From 1a48333df85c03d576f357bc82d179e908a2dd2f Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Wed, 7 Aug 2019 16:07:53 +0530 Subject: [PATCH 1/3] [bitnami/mariadb-galera] new chart for MariaDB Galera Deployment Signed-off-by: Sameer Naik --- bitnami/mariadb-galera/.helmignore | 1 + bitnami/mariadb-galera/Chart.yaml | 22 + bitnami/mariadb-galera/README.md | 276 +++++++++++++ .../docker-entrypoint-initdb.d/README.md | 3 + bitnami/mariadb-galera/templates/NOTES.txt | 53 +++ bitnami/mariadb-galera/templates/_helpers.tpl | 151 +++++++ .../mariadb-galera/templates/configmap.yaml | 18 + .../templates/headless-svc.yaml | 34 ++ .../templates/initialization-configmap.yaml | 25 ++ bitnami/mariadb-galera/templates/pdb.yaml | 22 + bitnami/mariadb-galera/templates/role.yaml | 18 + .../mariadb-galera/templates/rolebinding.yaml | 18 + bitnami/mariadb-galera/templates/secrets.yaml | 43 ++ .../templates/serviceaccount.yaml | 11 + .../templates/servicemonitor.yaml | 33 ++ .../mariadb-galera/templates/statefulset.yaml | 284 +++++++++++++ bitnami/mariadb-galera/templates/svc.yaml | 37 ++ .../mariadb-galera/templates/test-runner.yaml | 48 +++ bitnami/mariadb-galera/templates/tests.yaml | 9 + bitnami/mariadb-galera/values-production.yaml | 388 ++++++++++++++++++ bitnami/mariadb-galera/values.yaml | 388 ++++++++++++++++++ 21 files changed, 1882 insertions(+) create mode 100644 bitnami/mariadb-galera/.helmignore create mode 100644 bitnami/mariadb-galera/Chart.yaml create mode 100644 bitnami/mariadb-galera/README.md create mode 100644 bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md create mode 100644 bitnami/mariadb-galera/templates/NOTES.txt create mode 100644 bitnami/mariadb-galera/templates/_helpers.tpl create mode 100644 bitnami/mariadb-galera/templates/configmap.yaml create mode 100644 bitnami/mariadb-galera/templates/headless-svc.yaml create mode 100644 bitnami/mariadb-galera/templates/initialization-configmap.yaml create mode 100644 bitnami/mariadb-galera/templates/pdb.yaml create mode 100644 bitnami/mariadb-galera/templates/role.yaml create mode 100644 bitnami/mariadb-galera/templates/rolebinding.yaml create mode 100644 bitnami/mariadb-galera/templates/secrets.yaml create mode 100644 bitnami/mariadb-galera/templates/serviceaccount.yaml create mode 100644 bitnami/mariadb-galera/templates/servicemonitor.yaml create mode 100644 bitnami/mariadb-galera/templates/statefulset.yaml create mode 100644 bitnami/mariadb-galera/templates/svc.yaml create mode 100644 bitnami/mariadb-galera/templates/test-runner.yaml create mode 100644 bitnami/mariadb-galera/templates/tests.yaml create mode 100644 bitnami/mariadb-galera/values-production.yaml create mode 100644 bitnami/mariadb-galera/values.yaml diff --git a/bitnami/mariadb-galera/.helmignore b/bitnami/mariadb-galera/.helmignore new file mode 100644 index 0000000000..6b8710a711 --- /dev/null +++ b/bitnami/mariadb-galera/.helmignore @@ -0,0 +1 @@ +.git diff --git a/bitnami/mariadb-galera/Chart.yaml b/bitnami/mariadb-galera/Chart.yaml new file mode 100644 index 0000000000..2bbf9e4abb --- /dev/null +++ b/bitnami/mariadb-galera/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: mariadb-galera +version: 0.0.1 +appVersion: 10.3.17 +description: MariaDB Galera is a multi-master database cluster solution for synchronous replication and high availability. +keywords: +- mariadb +- mysql +- database +- sql +- prometheus +- galera +- percona +home: https://mariadb.org +icon: https://bitnami.com/assets/stacks/mariadb-galera/img/mariadb-galera-stack-220x234.png +sources: +- https://github.com/bitnami/bitnami-docker-mariadb-galera +- https://github.com/prometheus/mysqld_exporter +maintainers: +- name: Bitnami + email: containers@bitnami.com +engine: gotpl diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md new file mode 100644 index 0000000000..808a7da0e4 --- /dev/null +++ b/bitnami/mariadb-galera/README.md @@ -0,0 +1,276 @@ +# MariaDB Galera + +[MariaDB Galera](https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/) is a multi-master database cluster solution for synchronous replication and high availability. + +## TL;DR + +```bash +$ helm install bitnami/mariadb-galera +``` + +## Introduction + +This chart bootstraps a [MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with fluentd and Prometheus on top of [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.10+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +Add the `bitnami` charts repo to Helm: + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +``` + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release bitnami/mariadb-galera +``` + +The command deploys MariaDB Galera on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +For a graceful termination, set the replica count of the Pods in the `mariadb-galera` StatefulSet to `0`: + +```bash +$ kubectl scale sts my-release-mariadb-galera --replicas=0 +``` + +To uninstall/delete the `my-release` release: + +```bash +$ helm delete --purge my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the MariaDB Galera chart and their default values. + +| Parameter | Description | Default | +|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.registry` | MariaDB Galera image registry | `docker.io` | +| `image.repository` | MariaDB Galera Image name | `bitnami/mariadb-galera` | +| `image.tag` | MariaDB Galera Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | MariaDB Galera image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `nameOverride` | String to partially override mariadb-galera.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override mariadb-galera.fullname template with a string | `nil` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.annotation` | Annotations for MariaDB Galera service | `{}` | +| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use None for headless service | `nil` | +| `service.port` | MariaDB service port | `3306` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mariadb-galera.fullname template | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `rbac.create` | Create and use RBAC resources | `false` | +| `securityContext.enabled` | Enable security context | `false` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `existingSecret` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-galera-mariabackup-password` and `mariadb-password`. | `nil` | +| `rootUser.password` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | +| `rootUser.forcePassword` | Force users to specify a password | `false` | +| `db.user` | Username of new user to create | `nil` | +| `db.password` | Password for the new user. Ignored if existing secret is provided. | _random 10 character alphanumeric string if `db.user` is defined_ | +| `db.forcePassword` | Force users to specify a password | `false` | +| `db.name` | Name for new database to create | `my_database` | +| `galera.name` | Galera cluster name | `galera` | +| `galera.mariabackup.user` | Galera mariabackup user | `mariabackup` | +| `galera.mariabackup.password` | Galera mariabackup password | _random 10 character alphanumeric string_ | +| `galera.mariabackup.forcePassword` | Force users to specify a password | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://:` | `nil` | +| `ldap.base` | LDAP base DN | `nil` | +| `ldap.binddn` | LDAP bind DN | `nil` | +| `ldap.bindpw` | LDAP bind password | `nil` | +| `ldap.bslookup` | LDAP base lookup | `nil` | +| `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` | +| `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `replicaCount` | Desired number of cluster nodes | `3` | +| `annotations[].key` | key for the the annotation list item | `nil` | +| `annotations[].value` | value for the the annotation list item | `nil` | +| `extraFlags` | MariaDB additional command line flags | `nil` | +| `podAffinity` | Affinity (in addition to antiAffinity when set) | `{}` | +| `podAntiAffinity` | Pod anti-affinity policy | `soft` | +| `nodeSelector` | Node labels for pod assignment (this value is evaluated as a template) | `{}` | +| `tolerations` | List of node taints to tolerate (this value is evaluated as a template) | `[]` | +| `updateStrategy` | Statefulset update strategy policy | `RollingUpdate` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mariadb` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.storageClass` | Persistent Volume Storage Class | `` | +| `persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | +| `persistence.size` | Persistent Volume Size | `8Gi` | +| `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | | +| `resources` | CPU/Memory resource requests/limits for node | `{}` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `1` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `podDisruptionBudget.enabled` | If true, create a pod disruption budget for pods. | `false` | +| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image name | `prom/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag | `v0.10.0` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.resources` | Exporter resource requests/limit | `nil` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` | +| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | + +The above parameters map to the env variables defined in [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera). For more information please refer to the [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set rootUser.password=secretpassword, + --set db.user=app_database \ + bitnami/mariadb-galera +``` + +The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml bitnami/mariadb-galera +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### LDAP + +LDAP support can be enabled in the chart by specifying the `ldap.` parameters while creating a release. The following parameters should be configured to properly enable the LDAP support in the chart. + +- `ldap.enabled`: Enable LDAP support. Defaults to `false`. +- `ldap.uri`: LDAP URL beginning in the form `ldap[s]://:`. No defaults. +- `ldap.base`: LDAP base DN. No defaults. +- `ldap.binddn`: LDAP bind DN. No defaults. +- `ldap.bindpw`: LDAP bind password. No defaults. +- `ldap.bslookup`: LDAP base lookup. No defaults. + +For example: + +```bash +$ helm install --name my-release bitnami/mariadb-galera \ + --set ldap.enabled="true" \ + --set ldap.url="ldap://my_ldap_server" \ + --set ldap.base="dc=example,dc=org" \ + --set ldap.binddn="cn=admin,dc=example,dc=org" \ + --set ldap.bindpw="admin" \ + --set ldap.bslookup="ou=group-ok,dc=example,dc=org" +``` + +Next, login to the MariaDB server using the `mysql` client and add the PAM authenticated LDAP users. + +For example, + +```mysql +CREATE USER 'bitnami'@'localhost' IDENTIFIED VIA pam USING 'mariadb'; +``` + +With the above example, when the `bitnami` user attempts to login to the MariaDB server, he/she will be authenticated against the LDAP server. + +### Production configuration + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. + +```console +$ helm install --name my-release -f ./values-production.yaml bitnami/mariadb-galera +``` + +- Force users to specify a password: +```diff +- rootUser.forcePassword: false ++ rootUser.forcePassword: true +- db.forcePassword: false ++ db.forcePassword: true +- galera.mariabackup.forcePassword: false ++ galera.mariabackup..forcePassword: true +``` + +- Start a side-car prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +## Initialize a fresh instance + +The [Bitnami MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +## Persistence + +The [Bitnami MariaDB Galera](https://github.com/bitnami/bitnami-docker-mariadb-galera) image stores the MariaDB data and configurations at the `/bitnami/mariadb` path of the container. + +The chart mounts a [Persistent Volume](kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can be defined. + +## Extra Init Containers + +The feature allows for specifying a template string for a initContainer in the pod. Usecases include situations when you need some pre-run setup. For example, in IKS (IBM Cloud Kubernetes Service), non-root users do not have write permission on the volume mount path for NFS-powered file storage. So, you could use a initcontainer to `chown` the mount. See a example below, where we add an initContainer on the pod that reports to an external resource that the db is going to starting. +`values.yaml` +```yaml +extraInitContainers: | +- name: initcontainer + image: bitnami/minideb:latest + command: ["/bin/sh", "-c"] + args: + - install_packages curl && curl http://api-service.local/db/starting; +``` + +## Upgrading + +It's necessary to specify the existing passwords while performing a upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `rootUser.password`, `db.password` and `galera.mariabackup.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release bitnami/mariadb-galera \ + --set rootUser.password=[ROOT_PASSWORD] \ + --set db.password=[MARIADB_PASSWORD] \ + --set galera.mariabackup.password=[GALERA_MARIABACKUP_PASSWORD] +``` + +| Note: you need to substitute the placeholders _[ROOT_PASSWORD]_, _[MARIADB_PASSWORD]_ and _[MARIABACKUP_PASSWORD]_ with the values obtained from instructions in the installation notes. diff --git a/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 0000000000..aaddde3030 --- /dev/null +++ b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-mariadb](https://github.com/bitnami/bitnami-docker-mariadb#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/bitnami/mariadb-galera/templates/NOTES.txt b/bitnami/mariadb-galera/templates/NOTES.txt new file mode 100644 index 0000000000..810659f070 --- /dev/null +++ b/bitnami/mariadb-galera/templates/NOTES.txt @@ -0,0 +1,53 @@ + +** Please be patient while the chart is being deployed ** + +Tip: + + Watch the deployment status using the command: + + kubectl get sts -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +MariaDB can be accessed via port "{{ .Values.service.port }}" on the following DNS name from within your cluster: + + {{ template "mariadb-galera.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To obtain the password for the MariaDB "root" user run the following command: + + kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode + +To connect to your database run the following command: + + kubectl run {{ template "mariadb-galera.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "mariadb-galera.image" . }} --command \ + -- mysql -h {{ template "mariadb-galera.fullname" . }} -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mariadb-galera.fullname" . }}) + mysql -h $NODE_IP -P $NODE_PORT -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mariadb-galera.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mariadb-galera.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + mysql -h $SERVICE_IP -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mariadb-galera.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & + mysql -h 127.0.0.1 -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }} + +{{- end }} + +To upgrade this helm chart: + + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mariadb-galera \ + --set rootUser.password=$(kubectl get secret {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) \ + {{ if .Values.db.user }}--set db.user={{ .Values.db.user }} --set db.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) {{ end }}--set db.name={{ .Values.db.name }} \ + --set galera.mariabackup.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-galera-mariabackup-password}" | base64 --decode) + +{{ include "mariadb-galera.checkRollingTags" . }} diff --git a/bitnami/mariadb-galera/templates/_helpers.tpl b/bitnami/mariadb-galera/templates/_helpers.tpl new file mode 100644 index 0000000000..702745719f --- /dev/null +++ b/bitnami/mariadb-galera/templates/_helpers.tpl @@ -0,0 +1,151 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mariadb-galera.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "mariadb-galera.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mariadb-galera.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper MariaDB Galera image name +*/}} +{{- define "mariadb-galera.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "mariadb-galera.metrics.image" -}} +{{- $registryName := .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "mariadb-galera.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "mariadb-galera.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{ template "mariadb-galera.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb-galera.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mariadb-galera.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mariadb-galera.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "mariadb.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mariadb-galera.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "mariadb-galera.checkRollingTags" -}} +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} +{{- end -}} diff --git a/bitnami/mariadb-galera/templates/configmap.yaml b/bitnami/mariadb-galera/templates/configmap.yaml new file mode 100644 index 0000000000..97e2eb52e0 --- /dev/null +++ b/bitnami/mariadb-galera/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{ if and (or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-configuration + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: +{{- if (.Files.Glob "files/my.cnf") }} +{{ (.Files.Glob "files/my.cnf").AsConfig | indent 2 }} +{{- else if .Values.mariadbConfiguration }} + my.cnf: | +{{ .Values.mariadbConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/bitnami/mariadb-galera/templates/headless-svc.yaml b/bitnami/mariadb-galera/templates/headless-svc.yaml new file mode 100644 index 0000000000..305a369c0d --- /dev/null +++ b/bitnami/mariadb-galera/templates/headless-svc.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }}-headless + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.metrics.enabled }} + annotations: +{{ toYaml .Values.metrics.annotations | indent 4 }} +{{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: galera + port: 4567 + targetPort: galera + - name: ist + port: 4568 + targetPort: ist + - name: sst + port: 4444 + targetPort: sst +{{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + targetPort: metrics +{{- end }} + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/bitnami/mariadb-galera/templates/initialization-configmap.yaml b/bitnami/mariadb-galera/templates/initialization-configmap.yaml new file mode 100644 index 0000000000..2818f53d4e --- /dev/null +++ b/bitnami/mariadb-galera/templates/initialization-configmap.yaml @@ -0,0 +1,25 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-init-scripts + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} +binaryData: +{{- $root := . }} +{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} + {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{ end }} diff --git a/bitnami/mariadb-galera/templates/pdb.yaml b/bitnami/mariadb-galera/templates/pdb.yaml new file mode 100644 index 0000000000..425ad3d32c --- /dev/null +++ b/bitnami/mariadb-galera/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/role.yaml b/bitnami/mariadb-galera/templates/role.yaml new file mode 100644 index 0000000000..ea1fa64974 --- /dev/null +++ b/bitnami/mariadb-galera/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/bitnami/mariadb-galera/templates/rolebinding.yaml b/bitnami/mariadb-galera/templates/rolebinding.yaml new file mode 100644 index 0000000000..67d4827780 --- /dev/null +++ b/bitnami/mariadb-galera/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: +- kind: ServiceAccount + name: {{ template "mariadb-galera.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "mariadb-galera.fullname" . }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/secrets.yaml b/bitnami/mariadb-galera/templates/secrets.yaml new file mode 100644 index 0000000000..f2f4b6be7d --- /dev/null +++ b/bitnami/mariadb-galera/templates/secrets.yaml @@ -0,0 +1,43 @@ +{{- if (not .Values.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + {{- if .Values.rootUser.password }} + mariadb-root-password: {{ .Values.rootUser.password | b64enc | quote }} + {{- else if (not .Values.rootUser.forcePassword) }} + mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ else }} + mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.rootUser.password }} + {{- end }} + {{- if .Values.db.user }} + {{- if .Values.db.password }} + mariadb-password: {{ .Values.db.password | b64enc | quote }} + {{- else if (not .Values.db.forcePassword) }} + mariadb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.db.password }} + {{- end }} + {{- end }} + {{- if .Values.galera.mariabackup.password }} + mariadb-galera-mariabackup-password: {{ .Values.galera.mariabackup.password | b64enc | quote }} + {{- else if (not .Values.galera.mariabackup.forcePassword) }} + mariadb-galera-mariabackup-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ else }} + mariadb-galera-mariabackup-password: {{ required "A MariaBackup Password is required!" .Values.galera.mariabackup.password }} + {{- end }} + {{- if .Values.ldap.enabled }} + {{- if .Values.ldap.bindpw }} + ldap-bindpw: {{ .Values.ldap.bindpw | b64enc | quote }} + {{ else }} + ldap-bindpw: {{ required "LDAP Password is required!" .Values.ldap.bindpw }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/serviceaccount.yaml b/bitnami/mariadb-galera/templates/serviceaccount.yaml new file mode 100644 index 0000000000..f7257b08b7 --- /dev/null +++ b/bitnami/mariadb-galera/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mariadb-galera.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/servicemonitor.yaml b/bitnami/mariadb-galera/templates/servicemonitor.yaml new file mode 100644 index 0000000000..e731fbc3b9 --- /dev/null +++ b/bitnami/mariadb-galera/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "mariadb-galera.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml new file mode 100644 index 0000000000..2fc08fdd25 --- /dev/null +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -0,0 +1,284 @@ +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + serviceName: {{ template "mariadb-galera.fullname" . }} + replicas: {{ .Values.replicaCount }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + template: + metadata: + {{- if .Values.annotations }} + annotations: + {{- range $key, $value := .Values.annotations }} + {{ $key }}: '{{ $value }}' + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + spec: + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb-galera.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + affinity: + {{- with .Values.nodeAffinity }} + nodeAffinity: {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- with .Values.podAffinity }} + podAffinity: {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} + {{- if eq .Values.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- else if eq .Values.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- include "mariadb-galera.imagePullSecrets" . | indent 6 }} + {{- if .Values.extraInitContainers }} + initContainers: +{{ tpl .Values.extraInitContainers . | indent 6}} + {{- end }} + containers: + - name: "mariadb-galera" + image: {{ template "mariadb-galera.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ template "mariadb-galera.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" + {{- if .Values.image.debug}} + - name: BITNAMI_DEBUG + value: "true" + {{- end }} + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-root-password + {{- if .Values.db.user }} + - name: MARIADB_USER + value: {{ .Values.db.user | quote }} + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-password + {{- end }} + - name: MARIADB_DATABASE + value: {{ .Values.db.name | quote }} + - name: MARIADB_GALERA_MARIABACKUP_USER + value: {{ .Values.galera.mariabackup.user }} + - name: MARIADB_GALERA_MARIABACKUP_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-galera-mariabackup-password + {{- if .Values.ldap.enabled }} + - name: MARIADB_LDAP_URI + {{- if .Values.ldap.uri }} + value: {{ .Values.ldap.uri }} + {{ else }} + value: {{ required "LDAP uri is required!" .Values.ldap.uri }} + {{- end }} + - name: MARIADB_LDAP_BASE + {{- if .Values.ldap.base }} + value: {{ .Values.ldap.base }} + {{ else }} + value: {{ required "LDAP base is required!" .Values.ldap.base }} + {{- end }} + - name: MARIADB_LDAP_BIND_DN + {{- if .Values.ldap.binddn }} + value: {{ .Values.ldap.binddn }} + {{ else }} + value: {{ required "LDAP binddn is required!" .Values.ldap.binddn }} + {{- end }} + - name: MARIADB_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: ldap-bindpw + - name: MARIADB_LDAP_BASE_LOOKUP + value: {{ .Values.ldap.bslookup }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + - name: galera + containerPort: 4567 + - name: ist + containerPort: 4568 + - name: sst + containerPort: 4444 + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"] + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration .Values.configurationConfigMap }} + - name: mariadb-galera-config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mariadb-galera.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-root-password + command: [ 'sh', '-c', 'DATA_SOURCE_NAME="root:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter' ] + ports: + - name: metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/my.cnf") .Values.mariadbConfiguration .Values.configurationConfigMap }} + - name: mariadb-galera-config + configMap: + name: {{ template "mariadb-galera.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mariadb-galera.initdbScriptsCM" . }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/svc.yaml b/bitnami/mariadb-galera/templates/svc.yaml new file mode 100644 index 0000000000..76a9b212ca --- /dev/null +++ b/bitnami/mariadb-galera/templates/svc.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ with .Values.service.loadBalancerSourceRanges }} +{{ toYaml . | indent 4 }} +{{- end }} + {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.service.port }} + targetPort: mysql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/bitnami/mariadb-galera/templates/test-runner.yaml b/bitnami/mariadb-galera/templates/test-runner.yaml new file mode 100644 index 0000000000..655d63cda8 --- /dev/null +++ b/bitnami/mariadb-galera/templates/test-runner.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "mariadb-galera.fullname" . }}-test-{{ randAlphaNum 5 | lower }} + annotations: + "helm.sh/hook": test-success +spec: + initContainers: + - name: "test-framework" + image: "dduportal/bats:0.4.0" + command: + - "bash" + - "-c" + - | + set -ex + # copy bats to tools dir + cp -R /usr/local/libexec/ /tools/bats/ + volumeMounts: + - mountPath: /tools + name: tools + containers: + - name: mariadb-galera-test + image: {{ template "mariadb-galera.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "mariadb-galera.fullname" . }} + {{- end }} + key: mariadb-galera-root-password + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + volumes: + - name: tests + configMap: + name: {{ template "mariadb-galera.fullname" . }}-tests + - name: tools + emptyDir: {} + restartPolicy: Never diff --git a/bitnami/mariadb-galera/templates/tests.yaml b/bitnami/mariadb-galera/templates/tests.yaml new file mode 100644 index 0000000000..507f17a619 --- /dev/null +++ b/bitnami/mariadb-galera/templates/tests.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mariadb-galera.fullname" . }}-tests +data: + run.sh: |- + @test "Testing MariaDB is accessible" { + mysql -h {{ template "mariadb-galera.fullname" . }} -uroot -p$MARIADB_ROOT_PASSWORD -e 'show databases;' + } diff --git a/bitnami/mariadb-galera/values-production.yaml b/bitnami/mariadb-galera/values-production.yaml new file mode 100644 index 0000000000..6015a1d5c2 --- /dev/null +++ b/bitnami/mariadb-galera/values-production.yaml @@ -0,0 +1,388 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Bitnami MariaDB image +## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb-galera + tag: 10.3.17-debian-9-r8 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override mariadb.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb.fullname template +## +# fullnameOverride: + +service: + ## Kubernetes service type, ClusterIP and NodePort are supported at present + type: ClusterIP + # clusterIP: None + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: 30001 + + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + # name: + +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## + +rbac: + create: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +# # Use existing secret (ignores root, db and replication passwords) +# existingSecret: + +rootUser: + ## MariaDB admin password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## + password: + ## + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: true + +db: + ## MariaDB username and password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-user-on-first-run + ## + user: + password: + ## Password is ignored if existingSecret is specified. + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: true + +galera: + ## Galera cluster name + name: galera + ## MariaBackup username and password + ## ref: https://mariadb.com/kb/en/library/mariabackup-overview/ + mariabackup: + user: mariabackup + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: true + +ldap: + enabled: false + # uri: + # base: + # binddn: + # bindpw: + # bslookup: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## Desired number of cluster nodes +replicaCount: 3 + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## +extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + + [mysqld] + default-storage-engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind-address=0.0.0.0 + + ## Character set + collation-server=utf8_unicode_ci + init-connect='SET NAMES utf8' + character-set-server=utf8 + + ## MyISAM + key-buffer-size=32M + myisam-recover-options=FORCE,BACKUP + + ## safety + skip-host-cache + skip-name-resolve + max-allowed-packet=16M + max-connect-errors=1000000 + sql-mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate-is-now=1 + innodb=FORCE + innodb-strict-mode=1 + innodb_file_per_table=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb-autoinc-lock-mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb-doublewrite=1 + # Not fully ACID compliant, up to 1sec transaction loss in the event of total cluster failure (across both regions) + # Enabled for performance per https://mariadb.com/kb/en/mariadb/getting-started-with-mariadb-galera-cluster/ + innodb_flush_log_at_trx_commit=0 + + ## binary logging + log-bin=mysql-bin + expire-logs-days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync-binlog=0 + # Required for Galera + binlog-format=row + ## Caches and limits + tmp-table-size=32M + max-heap-table-size=32M + # Re-enabling as now works with Maria 10.1.2 + query-cache-type=1 + query-cache-limit=4M + query-cache-size=256M + max-connections=500 + thread-cache-size=50 + open-files-limit=65535 + table-definition-cache=4096 + table-open-cache=4096 + ## innodb + innodb-flush-method=O_DIRECT + innodb-log-files-in-group=2 + innodb-log-file-size=128M + innodb-flush-log-at-trx-commit=1 + innodb-file-per-table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb-buffer-pool-size=2G + innodb_file_format=Barracuda + + ## logging + log-error=/opt/bitnami/mariadb/logs/mysqld.log + slow-query-log-file=/opt/bitnami/mariadb/logs/mysqld.log + log-queries-not-using-indexes=1 + slow-query-log=1 + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + innodb-flush-log-at-trx-commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + +## ConfigMap with MariaDB configuration +## NOTE: This will override mariadbConfiguration +# configurationConfigMap: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} +livenessProbe: + enabled: true + ## + ## Initializing the database could take some time + initialDelaySeconds: 120 + ## + ## Default Kubernetes values + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 30 + ## + ## Default Kubernetes values + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + +metrics: + enabled: true + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.0-i3s-7-r0 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + # Enable this if you're using https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + ## Specify a namespace if needed + # namespace: monitoring + # fallback to the prometheus default unless specified + # interval: 10s + # scrapeTimeout: 10s + ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml new file mode 100644 index 0000000000..ff417cf5f0 --- /dev/null +++ b/bitnami/mariadb-galera/values.yaml @@ -0,0 +1,388 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Bitnami MariaDB image +## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb-galera + tag: 10.3.17-debian-9-r8 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## String to partially override mariadb.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb.fullname template +## +# fullnameOverride: + +service: + ## Kubernetes service type, ClusterIP and NodePort are supported at present + type: ClusterIP + # clusterIP: None + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: 30001 + + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + # name: + +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## + +rbac: + create: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: false + fsGroup: 1001 + runAsUser: 1001 + +# # Use existing secret (ignores root, db and replication passwords) +# existingSecret: + +rootUser: + ## MariaDB admin password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## + password: + ## + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: false + +db: + ## MariaDB username and password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-user-on-first-run + ## + user: + password: + ## Password is ignored if existingSecret is specified. + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: false + +galera: + ## Galera cluster name + name: galera + ## MariaBackup username and password + ## ref: https://mariadb.com/kb/en/library/mariabackup-overview/ + mariabackup: + user: mariabackup + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + forcePassword: false + +ldap: + enabled: false + # uri: + # base: + # binddn: + # bindpw: + # bslookup: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## Desired number of cluster nodes +replicaCount: 3 + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +updateStrategy: + type: RollingUpdate + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## +extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + + [mysqld] + default-storage-engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind-address=0.0.0.0 + + ## Character set + collation-server=utf8_unicode_ci + init-connect='SET NAMES utf8' + character-set-server=utf8 + + ## MyISAM + key-buffer-size=32M + myisam-recover-options=FORCE,BACKUP + + ## safety + skip-host-cache + skip-name-resolve + max-allowed-packet=16M + max-connect-errors=1000000 + sql-mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate-is-now=1 + innodb=FORCE + innodb-strict-mode=1 + innodb_file_per_table=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb-autoinc-lock-mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb-doublewrite=1 + # Not fully ACID compliant, up to 1sec transaction loss in the event of total cluster failure (across both regions) + # Enabled for performance per https://mariadb.com/kb/en/mariadb/getting-started-with-mariadb-galera-cluster/ + innodb_flush_log_at_trx_commit=0 + + ## binary logging + log-bin=mysql-bin + expire-logs-days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync-binlog=0 + # Required for Galera + binlog-format=row + ## Caches and limits + tmp-table-size=32M + max-heap-table-size=32M + # Re-enabling as now works with Maria 10.1.2 + query-cache-type=1 + query-cache-limit=4M + query-cache-size=256M + max-connections=500 + thread-cache-size=50 + open-files-limit=65535 + table-definition-cache=4096 + table-open-cache=4096 + ## innodb + innodb-flush-method=O_DIRECT + innodb-log-files-in-group=2 + innodb-log-file-size=128M + innodb-flush-log-at-trx-commit=1 + innodb-file-per-table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb-buffer-pool-size=2G + innodb_file_format=Barracuda + + ## logging + log-error=/opt/bitnami/mariadb/logs/mysqld.log + slow-query-log-file=/opt/bitnami/mariadb/logs/mysqld.log + log-queries-not-using-indexes=1 + slow-query-log=1 + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + innodb-flush-log-at-trx-commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + +## ConfigMap with MariaDB configuration +## NOTE: This will override mariadbConfiguration +# configurationConfigMap: + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: {} +livenessProbe: + enabled: true + ## + ## Initializing the database could take some time + initialDelaySeconds: 120 + ## + ## Default Kubernetes values + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 30 + ## + ## Default Kubernetes values + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + +metrics: + enabled: false + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.0-i3s-7-r0 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + # Enable this if you're using https://github.com/coreos/prometheus-operator + serviceMonitor: + enabled: false + ## Specify a namespace if needed + # namespace: monitoring + # fallback to the prometheus default unless specified + # interval: 10s + # scrapeTimeout: 10s + ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus From ead58bd7fe5c9ddac50a77541bf7c6b3cf1107df Mon Sep 17 00:00:00 2001 From: juan131 Date: Mon, 12 Aug 2019 11:29:31 +0200 Subject: [PATCH 2/3] Use 'debian' tags for exporters Signed-off-by: juan131 --- bitnami/mariadb-galera/values-production.yaml | 2 +- bitnami/mariadb-galera/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bitnami/mariadb-galera/values-production.yaml b/bitnami/mariadb-galera/values-production.yaml index 6015a1d5c2..7f6bc7adec 100644 --- a/bitnami/mariadb-galera/values-production.yaml +++ b/bitnami/mariadb-galera/values-production.yaml @@ -360,7 +360,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.0-i3s-7-r0 + tag: 0.12.1-debian-9-r14 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml index ff417cf5f0..2b432b5450 100644 --- a/bitnami/mariadb-galera/values.yaml +++ b/bitnami/mariadb-galera/values.yaml @@ -360,7 +360,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.0-i3s-7-r0 + tag: 0.12.1-debian-9-r14 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From ae8dac12063077a86052d7f97b9aaf32bc0cef4b Mon Sep 17 00:00:00 2001 From: juan131 Date: Mon, 12 Aug 2019 13:27:34 +0200 Subject: [PATCH 3/3] Refactor based on best-practices for charts Signed-off-by: juan131 --- bitnami/mariadb-galera/README.md | 186 ++++++------ .../docker-entrypoint-initdb.d/README.md | 2 +- bitnami/mariadb-galera/templates/NOTES.txt | 9 + .../templates/headless-svc.yaml | 9 - .../mariadb-galera/templates/metrics-svc.yaml | 21 ++ bitnami/mariadb-galera/templates/pdb.yaml | 2 +- bitnami/mariadb-galera/templates/role.yaml | 2 +- .../mariadb-galera/templates/statefulset.yaml | 24 +- bitnami/mariadb-galera/templates/svc.yaml | 16 +- bitnami/mariadb-galera/values-production.yaml | 284 ++++++++++-------- bitnami/mariadb-galera/values.yaml | 282 +++++++++-------- 11 files changed, 476 insertions(+), 361 deletions(-) create mode 100644 bitnami/mariadb-galera/templates/metrics-svc.yaml diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md index 808a7da0e4..e040ea319d 100644 --- a/bitnami/mariadb-galera/README.md +++ b/bitnami/mariadb-galera/README.md @@ -57,97 +57,99 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the MariaDB Galera chart and their default values. -| Parameter | Description | Default | -|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.registry` | MariaDB Galera image registry | `docker.io` | -| `image.repository` | MariaDB Galera Image name | `bitnami/mariadb-galera` | -| `image.tag` | MariaDB Galera Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | MariaDB Galera image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `nameOverride` | String to partially override mariadb-galera.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override mariadb-galera.fullname template with a string | `nil` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.annotation` | Annotations for MariaDB Galera service | `{}` | -| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use None for headless service | `nil` | -| `service.port` | MariaDB service port | `3306` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mariadb-galera.fullname template | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `rbac.create` | Create and use RBAC resources | `false` | -| `securityContext.enabled` | Enable security context | `false` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `existingSecret` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-galera-mariabackup-password` and `mariadb-password`. | `nil` | -| `rootUser.password` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | -| `rootUser.forcePassword` | Force users to specify a password | `false` | -| `db.user` | Username of new user to create | `nil` | -| `db.password` | Password for the new user. Ignored if existing secret is provided. | _random 10 character alphanumeric string if `db.user` is defined_ | -| `db.forcePassword` | Force users to specify a password | `false` | -| `db.name` | Name for new database to create | `my_database` | -| `galera.name` | Galera cluster name | `galera` | -| `galera.mariabackup.user` | Galera mariabackup user | `mariabackup` | -| `galera.mariabackup.password` | Galera mariabackup password | _random 10 character alphanumeric string_ | -| `galera.mariabackup.forcePassword` | Force users to specify a password | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://:` | `nil` | -| `ldap.base` | LDAP base DN | `nil` | -| `ldap.binddn` | LDAP bind DN | `nil` | -| `ldap.bindpw` | LDAP bind password | `nil` | -| `ldap.bslookup` | LDAP base lookup | `nil` | -| `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` | -| `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | -| `replicaCount` | Desired number of cluster nodes | `3` | -| `annotations[].key` | key for the the annotation list item | `nil` | -| `annotations[].value` | value for the the annotation list item | `nil` | -| `extraFlags` | MariaDB additional command line flags | `nil` | -| `podAffinity` | Affinity (in addition to antiAffinity when set) | `{}` | -| `podAntiAffinity` | Pod anti-affinity policy | `soft` | -| `nodeSelector` | Node labels for pod assignment (this value is evaluated as a template) | `{}` | -| `tolerations` | List of node taints to tolerate (this value is evaluated as a template) | `[]` | -| `updateStrategy` | Statefulset update strategy policy | `RollingUpdate` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mariadb` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.storageClass` | Persistent Volume Storage Class | `` | -| `persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | -| `persistence.size` | Persistent Volume Size | `8Gi` | -| `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | | -| `resources` | CPU/Memory resource requests/limits for node | `{}` | -| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `1` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `1` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `podDisruptionBudget.enabled` | If true, create a pod disruption budget for pods. | `false` | -| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image name | `prom/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag | `v0.10.0` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.resources` | Exporter resource requests/limit | `nil` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | -| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` | -| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | +| Parameter | Description | Default | +|--------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.registry` | MariaDB Galera image registry | `docker.io` | +| `image.repository` | MariaDB Galera Image name | `bitnami/mariadb-galera` | +| `image.tag` | MariaDB Galera Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | MariaDB Galera image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `nameOverride` | String to partially override mariadb-galera.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override mariadb-galera.fullname template with a string | `nil` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | MariaDB service port | `3306` | +| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `nil` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | +| `service.annotations` | Additional annotations for MariaDB Galera service | `{}` | +| `serviceAccount.create` | Specify whether a ServiceAccount should be created | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mariadb-galera.fullname template | +| `rbac.create` | Specify whether RBAC resources should be created and used | `false` | +| `securityContext.enabled` | Enable security context | `false` | +| `securityContext.fsGroup` | Group ID for the container filesystem | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `existingSecret` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret) | `nil` | +| `rootUser.password` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | +| `rootUser.forcePassword` | Force users to specify a password | `false` | +| `db.user` | Username of new user to create | `nil` | +| `db.password` | Password for the new user. Ignored if existing secret is provided. | _random 10 character alphanumeric string if `db.user` is defined_ | +| `db.name` | Name for new database to create | `my_database` | +| `db.forcePassword` | Force users to specify a password | `false` | +| `galera.name` | Galera cluster name | `galera` | +| `galera.mariabackup.user` | Galera mariabackup user | `mariabackup` | +| `galera.mariabackup.password` | Galera mariabackup password | _random 10 character alphanumeric string_ | +| `galera.mariabackup.forcePassword` | Force users to specify a password | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://:` | `nil` | +| `ldap.base` | LDAP base DN | `nil` | +| `ldap.binddn` | LDAP bind DN | `nil` | +| `ldap.bindpw` | LDAP bind password | `nil` | +| `ldap.bslookup` | LDAP base lookup | `nil` | +| `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` | +| `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `extraFlags` | MariaDB additional command line flags | `nil` | +| `annotations[].key` | key for the the annotation list item | `nil` | +| `annotations[].value` | value for the the annotation list item | `nil` | +| `replicaCount` | Desired number of cluster nodes | `3` | +| `updateStrategy` | Statefulset update strategy policy | `RollingUpdate` | +| `nodeAffinity` | Node Affinity (this value is evaluated as a template) | `{}` | +| `podAntiAffinity` | Pod anti-affinity policy | `soft` | +| `podAffinity` | Affinity, in addition to antiAffinity (this value is evaluated as a template) | `{}` | +| `nodeSelector` | Node labels for pod assignment (this value is evaluated as a template) | `{}` | +| `tolerations` | List of node taints to tolerate (this value is evaluated as a template) | `[]` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mariadb` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.storageClass` | Persistent Volume Storage Class | `nil` | +| `persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | +| `persistence.size` | Persistent Volume Size | `8Gi` | +| `extraInitContainers` | Additional init containers (this value is evaluated as a template) | `nil` | +| `resources` | CPU/Memory resource requests/limits for node | `{}` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `1` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `podDisruptionBudget.create` | If true, create a pod disruption budget for pods. | `false` | +| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | MariaDB Prometheus exporter image registry | `docker.io` | +| `metrics.image.repository` | MariaDB Prometheus exporter image name | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | MariaDB Prometheus exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | MariaDB Prometheus exporter image pull policy | `IfNotPresent` | +| `metrics.resources` | Prometheus exporter resource requests/limits | `{}` | +| `metrics.service.annotations` | Prometheus exporter svc annotations | `{prometheus.io/scrape: "true", prometheus.io/port: "9104"}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` | +| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{prometheus: "kube-prometheus"}` | The above parameters map to the env variables defined in [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera). For more information please refer to the [bitnami/mariadb-galera](http://github.com/bitnami/bitnami-docker-mariadb-galera) image documentation. @@ -212,6 +214,7 @@ $ helm install --name my-release -f ./values-production.yaml bitnami/mariadb-gal ``` - Force users to specify a password: + ```diff - rootUser.forcePassword: false + rootUser.forcePassword: true @@ -222,6 +225,7 @@ $ helm install --name my-release -f ./values-production.yaml bitnami/mariadb-gal ``` - Start a side-car prometheus exporter: + ```diff - metrics.enabled: false + metrics.enabled: true diff --git a/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md index aaddde3030..f8b77922ea 100644 --- a/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md +++ b/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md @@ -1,3 +1,3 @@ You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image. -More info in the [bitnami-docker-mariadb](https://github.com/bitnami/bitnami-docker-mariadb#initializing-a-new-instance) repository. \ No newline at end of file +More info in the [bitnami-docker-mariadb-galera](https://github.com/bitnami/bitnami-docker-mariadb-galera#initializing-a-new-instance) repository. diff --git a/bitnami/mariadb-galera/templates/NOTES.txt b/bitnami/mariadb-galera/templates/NOTES.txt index 810659f070..9f79b1198f 100644 --- a/bitnami/mariadb-galera/templates/NOTES.txt +++ b/bitnami/mariadb-galera/templates/NOTES.txt @@ -43,6 +43,15 @@ To connect to your database from outside the cluster execute the following comma {{- end }} +{{- if .Values.metrics.enabled }} + +To access the MariaDB Prometheus metrics from outside the cluster execute the following commands: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mariadb-galera.fullname" . }}-metrics {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & + curl 127.0.0.1:{{ .Values.metrics.service.port }}/metrics + +{{- end }} + To upgrade this helm chart: helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mariadb-galera \ diff --git a/bitnami/mariadb-galera/templates/headless-svc.yaml b/bitnami/mariadb-galera/templates/headless-svc.yaml index 305a369c0d..2d4323e25f 100644 --- a/bitnami/mariadb-galera/templates/headless-svc.yaml +++ b/bitnami/mariadb-galera/templates/headless-svc.yaml @@ -7,10 +7,6 @@ metadata: helm.sh/chart: {{ include "mariadb-galera.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.metrics.enabled }} - annotations: -{{ toYaml .Values.metrics.annotations | indent 4 }} -{{- end }} spec: type: ClusterIP clusterIP: None @@ -24,11 +20,6 @@ spec: - name: sst port: 4444 targetPort: sst -{{- if .Values.metrics.enabled }} - - name: metrics - port: 9104 - targetPort: metrics -{{- end }} selector: app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/bitnami/mariadb-galera/templates/metrics-svc.yaml b/bitnami/mariadb-galera/templates/metrics-svc.yaml new file mode 100644 index 0000000000..f38a8666e0 --- /dev/null +++ b/bitnami/mariadb-galera/templates/metrics-svc.yaml @@ -0,0 +1,21 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mariadb-galera.fullname" . }}-metrics + labels: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + helm.sh/chart: {{ include "mariadb-galera.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + selector: + app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/bitnami/mariadb-galera/templates/pdb.yaml b/bitnami/mariadb-galera/templates/pdb.yaml index 425ad3d32c..79e6afd5b7 100644 --- a/bitnami/mariadb-galera/templates/pdb.yaml +++ b/bitnami/mariadb-galera/templates/pdb.yaml @@ -1,4 +1,4 @@ -{{- if .Values.podDisruptionBudget.enabled }} +{{- if .Values.podDisruptionBudget.create }} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: diff --git a/bitnami/mariadb-galera/templates/role.yaml b/bitnami/mariadb-galera/templates/role.yaml index ea1fa64974..a5cbd0d915 100644 --- a/bitnami/mariadb-galera/templates/role.yaml +++ b/bitnami/mariadb-galera/templates/role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} +{{- if and .Values.serviceAccount.create .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml index 2fc08fdd25..0d5cb785a7 100644 --- a/bitnami/mariadb-galera/templates/statefulset.yaml +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -8,12 +8,12 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: + replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} serviceName: {{ template "mariadb-galera.fullname" . }} - replicas: {{ .Values.replicaCount }} updateStrategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "Recreate" .Values.updateStrategy.type) }} @@ -45,9 +45,6 @@ spec: {{- with .Values.nodeAffinity }} nodeAffinity: {{ tpl (toYaml .) $ | nindent 10 }} {{- end }} - {{- with .Values.podAffinity }} - podAffinity: {{ tpl (toYaml .) $ | nindent 10 }} - {{- end }} {{- if eq .Values.podAntiAffinity "hard" }} podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -67,6 +64,9 @@ spec: app.kubernetes.io/name: {{ include "mariadb-galera.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + {{- with .Values.podAffinity }} + podAffinity: {{ tpl (toYaml .) $ | nindent 10 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} @@ -83,18 +83,14 @@ spec: image: {{ template "mariadb-galera.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} env: - - name: MARIADB_GALERA_CLUSTER_NAME - value: {{ .Values.galera.name | quote }} - - name: MARIADB_GALERA_CLUSTER_ADDRESS - value: "gcomm://{{ template "mariadb-galera.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" {{- if .Values.image.debug}} - name: BITNAMI_DEBUG value: "true" {{- end }} - {{- if .Values.extraFlags }} - - name: MARIADB_EXTRA_FLAGS - value: {{ .Values.extraFlags | quote }} - {{- end }} + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ template "mariadb-galera.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" - name: MARIADB_ROOT_PASSWORD valueFrom: secretKeyRef: @@ -161,6 +157,10 @@ spec: - name: MARIADB_LDAP_BASE_LOOKUP value: {{ .Values.ldap.bslookup }} {{- end }} + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} ports: - name: mysql containerPort: 3306 diff --git a/bitnami/mariadb-galera/templates/svc.yaml b/bitnami/mariadb-galera/templates/svc.yaml index 76a9b212ca..55a717868c 100644 --- a/bitnami/mariadb-galera/templates/svc.yaml +++ b/bitnami/mariadb-galera/templates/svc.yaml @@ -7,20 +7,18 @@ metadata: helm.sh/chart: {{ include "mariadb-galera.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.service.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{ with .Values.service.loadBalancerSourceRanges }} -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} @@ -29,7 +27,7 @@ spec: - name: mysql port: {{ .Values.service.port }} targetPort: mysql - {{- if .Values.service.nodePort }} + {{- if and .Values.service.nodePort (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) }} nodePort: {{ .Values.service.nodePort }} {{- end }} selector: diff --git a/bitnami/mariadb-galera/values-production.yaml b/bitnami/mariadb-galera/values-production.yaml index 7f6bc7adec..6f50cc406a 100644 --- a/bitnami/mariadb-galera/values-production.yaml +++ b/bitnami/mariadb-galera/values-production.yaml @@ -7,13 +7,8 @@ # imagePullSecrets: # - myRegistryKeySecretName -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Bitnami MariaDB image -## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## Bitnami MariaDB Galera image +## ref: https://hub.docker.com/r/bitnami/mariadb-galera/tags/ ## image: registry: docker.io @@ -32,23 +27,32 @@ image: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## It turns BASH debugging in minideb-extras-base + ## debug: false -## String to partially override mariadb.fullname template (will maintain the release name) +## String to partially override mariadb-galera.fullname template (will maintain the release name) ## # nameOverride: -## String to fully override mariadb.fullname template +## String to fully override mariadb-galera.fullname template ## # fullnameOverride: +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB Gallera K8s svc properties +## service: - ## Kubernetes service type, ClusterIP and NodePort are supported at present + ## Kubernetes service type and port number + ## type: ClusterIP - # clusterIP: None port: 3306 + # clusterIP: None + ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## @@ -65,8 +69,15 @@ service: # loadBalancerSourceRanges: # - 10.10.10.0/24 + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## serviceAccount: ## Specifies whether a ServiceAccount should be created ## @@ -78,7 +89,6 @@ serviceAccount: ## Role Based Access ## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## - rbac: create: false @@ -86,51 +96,67 @@ rbac: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: - enabled: true + enabled: false fsGroup: 1001 runAsUser: 1001 -# # Use existing secret (ignores root, db and replication passwords) +## Use existing secret (ignores rootUser.password, db.password, and galera.mariabackup.password) +## # existingSecret: rootUser: ## MariaDB admin password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run ## password: - ## ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: true +## Custom db configuration +## db: ## MariaDB username and password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-user-on-first-run + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run ## user: password: - ## Password is ignored if existingSecret is specified. ## Database to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-on-first-run + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run ## name: my_database ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: true +## Galera configuration +## galera: ## Galera cluster name + ## name: galera - ## MariaBackup username and password - ## ref: https://mariadb.com/kb/en/library/mariabackup-overview/ + mariabackup: + ## MariaBackup username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## user: mariabackup password: ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: true +## LDAP configuration +## ldap: + ## Enable LDAP support + ## enabled: false # uri: # base: @@ -138,93 +164,6 @@ ldap: # bindpw: # bslookup: -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." -# -## ConfigMap with scripts to be run at first boot -## Note: This will override initdbScripts -# initdbScriptsConfigMap: - -## Desired number of cluster nodes -replicaCount: 3 - -## Mariadb Master additional pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -# annotations: -# - key: key1 -# value: value1 - -## MariaDB additional command line flags -## Can be used to specify command line flags, for example: -## -## extraFlags: "--max-connect-errors=1000 --max_connections=155" - -## Pod Affinity. The value is evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAffinity: {} -## Pod AntiAffinity -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## updateStrategy for MariaDB Master StatefulSet -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - # Enable persistence using an existing PVC - # existingClaim: - # Subdirectory of the volume to mount - # subPath: - mountPath: /bitnami/mariadb - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - ## -extraInitContainers: | -# - name: do-something -# image: busybox -# command: ['do', 'something'] - ## Configure MariaDB with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## Alternatively, you can put your my.cnf under the files/ directory @@ -325,17 +264,117 @@ mariadbConfiguration: |- ## NOTE: This will override mariadbConfiguration # configurationConfigMap: +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## Desired number of cluster nodes +## +replicaCount: 3 + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Node Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +## +nodeAffinity: {} + +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## + +## Additional init containers +## +# extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + + ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} + +## Liveness and readiness probes configuration +## livenessProbe: enabled: true - ## ## Initializing the database could take some time - initialDelaySeconds: 120 ## - ## Default Kubernetes values + initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 @@ -343,18 +382,22 @@ livenessProbe: readinessProbe: enabled: true initialDelaySeconds: 30 - ## - ## Default Kubernetes values periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 +## Pod disruption budget configuration +## podDisruptionBudget: - enabled: false + ## Specifies whether a Pod disruption budget should be created + ## + create: false minAvailable: 1 # maxUnavailable: 1 +## Prometheus exporter configuration +## metrics: enabled: true image: @@ -369,9 +412,12 @@ metrics: # pullSecrets: # - myRegistryKeySecretName resources: {} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9104" + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" # Enable this if you're using https://github.com/coreos/prometheus-operator serviceMonitor: diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml index 2b432b5450..58eab6033e 100644 --- a/bitnami/mariadb-galera/values.yaml +++ b/bitnami/mariadb-galera/values.yaml @@ -7,13 +7,8 @@ # imagePullSecrets: # - myRegistryKeySecretName -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Bitnami MariaDB image -## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## Bitnami MariaDB Galera image +## ref: https://hub.docker.com/r/bitnami/mariadb-galera/tags/ ## image: registry: docker.io @@ -32,23 +27,32 @@ image: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs - ## It turns BASH and NAMI debugging in minideb - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## It turns BASH debugging in minideb-extras-base + ## debug: false -## String to partially override mariadb.fullname template (will maintain the release name) +## String to partially override mariadb-galera.fullname template (will maintain the release name) ## # nameOverride: -## String to fully override mariadb.fullname template +## String to fully override mariadb-galera.fullname template ## # fullnameOverride: +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB Gallera K8s svc properties +## service: - ## Kubernetes service type, ClusterIP and NodePort are supported at present + ## Kubernetes service type and port number + ## type: ClusterIP - # clusterIP: None port: 3306 + # clusterIP: None + ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## @@ -65,8 +69,15 @@ service: # loadBalancerSourceRanges: # - 10.10.10.0/24 + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## serviceAccount: ## Specifies whether a ServiceAccount should be created ## @@ -78,7 +89,6 @@ serviceAccount: ## Role Based Access ## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## - rbac: create: false @@ -90,47 +100,63 @@ securityContext: fsGroup: 1001 runAsUser: 1001 -# # Use existing secret (ignores root, db and replication passwords) +## Use existing secret (ignores rootUser.password, db.password, and galera.mariabackup.password) +## # existingSecret: rootUser: ## MariaDB admin password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run ## password: - ## ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: false +## Custom db configuration +## db: ## MariaDB username and password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-user-on-first-run + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run ## user: password: - ## Password is ignored if existingSecret is specified. ## Database to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-on-first-run + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run ## name: my_database ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: false +## Galera configuration +## galera: ## Galera cluster name + ## name: galera - ## MariaBackup username and password - ## ref: https://mariadb.com/kb/en/library/mariabackup-overview/ + mariabackup: + ## MariaBackup username and password + ## Password is ignored if existingSecret is specified. + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## user: mariabackup password: ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. + ## forcePassword: false +## LDAP configuration +## ldap: + ## Enable LDAP support + ## enabled: false # uri: # base: @@ -138,93 +164,6 @@ ldap: # bindpw: # bslookup: -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." -# -## ConfigMap with scripts to be run at first boot -## Note: This will override initdbScripts -# initdbScriptsConfigMap: - -## Desired number of cluster nodes -replicaCount: 3 - -## Mariadb Master additional pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -# annotations: -# - key: key1 -# value: value1 - -## MariaDB additional command line flags -## Can be used to specify command line flags, for example: -## -## extraFlags: "--max-connect-errors=1000 --max_connections=155" - -## Pod Affinity. The value is evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAffinity: {} -## Pod AntiAffinity -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -podAntiAffinity: soft - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## updateStrategy for MariaDB Master StatefulSet -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - # Enable persistence using an existing PVC - # existingClaim: - # Subdirectory of the volume to mount - # subPath: - mountPath: /bitnami/mariadb - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - ## -extraInitContainers: | -# - name: do-something -# image: busybox -# command: ['do', 'something'] - ## Configure MariaDB with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## Alternatively, you can put your my.cnf under the files/ directory @@ -325,17 +264,117 @@ mariadbConfiguration: |- ## NOTE: This will override mariadbConfiguration # configurationConfigMap: +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" + +## Mariadb Master additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# annotations: +# - key: key1 +# value: value1 + +## Desired number of cluster nodes +## +replicaCount: 3 + +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Node Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +## +nodeAffinity: {} + +## Pod AntiAffinity +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAntiAffinity: soft + +## Pod Affinity. The value is evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +podAffinity: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + # Subdirectory of the volume to mount + # subPath: + mountPath: /bitnami/mariadb + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## + +## Additional init containers +## +# extraInitContainers: | +# - name: do-something +# image: busybox +# command: ['do', 'something'] + + ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} + +## Liveness and readiness probes configuration +## livenessProbe: enabled: true - ## ## Initializing the database could take some time - initialDelaySeconds: 120 ## - ## Default Kubernetes values + initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 @@ -343,18 +382,22 @@ livenessProbe: readinessProbe: enabled: true initialDelaySeconds: 30 - ## - ## Default Kubernetes values periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 +## Pod disruption budget configuration +## podDisruptionBudget: - enabled: false + ## Specifies whether a Pod disruption budget should be created + ## + create: false minAvailable: 1 # maxUnavailable: 1 +## Prometheus exporter configuration +## metrics: enabled: false image: @@ -369,9 +412,12 @@ metrics: # pullSecrets: # - myRegistryKeySecretName resources: {} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9104" + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" # Enable this if you're using https://github.com/coreos/prometheus-operator serviceMonitor: