apiVersion: v1 kind: Namespace metadata: name: couchdb --- apiVersion: v1 kind: PersistentVolume metadata: name: couchdb-pv-0 labels: volume: couchdb-vol spec: capacity: storage: 2Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolume metadata: name: couchdb-pv-1 labels: volume: couchdb-vol spec: capacity: storage: 2Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolume metadata: name: couchdb-pv-2 labels: volume: couchdb-vol spec: capacity: storage: 2Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: ConfigMap metadata: name: couchdb-seedlist-config namespace: couchdb data: seedlist.ini: | [cluster] seedlist = couchdb@couchdb-0.couchdb-service.couchdb.svc.cluster.local,couchdb@couchdb-1.couchdb-service.couchdb.svc.cluster.local,couchdb@couchdb-2.couchdb-service.couchdb.svc.cluster.local password.ini: | [admins] admin = -My-PDFKB2-style-admin-password jwt.ini: | [chttpd] authentication_handlers = {chttpd_auth, jwt_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler} [jwt_auth] required_claims=exp [jwt_keys] hmac:_default = HMAC-base64-encoded-secret --- apiVersion: v1 kind: ConfigMap metadata: name: couchdb-initscript-config namespace: couchdb data: initscript.sh: | #!/bin/ash echo "Checking to see if couchdb is up..." ret=$(curl -sw '%{http_code}' http://couchdb-web.couchdb:5984/_up -o /dev/null) echo "CouchDB check return code : ${ret}" while [ ${ret} -ne 200 ]; do sleep 5; echo "waiting for successful couchdb access..."; ret=$(curl -sw '%{http_code}' http://couchdb-web.couchdb:5984/_up -o /dev/null) done; ret=$(curl -sw '%{http_code}' http://couchdb-admin-user:couchdb-admin-password@couchdb-web.couchdb:5984/_users -o /dev/null) if [ "${ret}" = "404" ]; then curl -X PUT http://couchdb-admin-user:couchdb-admin-password@couchdb-web.couchdb:5984/_users fi ret=$(curl -sw '%{http_code}' http://couchdb-admin-user:couchdb-admin-password@couchdb-web.couchdb:5984/_replicator -o /dev/null) if [ "${ret}" = "404" ]; then curl -X PUT http://couchdb-admin-user:couchdb-admin-password@couchdb-web.couchdb:5984/_replicator fi echo "Completed initialization of couchdb" exit 0 --- apiVersion: batch/v1 kind: Job metadata: name: couchdb-init-job namespace: couchdb spec: ttlSecondsAfterFinished: 3600 template: spec: restartPolicy: Never containers: - name: couchdb-init image: curlimages/curl:latest command: [ "/bin/ash", "-c", "/tmp/initscript.sh"] volumeMounts: - name: couchdb-initscript-config mountPath: /tmp/initscript.sh subPath: initscript.sh volumes: - name: couchdb-initscript-config configMap: name: couchdb-initscript-config defaultMode: 0777 items: - key: initscript.sh path: initscript.sh --- apiVersion: apps/v1 kind: StatefulSet metadata: name: couchdb namespace: couchdb spec: serviceName: couchdb-service replicas: 3 selector: matchLabels: app: couchdb-app template: metadata: labels: app: couchdb-app spec: securityContext: runAsUser: 5984 runAsGroup: 5984 fsGroup: 5984 topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: couchdb-app containers: - name: couchdb-app image: couchdb:3.2.2 env: - name: NODE_NETBIOS_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NODENAME value: $(NODE_NETBIOS_NAME).couchdb-service.couchdb.svc.cluster.local # FQDN in vm.args - name: COUCHDB_USER value: couchdb-admin-user-name - name: COUCHDB_PASSWORD value: couchdb-password (should come from a secret ideally) - name: COUCHDB_SECRET value: separate-couchdb-secret - name: COUCHDB_ERLANG_COOKIE value: name-of-cookie - name: ERL_FLAGS value: "-name couchdb@$(NODENAME) -setcookie name-of-cookie" ports: - containerPort: 80 resources: requests: cpu: 20m memory: 10Mi volumeMounts: - name: couch-pvc mountPath: /opt/couchdb/data - name: couchdb-seedlist-config mountPath: /opt/couchdb/etc/default.d/seedlist.ini subPath: seedlist.ini - name: couchdb-password-config mountPath: /opt/couchdb/etc/local.d/password.ini subPath: password.ini - name: couchdb-jwt-config mountPath: /opt/couchdb/etc/local.d/jwt.ini subPath: jwt.ini volumes: - name: couchdb-seedlist-config configMap: name: couchdb-seedlist-config items: - key: seedlist.ini path: seedlist.ini - name: couchdb-password-config configMap: name: couchdb-seedlist-config items: - key: password.ini path: password.ini - name: couchdb-jwt-config configMap: name: couchdb-seedlist-config items: - key: jwt.ini path: jwt.ini volumeClaimTemplates: - metadata: name: couch-pvc spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 2Gi selector: matchLabels: volume: couchdb-vol --- apiVersion: v1 kind: Service metadata: name: couchdb-web namespace: couchdb spec: ports: - port: 5984 targetPort: 5984 selector: app: couchdb-app --- apiVersion: v1 kind: Service metadata: name: couchdb-service namespace: couchdb spec: type: ClusterIP clusterIP: None ports: - port: 5984 targetPort: 5984 protocol: TCP selector: app: couchdb-app --- apiVersion: v1 kind: ConfigMap metadata: name: couchdb-backup-script namespace: couchdb data: backupscript.sh: | #!/bin/bash echo "Checking to see if couchdb is up..." COUCH_URL=http://couch-db-admin-user:couch-admin-password@couchdb-web.couchdb:5984 ret=$(curl -sw '%{http_code}' ${COUCH_URL}/_up -o /dev/null) echo "CouchDB check return code : ${ret}" while [ ${ret} -ne 200 ]; do sleep 5; echo "waiting for successful couchdb access..."; ret=$(curl -sw '%{http_code}' ${COUCH_URL}/_up -o /dev/null) done; DBLIST=$(curl -s ${COUCH_URL}/_all_dbs | jq -r 'join(" ")') if [ "${DBLIST}" == "" ]; then echo "No database list returned.... exiting" fi FNAMEPREFIX=couchdb-dump-$(date +%Y-%m-%d-%H.%M) for DB in ${DBLIST}; do BKUPFNAME=${FNAMEPREFIX}-${DB}.couch couchbackup --db ${DB} --url $COUCH_URL >/data/backup/${BKUPFNAME} done tar czf /data/backup/${FNAMEPREFIX}.tar.gz /data/backup/${FNAMEPREFIX}* rm /data/backup/${FNAMEPREFIX}*.couch echo "Backups complete, file ${FNAMEPREFIX}.tar.gz created as backup" --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: couchdb name: couchdb-ingress annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.mydomain.com, http://localhost:8100, http://localhost:3000,http://localhost:8080" spec: ingressClassName: "nginx" tls: - hosts: - couchdb.mydomain.com rules: - host: couchdb.mydomain.com http: paths: - path: / pathType: Prefix backend: service: name: couchdb-web port: number: 5984 ---