific extension documentation for more details.
# The following extensions were automatically enabled:
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'CategoryTree' );
wfLoadExtension( 'CheckUser' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'CiteThisPage' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'ConfirmEdit' );
wfLoadExtension( 'DiscussionTools' );
wfLoadExtension( 'Echo' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'ImageMap' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Interwiki' );
wfLoadExtension( 'Linter' );
wfLoadExtension( 'LoginNotify' );
wfLoadExtension( 'Math' );
wfLoadExtension( 'MultimediaViewer' );
wfLoadExtension( 'Nuke' );
wfLoadExtension( 'PageImages' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'PdfHandler' );
wfLoadExtension( 'Poem' );
wfLoadExtension( 'ReplaceText' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'SecureLinkFixer' );
wfLoadExtension( 'SpamBlacklist' );
wfLoadExtension( 'SyntaxHighlight_GeSHi' );
wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'TemplateStyles' );
# wfLoadExtension( 'TextExtracts' );
wfLoadExtension( 'Thanks' );
wfLoadExtension( 'TitleBlacklist' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'WikiEditor' );
# End of automatically generated settings.
# Add more configuration options below.
$wgDefaultUserOptions['math'] = 'native';
$wgMathValidModes = [ 'native' ];
$wgMathDisableTexFilter = true;
$wgVectorNightMode['logged_in'] = true;
$wgVectorNightMode['logged_out'] = true;
$wgShowExceptionDetails = false;
PHP
| |
K8s » Deploy
|
K8s » Deploy | |
|---|---|
cat <<'YML'| \
kubectl apply -n chorke-wiki-mediawiki -f -
---
apiVersion: v1
kind: Service
metadata:
name: mediawiki
namespace: chorke-wiki-mediawiki
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: mediawiki
app.kubernetes.io/instance: mediawiki
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: mediawiki
ports:
- name: mediawiki
targetPort: 80
protocol: TCP
port: 80
type: ClusterIP
YML
|
cat <<'YML'| \
kubectl apply -n chorke-wiki-mediawiki -f -
---
apiVersion: v1
kind: Service
metadata:
name: mediawiki-fpm
namespace: chorke-wiki-mediawiki
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: mediawiki
app.kubernetes.io/instance: mediawiki
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: mediawiki
ports:
- name: mediawiki
targetPort: 9000
protocol: TCP
port: 9000
type: ClusterIP
YML
|
cat <<'YML'| \
kubectl apply -n chorke-wiki-mediawiki -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-mediawiki-0
namespace: chorke-wiki-mediawiki
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: mediawiki
app.kubernetes.io/instance: mediawiki
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: hostpath
volumeName: chorke-wiki-mediawiki-data-mediawiki-0
YML
|
|
cat <<'YML'| kubectl apply -n chorke-wiki-mediawiki -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mediawiki
namespace: chorke-wiki-mediawiki
labels:
app: mediawiki
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: mediawiki
app.kubernetes.io/instance: mediawiki
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: mediawiki
template:
metadata:
labels:
app: mediawiki
spec:
securityContext:
runAsUser: 200
fsGroup: 200
containers:
- name: mediawiki
image: mediawiki:1.44.0
ports:
- containerPort: 80
name: mediawiki
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- mountPath: /var/www/html/resources/assets/chorke-logo.png
subPath: chorke-logo.png
name: mediawiki-cfg
readOnly: true
- mountPath: /etc/apache2/sites-enabled/000-default.conf
subPath: 000-default.conf
name: apache-cfg
readOnly: true
- mountPath: /var/www/html/LocalSettings.php
subPath: LocalSettings.php
name: mediawiki-sec
readOnly: true
- mountPath: /var/www/html/favicon.ico
subPath: favicon.ico
name: mediawiki-cfg
readOnly: true
- mountPath: /var/www/html/.htaccess
subPath: .htaccess
name: apache-cfg
readOnly: true
- mountPath: /var/www/html/images
name: data-mediawiki-0
subPath: images
volumes:
- name: apache-cfg
configMap:
name: apache
- name: mediawiki-cfg
configMap:
name: mediawiki
- name: mediawiki-sec
secret:
secretName: mediawiki
- name: data-mediawiki-0
persistentVolumeClaim:
claimName: data-mediawiki-0
YML
cat << YML | \
kubectl -n chorke-wiki-mediawiki \
patch configmap apache --type merge --patch-file=/dev/stdin
---
data:
.htaccess: |
# block mediawiki config directory
RedirectMatch 403 ^/mw-config/
RewriteEngine On
# skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# rewrite all other urls to index.php
RewriteRule ^(.*)$ index.php [L]
YML
kubectl -n chorke-wiki-mediawiki rollout restart deploy/mediawiki
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n chorke-wiki-mediawiki -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mediawiki
namespace: chorke-wiki-mediawiki
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: mediawiki
app.kubernetes.io/instance: mediawiki
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: wiki.chorke.org
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: mediawiki
port:
number: 80
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=wiki.chorke.org
xdg-open https://wiki.chorke.org
| |
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -c mediawiki -- bash
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- bash
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- id
kubectl -n chorke-wiki-mediawiki logs -f svc/mediawiki
|
---
Page: https://wiki.chorke.org
user: Admin
pass: sadaqah!
|
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n chorke-wiki-mediawiki patch deploy/mediawiki --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n chorke-wiki-mediawiki patch deploy/mediawiki --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n chorke-wiki-mediawiki patch deploy/mediawiki --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: mediawiki
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n chorke-wiki-mediawiki rollout history deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout pause deploy/mediawiki
cat <<YML | kubectl -n chorke-wiki-mediawiki patch deploy/mediawiki --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: mediawiki
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
YML
kubectl -n chorke-wiki-mediawiki annotate deploy/mediawiki --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n chorke-wiki-mediawiki rollout resume deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout history deploy/mediawiki
|
kubectl -n chorke-wiki-mediawiki rollout undo deploy/mediawiki --to-revision=1
kubectl -n chorke-wiki-mediawiki rollout history deploy/mediawiki
kubectl -n chorke-wiki-mediawiki annotate deploy/mediawiki --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n chorke-wiki-mediawiki rollout history deploy/mediawiki
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n chorke-wiki-mediawiki
kubectl delete deploy --all -n chorke-wiki-mediawiki
kubectl delete pvc --all -n chorke-wiki-mediawiki
|
kubectl delete pv chorke-wiki-mediawiki-data-mediawiki-0
kubectl delete all --all -n chorke-wiki-mediawiki
kubectl delete ns chorke-wiki-mediawiki
|
Playground
|
Playground | |
|---|---|
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- cat /etc/apache2/sites-enabled/000-default.conf
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- cat /var/www/html/LocalSettings.php
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- cat /etc/apache2/apache2.conf
kubectl -n chorke-wiki-mediawiki rollout history deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout restart deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout undo deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout pause deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout resume deploy/mediawiki
kubectl -n chorke-wiki-mediawiki rollout status deploy/mediawiki
| |
kubectl delete svc --all -n chorke-wiki-mediawiki
kubectl delete deploy --all -n chorke-wiki-mediawiki
kubectl delete pvc --all -n chorke-wiki-mediawiki
|
kubectl delete pv chorke-wiki-mediawiki-data-mediawiki-0
kubectl delete all --all -n chorke-wiki-mediawiki
kubectl delete ns chorke-wiki-mediawiki
|
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -c mediawiki -- bash
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- bash
kubectl -n chorke-wiki-mediawiki exec -it svc/mediawiki -- id
kubectl -n chorke-wiki-mediawiki logs -f svc/mediawiki -c mediawiki
kubectl -n chorke-wiki-mediawiki logs -f svc/mediawiki
| |
References
|
References | ||
|---|---|---|