diff --git a/bitnami/mariadb-galera/.helmignore b/bitnami/mariadb-galera/.helmignore new file mode 100644 index 0000000000..6b8710a711 --- /dev/null +++ b/bitnami/mariadb-galera/.helmignore @@ -0,0 +1 @@ +.git diff --git a/bitnami/mariadb-galera/Chart.yaml b/bitnami/mariadb-galera/Chart.yaml new file mode 100644 index 0000000000..2bbf9e4abb --- /dev/null +++ b/bitnami/mariadb-galera/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: mariadb-galera +version: 0.0.1 +appVersion: 10.3.17 +description: MariaDB Galera is a multi-master database cluster solution for synchronous replication and high availability. +keywords: +- mariadb +- mysql +- database +- sql +- prometheus +- galera +- percona +home: https://mariadb.org +icon: https://bitnami.com/assets/stacks/mariadb-galera/img/mariadb-galera-stack-220x234.png +sources: +- https://github.com/bitnami/bitnami-docker-mariadb-galera +- https://github.com/prometheus/mysqld_exporter +maintainers: +- name: Bitnami + email: containers@bitnami.com +engine: gotpl diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md new file mode 100644 index 0000000000..e040ea319d --- /dev/null +++ b/bitnami/mariadb-galera/README.md @@ -0,0 +1,280 @@ +# MariaDB Galera + +[MariaDB Galera](https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/) is a multi-master database cluster solution for synchronous replication and high availability. + +## TL;DR + +```bash +$ helm install bitnami/mariadb-galera +``` + +## Introduction + +This chart bootstraps a [MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with fluentd and Prometheus on top of [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.10+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +Add the `bitnami` charts repo to Helm: + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +``` + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release bitnami/mariadb-galera +``` + +The command deploys MariaDB Galera on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +For a graceful termination, set the replica count of the Pods in the `mariadb-galera` StatefulSet to `0`: + +```bash +$ kubectl scale sts my-release-mariadb-galera --replicas=0 +``` + +To uninstall/delete the `my-release` release: + +```bash +$ helm delete --purge my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the MariaDB Galera chart and their default values. + +| Parameter | Description | Default | +|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.registry` | MariaDB Galera image registry | `docker.io` | +| `image.repository` | MariaDB Galera Image name | `bitnami/mariadb-galera` | +| `image.tag` | MariaDB Galera Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | MariaDB Galera image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `nameOverride` | String to partially override mariadb-galera.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override mariadb-galera.fullname template with a string | `nil` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | MariaDB service port | `3306` | +| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `nil` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | +| `service.annotations` | Additional annotations for MariaDB Galera service | `{}` | +| `serviceAccount.create` | Specify whether a ServiceAccount should be created | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mariadb-galera.fullname template | +| `rbac.create` | Specify whether RBAC resources should be created and used | `false` | +| `securityContext.enabled` | Enable security context | `false` | +| `securityContext.fsGroup` | Group ID for the container filesystem | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `existingSecret` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret) | `nil` | +| `rootUser.password` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | +| `rootUser.forcePassword` | Force users to specify a password | `false` | +| `db.user` | Username of new user to create | `nil` | +| `db.password` | Password for the new user. Ignored if existing secret is provided. | _random 10 character alphanumeric string if `db.user` is defined_ | +| `db.name` | Name for new database to create | `my_database` | +| `db.forcePassword` | Force users to specify a password | `false` | +| `galera.name` | Galera cluster name | `galera` | +| `galera.mariabackup.user` | Galera mariabackup user | `mariabackup` | +| `galera.mariabackup.password` | Galera mariabackup password | _random 10 character alphanumeric string_ | +| `galera.mariabackup.forcePassword` | Force users to specify a password | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://:` | `nil` | +| `ldap.base` | LDAP base DN | `nil` | +| `ldap.binddn` | LDAP bind DN | `nil` | +| `ldap.bindpw` | LDAP bind password | `nil` | +| `ldap.bslookup` | LDAP base lookup | `nil` | +| `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` | +| `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `extraFlags` | MariaDB additional command line flags | `nil` | +| `annotations[].key` | key for the the annotation list item | `nil` | +| `annotations[].value` | value for the the annotation list item | `nil` | +| `replicaCount` | Desired number of cluster nodes | `3` | +| `updateStrategy` | Statefulset update strategy policy | `RollingUpdate` | +| `nodeAffinity` | Node Affinity (this value is evaluated as a template) | `{}` | +| `podAntiAffinity` | Pod anti-affinity policy | `soft` | +| `podAffinity` | Affinity, in addition to antiAffinity (this value is evaluated as a template) | `{}` | +| `nodeSelector` | Node labels for pod assignment (this value is evaluated as a template) | `{}` | +| `tolerations` | List of node taints to tolerate (this value is evaluated as a template) | `[]` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mariadb` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.storageClass` | Persistent Volume Storage Class | `nil` | +| `persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | +| `persistence.size` | Persistent Volume Size | `8Gi` | +| `extraInitContainers` | Additional init containers (this value is evaluated as a template) | `nil` | +| `resources` | CPU/Memory resource requests/limits for node | `{}` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `1` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `podDisruptionBudget.create` | If true, create a pod disruption budget for pods. | `false` | +| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | MariaDB Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MariaDB Prometheus exporter image name | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | MariaDB Prometheus exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | MariaDB Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.resources` | Prometheus exporter resource requests/limits | `{}` | +| `metrics.service.annotations` | Prometheus exporter svc annotations | `{prometheus.io/scrape: "true", prometheus.io/port: "9104"}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` | +| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{prometheus: "kube-prometheus"}` | + +The above parameters map to the env variables defined in [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera). For more information please refer to the [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set rootUser.password=secretpassword, + --set db.user=app_database \ + bitnami/mariadb-galera +``` + +The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml bitnami/mariadb-galera +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### LDAP + +LDAP support can be enabled in the chart by specifying the `ldap.` parameters while creating a release. The following parameters should be configured to properly enable the LDAP support in the chart. + +- `ldap.enabled`: Enable LDAP support. Defaults to `false`. +- `ldap.uri`: LDAP URL beginning in the form `ldap[s]://:`. No defaults. +- `ldap.base`: LDAP base DN. No defaults. +- `ldap.binddn`: LDAP bind DN. No defaults. +- `ldap.bindpw`: LDAP bind password. No defaults. +- `ldap.bslookup`: LDAP base lookup. No defaults. + +For example: + +```bash +$ helm install --name my-release bitnami/mariadb-galera \ + --set ldap.enabled="true" \ + --set ldap.url="ldap://my_ldap_server" \ + --set ldap.base="dc=example,dc=org" \ + --set ldap.binddn="cn=admin,dc=example,dc=org" \ + --set ldap.bindpw="admin" \ + --set ldap.bslookup="ou=group-ok,dc=example,dc=org" +``` + +Next, login to the MariaDB server using the `mysql` client and add the PAM authenticated LDAP users. + +For example, + +```mysql +CREATE USER 'bitnami'@'localhost' IDENTIFIED VIA pam USING 'mariadb'; +``` + +With the above example, when the `bitnami` user attempts to login to the MariaDB server, he/she will be authenticated against the LDAP server. + +### Production configuration + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. + +```console +$ helm install --name my-release -f ./values-production.yaml bitnami/mariadb-galera +``` + +- Force users to specify a password: + +```diff +- rootUser.forcePassword: false ++ rootUser.forcePassword: true +- db.forcePassword: false ++ db.forcePassword: true +- galera.mariabackup.forcePassword: false ++ galera.mariabackup..forcePassword: true +``` + +- Start a side-car prometheus exporter: + +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +## Initialize a fresh instance + +The [Bitnami MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +## Persistence + +The [Bitnami MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) image stores the MariaDB data and configurations at the `/bitnami/mariadb` path of the container. + +The chart mounts a [Persistent Volume](kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can be defined. + +## Extra Init Containers + +The feature allows for specifying a template string for a initContainer in the pod. Usecases include situations when you need some pre-run setup. For example, in IKS (IBM Cloud Kubernetes Service), non-root users do not have write permission on the volume mount path for NFS-powered file storage. So, you could use a initcontainer to `chown` the mount. See a example below, where we add an initContainer on the pod that reports to an external resource that the db is going to starting. +`values.yaml` +```yaml +extraInitContainers: | +- name: initcontainer + image: bitnami/minideb:latest + command: ["/bin/sh", "-c"] + args: + - install_packages curl && curl http://api-service.local/db/starting; +``` + +## Upgrading + +It's necessary to specify the existing passwords while performing a upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `rootUser.password`, `db.password` and `galera.mariabackup.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release bitnami/mariadb-galera \ + --set rootUser.password=[ROOT_PASSWORD] \ + --set db.password=[MARIADB_PASSWORD] \ + --set galera.mariabackup.password=[GALERA_MARIABACKUP_PASSWORD] +``` + +| Note: you need to substitute the placeholders _[ROOT_PASSWORD]_, _[MARIADB_PASSWORD]_ and _[MARIABACKUP_PASSWORD]_ with the values obtained from instructions in the installation notes. diff --git a/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 0000000000..f8b77922ea --- /dev/null +++ b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-mariadb-galera](https://github.com/bitnami/bitnami-docker-mariadb-galera#initializing-a-new-instance) repository. diff --git a/bitnami/mariadb-galera/templates/NOTES.txt b/bitnami/mariadb-galera/templates/NOTES.txt new file mode 100644 index 0000000000..9f79b1198f --- /dev/null +++ b/bitnami/mariadb-galera/templates/NOTES.txt @@ -0,0 +1,62 @@ + +** Please be patient while the chart is being deployed ** + +Tip: + + Watch the deployment status using the command: + + kubectl get sts -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +MariaDB can be accessed via port "{{ .Values.service.port }}" on the following DNS name from within your cluster: + + {{ template "mariadb-galera.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To obtain the password for the MariaDB "root" user run the following command: + + kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode + +To connect to your database run the following command: + + kubectl run {{ template "mariadb-galera.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "mariadb-galera.image" . }} --command \ + -- mysql -h {{ template "mariadb-galera.fullname" . }} -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mariadb-galera.fullname" . }}) + mysql -h $NODE_IP -P $NODE_PORT -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mariadb-galera.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mariadb-galera.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mysql -h $SERVICE_IP -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mariadb-galera.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & + mysql -h 127.0.0.1 -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- end }} + +{{- if .Values.metrics.enabled }} + +To access the MariaDB Prometheus metrics from outside the cluster execute the following commands: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mariadb-galera.fullname" . }}-metrics {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & + curl 127.0.0.1:{{ .Values.metrics.service.port }}/metrics + +{{- end }} + +To upgrade this helm chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mariadb-galera \ + --set rootUser.password=$(kubectl get secret {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) \ + {{ if .Values.db.user }}--set db.user={{ .Values.db.user }} --set db.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) {{ end }}--set db.name={{ .Values.db.name }} \ + --set galera.mariabackup.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-galera-mariabackup-password}" | base64 --decode) + +{{ include "mariadb-galera.checkRollingTags" . }} diff --git a/bitnami/mariadb-galera/templates/_helpers.tpl b/bitnami/mariadb-galera/templates/_helpers.tpl new file mode 100644 index 0000000000..702745719f --- /dev/null +++ b/bitnami/mariadb-galera/templates/_helpers.tpl @@ -0,0 +1,151 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mariadb-galera.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "mariadb-galera.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mariadb-galera.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper MariaDB Galera image name +*/}} +{{- define "mariadb-galera.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "mariadb-galera.metrics.image" -}} +{{- $registryName := .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "mariadb-galera.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "mariadb-galera.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{ template "mariadb-galera.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb-galera.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mariadb-galera.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mariadb-galera.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "mariadb.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mariadb-galera.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "mariadb-galera.checkRollingTags" -}} +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} +{{- end -}} diff --git a/bitnami/mariadb-galera/templates/configmap.yaml b/bitnami/mariadb-galera/templates/configmap.yaml new file mode 100644 index 0000000000..97e2eb52e0 --- /dev/null +++ b/bitnami/mariadb-galera/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{ if and (or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-configuration + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: +{{- if (.Files.Glob "files/my.cnf") }} +{{ (.Files.Glob "files/my.cnf").AsConfig | indent 2 }} +{{- else if .Values.mariadbConfiguration }} + my.cnf: | +{{ .Values.mariadbConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/bitnami/mariadb-galera/templates/headless-svc.yaml b/bitnami/mariadb-galera/templates/headless-svc.yaml new file mode 100644 index 0000000000..2d4323e25f --- /dev/null +++ b/bitnami/mariadb-galera/templates/headless-svc.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }}-headless + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: galera + port: 4567 + targetPort: galera + - name: ist + port: 4568 + targetPort: ist + - name: sst + port: 4444 + targetPort: sst + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/bitnami/mariadb-galera/templates/initialization-configmap.yaml b/bitnami/mariadb-galera/templates/initialization-configmap.yaml new file mode 100644 index 0000000000..2818f53d4e --- /dev/null +++ b/bitnami/mariadb-galera/templates/initialization-configmap.yaml @@ -0,0 +1,25 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-init-scripts + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} +binaryData: +{{- $root := . }} +{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} + {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{ end }} diff --git a/bitnami/mariadb-galera/templates/metrics-svc.yaml b/bitnami/mariadb-galera/templates/metrics-svc.yaml new file mode 100644 index 0000000000..f38a8666e0 --- /dev/null +++ b/bitnami/mariadb-galera/templates/metrics-svc.yaml @@ -0,0 +1,21 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }}-metrics + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/pdb.yaml b/bitnami/mariadb-galera/templates/pdb.yaml new file mode 100644 index 0000000000..79e6afd5b7 --- /dev/null +++ b/bitnami/mariadb-galera/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget.create }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/role.yaml b/bitnami/mariadb-galera/templates/role.yaml new file mode 100644 index 0000000000..a5cbd0d915 --- /dev/null +++ b/bitnami/mariadb-galera/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/bitnami/mariadb-galera/templates/rolebinding.yaml b/bitnami/mariadb-galera/templates/rolebinding.yaml new file mode 100644 index 0000000000..67d4827780 --- /dev/null +++ b/bitnami/mariadb-galera/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: +- kind: ServiceAccount + name: {{ template "mariadb-galera.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "mariadb-galera.fullname" . }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/secrets.yaml b/bitnami/mariadb-galera/templates/secrets.yaml new file mode 100644 index 0000000000..f2f4b6be7d --- /dev/null +++ b/bitnami/mariadb-galera/templates/secrets.yaml @@ -0,0 +1,43 @@ +{{- if (not .Values.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + {{- if .Values.rootUser.password }} + mariadb-root-password: {{ .Values.rootUser.password | b64enc | quote }} + {{- else if (not .Values.rootUser.forcePassword) }} + mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ else }} + mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.rootUser.password }} + {{- end }} + {{- if .Values.db.user }} + {{- if .Values.db.password }} + mariadb-password: {{ .Values.db.password | b64enc | quote }} + {{- else if (not .Values.db.forcePassword) }} + mariadb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.db.password }} + {{- end }} + {{- end }} + {{- if .Values.galera.mariabackup.password }} + mariadb-galera-mariabackup-password: {{ .Values.galera.mariabackup.password | b64enc | quote }} + {{- else if (not .Values.galera.mariabackup.forcePassword) }} + mariadb-galera-mariabackup-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ else }} + mariadb-galera-mariabackup-password: {{ required "A MariaBackup Password is required!" .Values.galera.mariabackup.password }} + {{- end }} + {{- if .Values.ldap.enabled }} + {{- if .Values.ldap.bindpw }} + ldap-bindpw: {{ .Values.ldap.bindpw | b64enc | quote }} + {{ else }} + ldap-bindpw: {{ required "LDAP Password is required!" .Values.ldap.bindpw }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/serviceaccount.yaml b/bitnami/mariadb-galera/templates/serviceaccount.yaml new file mode 100644 index 0000000000..f7257b08b7 --- /dev/null +++ b/bitnami/mariadb-galera/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mariadb-galera.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/servicemonitor.yaml b/bitnami/mariadb-galera/templates/servicemonitor.yaml new file mode 100644 index 0000000000..e731fbc3b9 --- /dev/null +++ b/bitnami/mariadb-galera/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "mariadb-galera.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml new file mode 100644 index 0000000000..0d5cb785a7 --- /dev/null +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -0,0 +1,284 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + serviceName: {{ template "mariadb-galera.fullname" . }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + template: + metadata: + {{- if .Values.annotations }} + annotations: + {{- range $key, $value := .Values.annotations }} + {{ $key }}: '{{ $value }}' + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + spec: + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb-galera.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + affinity: + {{- with .Values.nodeAffinity }} + nodeAffinity: {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- if eq .Values.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- else if eq .Values.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- with .Values.podAffinity }} + podAffinity: {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- include "mariadb-galera.imagePullSecrets" . | indent 6 }} + {{- if .Values.extraInitContainers }} + initContainers: +{{ tpl .Values.extraInitContainers . | indent 6}} + {{- end }} + containers: + - name: "mariadb-galera" + image: {{ template "mariadb-galera.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + {{- if .Values.image.debug}} + - name: BITNAMI_DEBUG + value: "true" + {{- end }} + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ template "mariadb-galera.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-root-password + {{- if .Values.db.user }} + - name: MARIADB_USER + value: {{ .Values.db.user | quote }} + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-password + {{- end }} + - name: MARIADB_DATABASE + value: {{ .Values.db.name | quote }} + - name: MARIADB_GALERA_MARIABACKUP_USER + value: {{ .Values.galera.mariabackup.user }} + - name: MARIADB_GALERA_MARIABACKUP_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-galera-mariabackup-password + {{- if .Values.ldap.enabled }} + - name: MARIADB_LDAP_URI + {{- if .Values.ldap.uri }} + value: {{ .Values.ldap.uri }} + {{ else }} + value: {{ required "LDAP uri is required!" .Values.ldap.uri }} + {{- end }} + - name: MARIADB_LDAP_BASE + {{- if .Values.ldap.base }} + value: {{ .Values.ldap.base }} + {{ else }} + value: {{ required "LDAP base is required!" .Values.ldap.base }} + {{- end }} + - name: MARIADB_LDAP_BIND_DN + {{- if .Values.ldap.binddn }} + value: {{ .Values.ldap.binddn }} + {{ else }} + value: {{ required "LDAP binddn is required!" .Values.ldap.binddn }} + {{- end }} + - name: MARIADB_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: ldap-bindpw + - name: MARIADB_LDAP_BASE_LOOKUP + value: {{ .Values.ldap.bslookup }} + {{- end }} + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + - name: galera + containerPort: 4567 + - name: ist + containerPort: 4568 + - name: sst + containerPort: 4444 + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration .Values.configurationConfigMap }} + - name: mariadb-galera-config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mariadb-galera.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-root-password + command: [ 'sh', '-c', 'DATA_SOURCE_NAME="root:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter' ] + ports: + - name: metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration .Values.configurationConfigMap }} + - name: mariadb-galera-config + configMap: + name: {{ template "mariadb-galera.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mariadb-galera.initdbScriptsCM" . }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/svc.yaml b/bitnami/mariadb-galera/templates/svc.yaml new file mode 100644 index 0000000000..55a717868c --- /dev/null +++ b/bitnami/mariadb-galera/templates/svc.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.service.port }} + targetPort: mysql + {{- if and .Values.service.nodePort (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/bitnami/mariadb-galera/templates/test-runner.yaml b/bitnami/mariadb-galera/templates/test-runner.yaml new file mode 100644 index 0000000000..655d63cda8 --- /dev/null +++ b/bitnami/mariadb-galera/templates/test-runner.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "mariadb-galera.fullname" . }}-test-{{ randAlphaNum 5 | lower }} + annotations: + "helm.sh/hook": test-success +spec: + initContainers: + - name: "test-framework" + image: "dduportal/bats:0.4.0" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: mariadb-galera-test + image: {{ template "mariadb-galera.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-galera-root-password + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + volumes: + - name: tests + configMap: + name: {{ template "mariadb-galera.fullname" . }}-tests + - name: tools + emptyDir: {} + restartPolicy: Never diff --git a/bitnami/mariadb-galera/templates/tests.yaml b/bitnami/mariadb-galera/templates/tests.yaml new file mode 100644 index 0000000000..507f17a619 --- /dev/null +++ b/bitnami/mariadb-galera/templates/tests.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-tests +data: + run.sh: |- + @test "Testing MariaDB is accessible" { + mysql -h {{ template "mariadb-galera.fullname" . }} -uroot -p$MARIADB_ROOT_PASSWORD -e 'show databases;' + } diff --git a/bitnami/mariadb-galera/values-production.yaml b/bitnami/mariadb-galera/values-production.yaml new file mode 100644 index 0000000000..6f50cc406a --- /dev/null +++ b/bitnami/mariadb-galera/values-production.yaml @@ -0,0 +1,434 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName + +## Bitnami MariaDB Galera image +## ref: https://hub.docker.com/r/bitnami/mariadb-galera/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb-galera + tag: 10.3.17-debian-9-r8 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH debugging in minideb-extras-base + ## + debug: false + +## String to partially override mariadb-galera.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb-galera.fullname template +## +# fullnameOverride: + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB Gallera K8s svc properties +## +service: + ## Kubernetes service type and port number + ## + type: ClusterIP + port: 3306 + # clusterIP: None + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: 30001 + + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + # name: + +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + create: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: false + fsGroup: 1001 + runAsUser: 1001 + +## Use existing secret (ignores rootUser.password, db.password, and galera.mariabackup.password) +## +# existingSecret: + +rootUser: + ## MariaDB admin password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + +## Custom db configuration +## +db: + ## MariaDB username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run + ## + user: + password: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + +## Galera configuration +## +galera: + ## Galera cluster name + ## + name: galera + + mariabackup: + ## MariaBackup username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## + user: mariabackup + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + +## LDAP configuration +## +ldap: + ## Enable LDAP support + ## + enabled: false + # uri: + # base: + # binddn: + # bindpw: + # bslookup: + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + + [mysqld] + default-storage-engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind-address=0.0.0.0 + + ## Character set + collation-server=utf8_unicode_ci + init-connect='SET NAMES utf8' + character-set-server=utf8 + + ## MyISAM + key-buffer-size=32M + myisam-recover-options=FORCE,BACKUP + + ## safety + skip-host-cache + skip-name-resolve + max-allowed-packet=16M + max-connect-errors=1000000 + sql-mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate-is-now=1 + innodb=FORCE + innodb-strict-mode=1 + innodb_file_per_table=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb-autoinc-lock-mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb-doublewrite=1 + # Not fully ACID compliant, up to 1sec transaction loss in the event of total cluster failure (across both regions) + # Enabled for performance per https://mariadb.com/kb/en/mariadb/getting-started-with-mariadb-galera-cluster/ + innodb_flush_log_at_trx_commit=0 + + ## binary logging + log-bin=mysql-bin + expire-logs-days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync-binlog=0 + # Required for Galera + binlog-format=row + ## Caches and limits + tmp-table-size=32M + max-heap-table-size=32M + # Re-enabling as now works with Maria 10.1.2 + query-cache-type=1 + query-cache-limit=4M + query-cache-size=256M + max-connections=500 + thread-cache-size=50 + open-files-limit=65535 + table-definition-cache=4096 + table-open-cache=4096 + ## innodb + innodb-flush-method=O_DIRECT + innodb-log-files-in-group=2 + innodb-log-file-size=128M + innodb-flush-log-at-trx-commit=1 + innodb-file-per-table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb-buffer-pool-size=2G + innodb_file_format=Barracuda + + ## logging + log-error=/opt/bitnami/mariadb/logs/mysqld.log + slow-query-log-file=/opt/bitnami/mariadb/logs/mysqld.log + log-queries-not-using-indexes=1 + slow-query-log=1 + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + innodb-flush-log-at-trx-commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + +## ConfigMap with MariaDB configuration +## NOTE: This will override mariadbConfiguration +# configurationConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## Desired number of cluster nodes +## +replicaCount: 3 + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Node Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +## +nodeAffinity: {} + +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## + +## Additional init containers +## +# extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} + +## Liveness and readiness probes configuration +## +livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +## Pod disruption budget configuration +## +podDisruptionBudget: + ## Specifies whether a Pod disruption budget should be created + ## + create: false + minAvailable: 1 + # maxUnavailable: 1 + +## Prometheus exporter configuration +## +metrics: + enabled: true + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-9-r14 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + # Enable this if you're using https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + ## Specify a namespace if needed + # namespace: monitoring + # fallback to the prometheus default unless specified + # interval: 10s + # scrapeTimeout: 10s + ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml new file mode 100644 index 0000000000..58eab6033e --- /dev/null +++ b/bitnami/mariadb-galera/values.yaml @@ -0,0 +1,434 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName + +## Bitnami MariaDB Galera image +## ref: https://hub.docker.com/r/bitnami/mariadb-galera/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb-galera + tag: 10.3.17-debian-9-r8 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH debugging in minideb-extras-base + ## + debug: false + +## String to partially override mariadb-galera.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb-galera.fullname template +## +# fullnameOverride: + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB Gallera K8s svc properties +## +service: + ## Kubernetes service type and port number + ## + type: ClusterIP + port: 3306 + # clusterIP: None + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: 30001 + + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + # name: + +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + create: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: false + fsGroup: 1001 + runAsUser: 1001 + +## Use existing secret (ignores rootUser.password, db.password, and galera.mariabackup.password) +## +# existingSecret: + +rootUser: + ## MariaDB admin password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + +## Custom db configuration +## +db: + ## MariaDB username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run + ## + user: + password: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + +## Galera configuration +## +galera: + ## Galera cluster name + ## + name: galera + + mariabackup: + ## MariaBackup username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## + user: mariabackup + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + +## LDAP configuration +## +ldap: + ## Enable LDAP support + ## + enabled: false + # uri: + # base: + # binddn: + # bindpw: + # bslookup: + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + + [mysqld] + default-storage-engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind-address=0.0.0.0 + + ## Character set + collation-server=utf8_unicode_ci + init-connect='SET NAMES utf8' + character-set-server=utf8 + + ## MyISAM + key-buffer-size=32M + myisam-recover-options=FORCE,BACKUP + + ## safety + skip-host-cache + skip-name-resolve + max-allowed-packet=16M + max-connect-errors=1000000 + sql-mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate-is-now=1 + innodb=FORCE + innodb-strict-mode=1 + innodb_file_per_table=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb-autoinc-lock-mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb-doublewrite=1 + # Not fully ACID compliant, up to 1sec transaction loss in the event of total cluster failure (across both regions) + # Enabled for performance per https://mariadb.com/kb/en/mariadb/getting-started-with-mariadb-galera-cluster/ + innodb_flush_log_at_trx_commit=0 + + ## binary logging + log-bin=mysql-bin + expire-logs-days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync-binlog=0 + # Required for Galera + binlog-format=row + ## Caches and limits + tmp-table-size=32M + max-heap-table-size=32M + # Re-enabling as now works with Maria 10.1.2 + query-cache-type=1 + query-cache-limit=4M + query-cache-size=256M + max-connections=500 + thread-cache-size=50 + open-files-limit=65535 + table-definition-cache=4096 + table-open-cache=4096 + ## innodb + innodb-flush-method=O_DIRECT + innodb-log-files-in-group=2 + innodb-log-file-size=128M + innodb-flush-log-at-trx-commit=1 + innodb-file-per-table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb-buffer-pool-size=2G + innodb_file_format=Barracuda + + ## logging + log-error=/opt/bitnami/mariadb/logs/mysqld.log + slow-query-log-file=/opt/bitnami/mariadb/logs/mysqld.log + log-queries-not-using-indexes=1 + slow-query-log=1 + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + innodb-flush-log-at-trx-commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + +## ConfigMap with MariaDB configuration +## NOTE: This will override mariadbConfiguration +# configurationConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## Desired number of cluster nodes +## +replicaCount: 3 + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Node Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +## +nodeAffinity: {} + +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## + +## Additional init containers +## +# extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} + +## Liveness and readiness probes configuration +## +livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +## Pod disruption budget configuration +## +podDisruptionBudget: + ## Specifies whether a Pod disruption budget should be created + ## + create: false + minAvailable: 1 + # maxUnavailable: 1 + +## Prometheus exporter configuration +## +metrics: + enabled: false + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-9-r14 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + # Enable this if you're using https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + ## Specify a namespace if needed + # namespace: monitoring + # fallback to the prometheus default unless specified + # interval: 10s + # scrapeTimeout: 10s + ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus