# MediaWiki — personal wiki, postgres-backed # Unpinned; uploads PVC on local-path. # LocalSettings.php supplied via ConfigMap — secrets read at runtime from env. # NodePort 32392. # # Deploy flow (run in order, from /home/samantha/private/Knowledge/repos/homelab): # # # 1. Generate secrets and stash in pass + k8s: # DB=$(openssl rand -hex 32) # ADM=$(openssl rand -hex 16) # SK=$(openssl rand -hex 32) # UK=$(openssl rand -hex 16) # echo "$DB" | pass insert -m -f homelab/MEDIAWIKI_DB_PASSWORD # echo "$ADM" | pass insert -m -f homelab/MEDIAWIKI_ADMIN_PASSWORD # echo "$SK" | pass insert -m -f homelab/MEDIAWIKI_SECRET_KEY # echo "$UK" | pass insert -m -f homelab/MEDIAWIKI_UPGRADE_KEY # k3s/scripts/k3s-control-command "sudo kubectl create secret generic mediawiki-secret -n default \ # --from-literal=db-password='$DB' \ # --from-literal=admin-password='$ADM' \ # --from-literal=secret-key='$SK' \ # --from-literal=upgrade-key='$UK'" # # # 2. Create db/user, run install.php, deploy: # k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki-db-init.yaml' # scp first # k3s/scripts/k3s-control-command 'kubectl wait --for=condition=complete job/mediawiki-db-init --timeout=60s' # k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki-install.yaml' # k3s/scripts/k3s-control-command 'kubectl wait --for=condition=complete job/mediawiki-install --timeout=120s' # k3s/scripts/k3s-control-command 'kubectl apply -f /tmp/mediawiki.yaml' --- apiVersion: v1 kind: ConfigMap metadata: name: mediawiki-localsettings data: LocalSettings.php: | "$wgResourceBasePath/resources/assets/change-your-logo.svg" ]; $wgEnableEmail = false; $wgEmergencyContact = ""; $wgPasswordSender = ""; $wgDBtype = "mysql"; $wgDBserver = "mariadb"; $wgDBname = "mediawiki_db"; $wgDBuser = "mediawiki_user"; $wgDBpassword = getenv('MW_DB_PASSWORD'); $wgDBport = "3306"; $wgSecretKey = getenv('MW_SECRET_KEY'); $wgUpgradeKey = getenv('MW_UPGRADE_KEY'); $wgUploadDirectory = "/var/www/html/images"; $wgEnableUploads = true; $wgPingback = false; $wgDefaultSkin = "vector-2022"; wfLoadSkin( 'Vector' ); wfLoadSkin( 'MonoBook' ); wfLoadSkin( 'Timeless' ); wfLoadSkin( 'MinervaNeue' ); $wgLocaltimezone = "UTC"; date_default_timezone_set($wgLocaltimezone); --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mediawiki-images-pvc spec: accessModes: [ReadWriteOnce] storageClassName: local-path resources: requests: storage: 20Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: mediawiki spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: mediawiki template: metadata: labels: app: mediawiki spec: securityContext: fsGroup: 33 # www-data — so PVC is group-writable by apache containers: - name: mediawiki image: mediawiki:1.43 env: - name: MW_SERVER value: "https://wiki.the-fulfillment.org" - name: MW_DB_PASSWORD valueFrom: secretKeyRef: name: mediawiki-secret key: db-password - name: MW_SECRET_KEY valueFrom: secretKeyRef: name: mediawiki-secret key: secret-key - name: MW_UPGRADE_KEY valueFrom: secretKeyRef: name: mediawiki-secret key: upgrade-key ports: - containerPort: 80 volumeMounts: - name: localsettings mountPath: /var/www/html/LocalSettings.php subPath: LocalSettings.php - name: images mountPath: /var/www/html/images volumes: - name: localsettings configMap: name: mediawiki-localsettings - name: images persistentVolumeClaim: claimName: mediawiki-images-pvc --- apiVersion: v1 kind: Service metadata: name: mediawiki spec: selector: app: mediawiki ports: - port: 80 targetPort: 80 nodePort: 32392 type: NodePort