From e654d39a445a5980f2c5419da0f3683ba328305f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 24 Oct 2023 14:23:01 +0200 Subject: [PATCH] [bitnami/mysql] feat: :sparkles: Add support for PSA restricted policy (#20359) * [bitnami/mysql] feat: :sparkles: Add support for PSA restricted policy Signed-off-by: Javier Salmeron Garcia * chore: :wrench: Move seccompProfile Signed-off-by: Javier Salmeron Garcia * chore: :rewind: Revert values.schema.json Signed-off-by: Javier Salmeron Garcia * chore: :bookmark: Bump chart version Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/mysql/Chart.yaml | 2 +- bitnami/mysql/README.md | 352 +++++++++++++++++++------------------- bitnami/mysql/values.yaml | 16 ++ 3 files changed, 196 insertions(+), 174 deletions(-) diff --git a/bitnami/mysql/Chart.yaml b/bitnami/mysql/Chart.yaml index 642a43c7c5..9e4a09b74a 100644 --- a/bitnami/mysql/Chart.yaml +++ b/bitnami/mysql/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.13.0 +version: 9.14.0 diff --git a/bitnami/mysql/README.md b/bitnami/mysql/README.md index 3e23d56a26..f4c558c1d3 100644 --- a/bitnami/mysql/README.md +++ b/bitnami/mysql/README.md @@ -110,182 +110,188 @@ The command removes all the Kubernetes components associated with the chart and ### MySQL Primary parameters -| Name | Description | Value | -| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | -| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.lifecycleHooks` | for the MySQL Primary container(s) to automate configuration before or after startup | `{}` | -| `primary.hostAliases` | Deployment pod host aliases | `[]` | -| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | -| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | -| `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | -| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | -| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | -| `primary.priorityClassName` | MySQL primary pods' priorityClassName | `""` | -| `primary.runtimeClassName` | MySQL primary pods' runtimeClassName | `""` | -| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `primary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL primary pod needs to terminate gracefully | `""` | -| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL primary pods | `""` | -| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | -| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` | -| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.startupProbe.enabled` | Enable startupProbe | `true` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | -| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | -| `primary.extraFlags` | MySQL primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | -| `primary.extraPorts` | Extra ports to expose | `[]` | -| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | -| `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | -| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | -| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | -| `primary.service.ports.mysql` | MySQL Primary K8s service port | `3306` | -| `primary.service.nodePorts.mysql` | MySQL Primary K8s service node port | `""` | -| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | -| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `primary.service.annotations` | Additional custom annotations for MySQL primary service | `{}` | -| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `primary.service.headless.annotations` | Additional custom annotations for headless MySQL primary service. | `{}` | -| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | -| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | +| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | +| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | +| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | +| `primary.lifecycleHooks` | for the MySQL Primary container(s) to automate configuration before or after startup | `{}` | +| `primary.hostAliases` | Deployment pod host aliases | `[]` | +| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | +| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | +| `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | +| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | +| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | +| `primary.priorityClassName` | MySQL primary pods' priorityClassName | `""` | +| `primary.runtimeClassName` | MySQL primary pods' runtimeClassName | `""` | +| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `primary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL primary pod needs to terminate gracefully | `""` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL primary pods | `""` | +| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | +| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` | +| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` | +| `primary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` | +| `primary.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` | +| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | +| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.startupProbe.enabled` | Enable startupProbe | `true` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | +| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | +| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | +| `primary.extraFlags` | MySQL primary additional command line flags | `""` | +| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | +| `primary.extraPorts` | Extra ports to expose | `[]` | +| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | +| `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | +| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | +| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | +| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | +| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | +| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | +| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | +| `primary.service.ports.mysql` | MySQL Primary K8s service port | `3306` | +| `primary.service.nodePorts.mysql` | MySQL Primary K8s service node port | `""` | +| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | +| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `primary.service.annotations` | Additional custom annotations for MySQL primary service | `{}` | +| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `primary.service.headless.annotations` | Additional custom annotations for headless MySQL primary service. | `{}` | +| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | +| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | ### MySQL Secondary parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | -| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | -| `secondary.hostAliases` | Deployment pod host aliases | `[]` | -| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` | -| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | -| `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | -| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | -| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | -| `secondary.priorityClassName` | MySQL secondary pods' priorityClassName | `""` | -| `secondary.runtimeClassName` | MySQL secondary pods' runtimeClassName | `""` | -| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `secondary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL secondary pod needs to terminate gracefully | `""` | -| `secondary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL secondary pods | `""` | -| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | -| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` | -| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | -| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | -| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | -| `secondary.extraPorts` | Extra ports to expose | `[]` | -| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` | -| `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | -| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | -| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.ports.mysql` | MySQL secondary Kubernetes service port | `3306` | -| `secondary.service.nodePorts.mysql` | MySQL secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | -| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `secondary.service.annotations` | Additional custom annotations for MySQL secondary service | `{}` | -| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `secondary.service.headless.annotations` | Additional custom annotations for headless MySQL secondary service. | `{}` | -| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | -| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | +| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | +| `secondary.hostAliases` | Deployment pod host aliases | `[]` | +| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` | +| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | +| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | +| `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | +| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | +| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | +| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | +| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | +| `secondary.priorityClassName` | MySQL secondary pods' priorityClassName | `""` | +| `secondary.runtimeClassName` | MySQL secondary pods' runtimeClassName | `""` | +| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `secondary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL secondary pod needs to terminate gracefully | `""` | +| `secondary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL secondary pods | `""` | +| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | +| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` | +| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` | +| `secondary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` | +| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | +| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | +| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | +| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | +| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | +| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | +| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | +| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | +| `secondary.extraPorts` | Extra ports to expose | `[]` | +| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` | +| `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | +| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | +| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | +| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | +| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | +| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | +| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | +| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | +| `secondary.service.ports.mysql` | MySQL secondary Kubernetes service port | `3306` | +| `secondary.service.nodePorts.mysql` | MySQL secondary Kubernetes service node port | `""` | +| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | +| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | +| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `secondary.service.annotations` | Additional custom annotations for MySQL secondary service | `{}` | +| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `secondary.service.headless.annotations` | Additional custom annotations for headless MySQL secondary service. | `{}` | +| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | +| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | ### RBAC parameters diff --git a/bitnami/mysql/values.yaml b/bitnami/mysql/values.yaml index 3d7513bf01..38aba18cc9 100644 --- a/bitnami/mysql/values.yaml +++ b/bitnami/mysql/values.yaml @@ -320,11 +320,19 @@ primary: ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container ## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation + ## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## MySQL primary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -698,11 +706,19 @@ secondary: ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container ## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation + ## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## MySQL secondary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious