From 16ef20513b6a0862e9eac255206dc3bf6c32af56 Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Tue, 31 Aug 2021 15:39:54 +0200 Subject: [PATCH 1/6] Add option to force update the StatefulSet This is done using a pre-upgrade hook that deletes the initial StatefulSet with cascade=orphan (Which will only delete the Sts and not touch the pods). The helmchart will then recreate the StatefulSet. This allows us to change fields such as PVC size which usually cannot be updated. Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/Chart.yaml | 2 +- appuio/mariadb-galera/README.md | 3 +- appuio/mariadb-galera/templates/recreate.yaml | 76 +++++++++++++++++++ appuio/mariadb-galera/values.yaml | 4 + 4 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 appuio/mariadb-galera/templates/recreate.yaml diff --git a/appuio/mariadb-galera/Chart.yaml b/appuio/mariadb-galera/Chart.yaml index 36e0d4be..182cfa1a 100644 --- a/appuio/mariadb-galera/Chart.yaml +++ b/appuio/mariadb-galera/Chart.yaml @@ -27,4 +27,4 @@ sources: - https://github.com/bitnami/bitnami-docker-mariadb-galera - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 1.0.1 +version: 1.1.0 diff --git a/appuio/mariadb-galera/README.md b/appuio/mariadb-galera/README.md index 065ba2d9..3d344c9e 100644 --- a/appuio/mariadb-galera/README.md +++ b/appuio/mariadb-galera/README.md @@ -1,6 +1,6 @@ # mariadb-galera -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 10.5.12](https://img.shields.io/badge/AppVersion-10.5.12-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![AppVersion: 10.5.12](https://img.shields.io/badge/AppVersion-10.5.12-informational?style=flat-square) MariaDB Galera is a multi-master database cluster solution for synchronous replication and high availability. @@ -49,6 +49,7 @@ MariaDB Galera is a multi-master database cluster solution for synchronous repli | extraInitContainers | list | `[]` | | | extraVolumeMounts | list | `[]` | | | extraVolumes | list | `[]` | | +| forceUpdate | bool | `false` | | | fullnameOverride | string | `""` | | | galera.bootstrap.bootstrapFromNode | string | `""` | | | galera.bootstrap.forceSafeToBootstrap | bool | `false` | | diff --git a/appuio/mariadb-galera/templates/recreate.yaml b/appuio/mariadb-galera/templates/recreate.yaml new file mode 100644 index 00000000..19f211f2 --- /dev/null +++ b/appuio/mariadb-galera/templates/recreate.yaml @@ -0,0 +1,76 @@ +{{- if .Values.forceUpdate }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sts-deleter + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-6" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sts-deleter-role + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-6" +rules: + - apiGroups: ["", "apps"] + resources: ["statefulsets"] + verbs: ["delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: sts-deleter-rolebinding + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-6" +roleRef: + kind: Role + name: sts-deleter-role + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: sts-deleter + namespace: "{{ .Release.Namespace }}" +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}-delete-sts-for-upgrade" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + # Don't retry + backoffLimit: 0 + template: + metadata: + name: "{{ .Release.Name }}-delete-sts-for-upgrade" + spec: + restartPolicy: Never + serviceAccountName: sts-deleter + containers: + - name: pre-upgrade-delete-sts + image: "docker.io/bitnami/kubectl" + command: + - "kubectl" + - "-n" + - "{{ .Release.Namespace }}" + - "delete" + - "sts" + - '{{ printf "%s" (include "common.names.fullname" .) }}' + - "--cascade=orphan" + - "--ignore-not-found" +{{- end }} diff --git a/appuio/mariadb-galera/values.yaml b/appuio/mariadb-galera/values.yaml index c6b750a6..bde606e5 100644 --- a/appuio/mariadb-galera/values.yaml +++ b/appuio/mariadb-galera/values.yaml @@ -508,6 +508,10 @@ nodeSelector: {} ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] +## @param forceUpdate Force update the StatefulSet. +## If enabled the chart will recreate the StatefulSet without touching the Pods (cascade orphan), allowing you to update locked field, such as PVC size. +## +forceUpdate: false ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## From 0cfbd88421e73aac269ed05e4505c228d2b8ed66 Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Wed, 1 Sep 2021 11:14:06 +0200 Subject: [PATCH 2/6] Add labels to pre-upgrade hook and drop comments Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/templates/recreate.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/appuio/mariadb-galera/templates/recreate.yaml b/appuio/mariadb-galera/templates/recreate.yaml index 19f211f2..8851e9a2 100644 --- a/appuio/mariadb-galera/templates/recreate.yaml +++ b/appuio/mariadb-galera/templates/recreate.yaml @@ -5,20 +5,18 @@ kind: ServiceAccount metadata: name: sts-deleter annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" + labels: {{- include "common.labels.standard" . | nindent 4 }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sts-deleter-role annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" + labels: {{- include "common.labels.standard" . | nindent 4 }} rules: - apiGroups: ["", "apps"] resources: ["statefulsets"] @@ -29,10 +27,9 @@ kind: RoleBinding metadata: name: sts-deleter-rolebinding annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" + labels: {{- include "common.labels.standard" . | nindent 4 }} roleRef: kind: Role name: sts-deleter-role @@ -47,11 +44,10 @@ kind: Job metadata: name: "{{ .Release.Name }}-delete-sts-for-upgrade" annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": hook-succeeded + labels: {{- include "common.labels.standard" . | nindent 4 }} spec: # Don't retry backoffLimit: 0 From f1dbc7fb5908f248bc3542528a6da7a5a8078c42 Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Wed, 1 Sep 2021 16:04:12 +0200 Subject: [PATCH 3/6] Switch to helm-docs comment format Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/README.md | 276 +++++++++++---------- appuio/mariadb-galera/values.yaml | 391 ++++++++++++------------------ 2 files changed, 297 insertions(+), 370 deletions(-) diff --git a/appuio/mariadb-galera/README.md b/appuio/mariadb-galera/README.md index 3d344c9e..451840c5 100644 --- a/appuio/mariadb-galera/README.md +++ b/appuio/mariadb-galera/README.md @@ -28,155 +28,153 @@ MariaDB Galera is a multi-master database cluster solution for synchronous repli | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | -| clusterDomain | string | `"cluster.local"` | | -| configurationConfigMap | string | `""` | | -| customPasswordFiles | object | `{}` | | -| db.forcePassword | bool | `false` | | -| db.name | string | `"my_database"` | | -| db.password | string | `""` | | -| db.user | string | `""` | | -| diagnosticMode.args[0] | string | `"infinity"` | | -| diagnosticMode.command[0] | string | `"sleep"` | | -| diagnosticMode.enabled | bool | `false` | | -| existingSecret | string | `""` | | -| extraContainers | list | `[]` | | -| extraDeploy | list | `[]` | | -| extraEnvVars | list | `[]` | | -| extraEnvVarsCM | string | `""` | | -| extraEnvVarsSecret | string | `""` | | -| extraFlags | string | `""` | | -| extraInitContainers | list | `[]` | | +| affinity | object | `{}` | Affinity for pod assignment | +| clusterDomain | string | `"cluster.local"` | Kubernetes DNS Domain name to use | +| configurationConfigMap | string | `""` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | +| customPasswordFiles | object | `{}` | Use custom password files when `usePasswordFiles` is set to `true`. Define path for keys `root`, `user`, and `mariabackup`. | +| db.forcePassword | bool | `false` | Option to force users to specify a password. That is required for 'helm upgrade' to work properly. | +| db.name | string | `"my_database"` | Name for new database to create | +| db.password | string | `""` | Password for the new user. Ignored if existing secret is provided. | +| db.user | string | `""` | Username of new user to create | +| diagnosticMode.args | list | `["infinity"]` | Args to override all containers in the deployment | +| diagnosticMode.command | list | `["sleep"]` | Command to override all containers in the deployment | +| diagnosticMode.enabled | bool | `false` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | +| existingSecret | string | `""` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret) The secret has to contain the keys mariadb-root-password, mariadb-galera-mariabackup-password and mariadb-password. | +| extraContainers | list | `[]` | Additional containers (this value is evaluated as a template) | +| extraDeploy | list | `[]` | Array of extra objects to deploy with the release (evaluated as a template) | +| extraEnvVars | list | `[]` | Array containing extra env vars to configure MariaDB Galera replicas | +| extraEnvVarsCM | string | `""` | ConfigMap containing extra env vars to configure MariaDB Galera replicas | +| extraEnvVarsSecret | string | `""` | Secret containing extra env vars to configure MariaDB Galera replicas | +| extraFlags | string | `""` | MariaDB additional command line flags | +| extraInitContainers | list | `[]` | Additional init containers (this value is evaluated as a template) | | extraVolumeMounts | list | `[]` | | | extraVolumes | list | `[]` | | -| forceUpdate | bool | `false` | | -| fullnameOverride | string | `""` | | -| galera.bootstrap.bootstrapFromNode | string | `""` | | -| galera.bootstrap.forceSafeToBootstrap | bool | `false` | | -| galera.mariabackup.forcePassword | bool | `false` | | -| galera.mariabackup.password | string | `""` | | -| galera.mariabackup.user | string | `"mariabackup"` | | -| galera.name | string | `"galera"` | | -| global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `""` | | -| global.storageClass | string | `""` | | -| hostAliases | list | `[]` | | -| image.debug | bool | `false` | | -| image.pullPolicy | string | `"IfNotPresent"` | | +| forceUpdate | bool | `false` | Force update the StatefulSet. | +| fullnameOverride | string | `""` | String to fully override common.names.fullname template with a string | +| galera.bootstrap.bootstrapFromNode | string | `""` | Node to bootstrap from, you will need to change this parameter in case you want to bootstrap from other node | +| galera.bootstrap.forceSafeToBootstrap | bool | `false` | Force `safe_to_bootstrap: 1` in `grastate.date` file. This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. | +| galera.mariabackup.forcePassword | bool | `false` | Option to force users to specify a password. That is required for 'helm upgrade' to work properly. | +| galera.mariabackup.password | string | `""` | MariaBackup password. Password is ignored if existingSecret is specified. | +| galera.mariabackup.user | string | `"mariabackup"` | MariaBackup username | +| galera.name | string | `"galera"` | Galera cluster name | +| global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | +| global.imageRegistry | string | `""` | Global Docker image registry | +| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) | +| hostAliases | list | `[]` | Add deployment host aliases | +| image.debug | bool | `false` | Specify if debug logs should be enabled | +| image.pullPolicy | string | `"IfNotPresent"` | MariaDB Galera image pull policy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' | | image.pullSecrets | list | `[]` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"bitnami/mariadb-galera"` | | -| image.tag | string | `"10.5.12-debian-10-r1"` | | -| initdbScripts | object | `{}` | | -| initdbScriptsConfigMap | string | `""` | | -| ldap.base | string | `""` | | +| image.registry | string | `"docker.io"` | MariaDB Galera image registry | +| image.repository | string | `"bitnami/mariadb-galera"` | MariaDB Galera image repository | +| image.tag | string | `"10.5.12-debian-10-r1"` | MariaDB Galera image tag (immutable tags are recommended) | +| initdbScripts | object | `{}` | Specify dictionary of scripts to be run at first boot | +| initdbScriptsConfigMap | string | `""` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | +| ldap.base | string | `""` | LDAP base DN | | ldap.binddn | string | `""` | | -| ldap.bindpw | string | `""` | | -| ldap.bslookup | string | `""` | | -| ldap.enabled | bool | `false` | | -| ldap.filter | string | `""` | | -| ldap.map | string | `""` | | -| ldap.nss_initgroups_ignoreusers | string | `"root,nslcd"` | | -| ldap.scope | string | `""` | | -| ldap.tls_reqcert | string | `""` | | -| ldap.uri | string | `""` | | -| livenessProbe.enabled | bool | `true` | | -| livenessProbe.failureThreshold | int | `3` | | +| ldap.bindpw | string | `""` | LDAP bind password | +| ldap.bslookup | string | `""` | LDAP base lookup | +| ldap.enabled | bool | `false` | Enable LDAP support | +| ldap.filter | string | `""` | LDAP custom filter | +| ldap.map | string | `""` | LDAP custom map | +| ldap.nss_initgroups_ignoreusers | string | `"root,nslcd"` | LDAP ignored users | +| ldap.scope | string | `""` | LDAP search scope | +| ldap.tls_reqcert | string | `""` | LDAP TLS check on server certificates | +| ldap.uri | string | `""` | LDAP URL beginning in the form `ldap | +| livenessProbe.enabled | bool | `true` | Turn on and off liveness probe | +| livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe | | livenessProbe.initialDelaySeconds | int | `120` | | -| livenessProbe.periodSeconds | int | `10` | | -| livenessProbe.successThreshold | int | `1` | | -| livenessProbe.timeoutSeconds | int | `1` | | -| mariadbConfiguration | string | `"[client]\nport=3306\nsocket=/opt/bitnami/mariadb/tmp/mysql.sock\nplugin_dir=/opt/bitnami/mariadb/plugin\n\n[mysqld]\ndefault_storage_engine=InnoDB\nbasedir=/opt/bitnami/mariadb\ndatadir=/bitnami/mariadb/data\nplugin_dir=/opt/bitnami/mariadb/plugin\ntmpdir=/opt/bitnami/mariadb/tmp\nsocket=/opt/bitnami/mariadb/tmp/mysql.sock\npid_file=/opt/bitnami/mariadb/tmp/mysqld.pid\nbind_address=0.0.0.0\n\n## Character set\n##\ncollation_server=utf8_unicode_ci\ninit_connect='SET NAMES utf8'\ncharacter_set_server=utf8\n\n## MyISAM\n##\nkey_buffer_size=32M\nmyisam_recover_options=FORCE,BACKUP\n\n## Safety\n##\nskip_host_cache\nskip_name_resolve\nmax_allowed_packet=16M\nmax_connect_errors=1000000\nsql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY\nsysdate_is_now=1\n\n## Binary Logging\n##\nlog_bin=mysql-bin\nexpire_logs_days=14\n# Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql\nsync_binlog=0\n# Required for Galera\nbinlog_format=row\n\n## Caches and Limits\n##\ntmp_table_size=32M\nmax_heap_table_size=32M\n# Re-enabling as now works with Maria 10.1.2\nquery_cache_type=1\nquery_cache_limit=4M\nquery_cache_size=256M\nmax_connections=500\nthread_cache_size=50\nopen_files_limit=65535\ntable_definition_cache=4096\ntable_open_cache=4096\n\n## InnoDB\n##\ninnodb=FORCE\ninnodb_strict_mode=1\n# Mandatory per https://github.com/codership/documentation/issues/25\ninnodb_autoinc_lock_mode=2\n# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/\ninnodb_doublewrite=1\ninnodb_flush_method=O_DIRECT\ninnodb_log_files_in_group=2\ninnodb_log_file_size=128M\ninnodb_flush_log_at_trx_commit=1\ninnodb_file_per_table=1\n# 80% Memory is default reco.\n# Need to re-evaluate when DB size grows\ninnodb_buffer_pool_size=2G\ninnodb_file_format=Barracuda\n\n## Logging\n##\nlog_error=/opt/bitnami/mariadb/logs/mysqld.log\nslow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log\nlog_queries_not_using_indexes=1\nslow_query_log=1\n\n## SSL\n## Use extraVolumes and extraVolumeMounts to mount /certs filesystem\n# ssl_ca=/certs/ca.pem\n# ssl_cert=/certs/server-cert.pem\n# ssl_key=/certs/server-key.pem\n\n[galera]\nwsrep_on=ON\nwsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so\nwsrep_sst_method=mariabackup\nwsrep_slave_threads=4\nwsrep_cluster_address=gcomm://\nwsrep_cluster_name=galera\nwsrep_sst_auth=\"root:\"\n# Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit\ninnodb_flush_log_at_trx_commit=2\n# MYISAM REPLICATION SUPPORT #\nwsrep_replicate_myisam=ON\n\n[mariadb]\nplugin_load_add=auth_pam\n\n## Data-at-Rest Encryption\n## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem\n# plugin_load_add=file_key_management\n# file_key_management_filename=/encryption/keyfile.enc\n# file_key_management_filekey=FILE:/encryption/keyfile.key\n# file_key_management_encryption_algorithm=AES_CTR\n# encrypt_binlog=ON\n# encrypt_tmp_files=ON\n\n## InnoDB/XtraDB Encryption\n# innodb_encrypt_tables=ON\n# innodb_encrypt_temporary_tables=ON\n# innodb_encrypt_log=ON\n# innodb_encryption_threads=4\n# innodb_encryption_rotate_key_age=1\n\n## Aria Encryption\n# aria_encrypt_tables=ON\n# encrypt_tmp_disk_tables=ON"` | | -| metrics.enabled | bool | `false` | | -| metrics.extraFlags | list | `[]` | | -| metrics.image.pullPolicy | string | `"IfNotPresent"` | | -| metrics.image.pullSecrets | list | `[]` | | -| metrics.image.registry | string | `"docker.io"` | | -| metrics.image.repository | string | `"bitnami/mysqld-exporter"` | | -| metrics.image.tag | string | `"0.13.0-debian-10-r75"` | | -| metrics.prometheusRules.enabled | bool | `false` | | -| metrics.prometheusRules.rules | object | `{}` | | -| metrics.prometheusRules.selector.app | string | `"prometheus-operator"` | | -| metrics.prometheusRules.selector.release | string | `"prometheus"` | | -| metrics.resources.limits | object | `{}` | | -| metrics.resources.requests | object | `{}` | | -| metrics.service.annotations."prometheus.io/port" | string | `"9104"` | | -| metrics.service.annotations."prometheus.io/scrape" | string | `"true"` | | -| metrics.service.port | int | `9104` | | -| metrics.service.type | string | `"ClusterIP"` | | -| metrics.serviceMonitor.enabled | bool | `false` | | -| metrics.serviceMonitor.interval | string | `""` | | -| metrics.serviceMonitor.metricRelabelings | list | `[]` | | -| metrics.serviceMonitor.namespace | string | `""` | | -| metrics.serviceMonitor.relabelings | list | `[]` | | -| metrics.serviceMonitor.scrapeTimeout | string | `""` | | -| metrics.serviceMonitor.selector.prometheus | string | `"kube-prometheus"` | | +| livenessProbe.periodSeconds | int | `10` | How often to perform the probe | +| livenessProbe.successThreshold | int | `1` | consecutive successes for the probe | +| livenessProbe.timeoutSeconds | int | `1` | When the probe times out | +| mariadbConfiguration | string | `"[client]\nport=3306\nsocket=/opt/bitnami/mariadb/tmp/mysql.sock\nplugin_dir=/opt/bitnami/mariadb/plugin\n\n[mysqld]\ndefault_storage_engine=InnoDB\nbasedir=/opt/bitnami/mariadb\ndatadir=/bitnami/mariadb/data\nplugin_dir=/opt/bitnami/mariadb/plugin\ntmpdir=/opt/bitnami/mariadb/tmp\nsocket=/opt/bitnami/mariadb/tmp/mysql.sock\npid_file=/opt/bitnami/mariadb/tmp/mysqld.pid\nbind_address=0.0.0.0\n\n## Character set\n##\ncollation_server=utf8_unicode_ci\ninit_connect='SET NAMES utf8'\ncharacter_set_server=utf8\n\n## MyISAM\n##\nkey_buffer_size=32M\nmyisam_recover_options=FORCE,BACKUP\n\n## Safety\n##\nskip_host_cache\nskip_name_resolve\nmax_allowed_packet=16M\nmax_connect_errors=1000000\nsql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY\nsysdate_is_now=1\n\n## Binary Logging\n##\nlog_bin=mysql-bin\nexpire_logs_days=14\n# Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql\nsync_binlog=0\n# Required for Galera\nbinlog_format=row\n\n## Caches and Limits\n##\ntmp_table_size=32M\nmax_heap_table_size=32M\n# Re-enabling as now works with Maria 10.1.2\nquery_cache_type=1\nquery_cache_limit=4M\nquery_cache_size=256M\nmax_connections=500\nthread_cache_size=50\nopen_files_limit=65535\ntable_definition_cache=4096\ntable_open_cache=4096\n\n## InnoDB\n##\ninnodb=FORCE\ninnodb_strict_mode=1\n# Mandatory per https://github.com/codership/documentation/issues/25\ninnodb_autoinc_lock_mode=2\n# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/\ninnodb_doublewrite=1\ninnodb_flush_method=O_DIRECT\ninnodb_log_files_in_group=2\ninnodb_log_file_size=128M\ninnodb_flush_log_at_trx_commit=1\ninnodb_file_per_table=1\n# 80% Memory is default reco.\n# Need to re-evaluate when DB size grows\ninnodb_buffer_pool_size=2G\ninnodb_file_format=Barracuda\n\n## Logging\n##\nlog_error=/opt/bitnami/mariadb/logs/mysqld.log\nslow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log\nlog_queries_not_using_indexes=1\nslow_query_log=1\n\n## SSL\n## Use extraVolumes and extraVolumeMounts to mount /certs filesystem\n# ssl_ca=/certs/ca.pem\n# ssl_cert=/certs/server-cert.pem\n# ssl_key=/certs/server-key.pem\n\n[galera]\nwsrep_on=ON\nwsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so\nwsrep_sst_method=mariabackup\nwsrep_slave_threads=4\nwsrep_cluster_address=gcomm://\nwsrep_cluster_name=galera\nwsrep_sst_auth=\"root:\"\n# Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit\ninnodb_flush_log_at_trx_commit=2\n# MYISAM REPLICATION SUPPORT #\nwsrep_replicate_myisam=ON\n\n[mariadb]\nplugin_load_add=auth_pam\n\n## Data-at-Rest Encryption\n## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem\n# plugin_load_add=file_key_management\n# file_key_management_filename=/encryption/keyfile.enc\n# file_key_management_filekey=FILE:/encryption/keyfile.key\n# file_key_management_encryption_algorithm=AES_CTR\n# encrypt_binlog=ON\n# encrypt_tmp_files=ON\n\n## InnoDB/XtraDB Encryption\n# innodb_encrypt_tables=ON\n# innodb_encrypt_temporary_tables=ON\n# innodb_encrypt_log=ON\n# innodb_encryption_threads=4\n# innodb_encryption_rotate_key_age=1\n\n## Aria Encryption\n# aria_encrypt_tables=ON\n# encrypt_tmp_disk_tables=ON"` | Configuration for the MariaDB server | +| metrics.enabled | bool | `false` | Start a side-car prometheus exporter | +| metrics.extraFlags | list | `[]` | MariaDB Prometheus exporter additional command line flags | +| metrics.image.pullPolicy | string | `"IfNotPresent"` | MariaDB Prometheus exporter image pull policy | +| metrics.image.pullSecrets | list | `[]` | MariaDB Prometheus exporter image pull secrets. Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) | +| metrics.image.registry | string | `"docker.io"` | MariaDB Prometheus exporter image registry | +| metrics.image.repository | string | `"bitnami/mysqld-exporter"` | MariaDB Prometheus exporter image repository | +| metrics.image.tag | string | `"0.13.0-debian-10-r75"` | MariaDB Prometheus exporter image tag (immutable tags are recommended) | +| metrics.prometheusRules.enabled | bool | `false` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`, and makes little sense without ServiceMonitor) | +| metrics.prometheusRules.rules | object | `{}` | PrometheusRule rules to configure | +| metrics.prometheusRules.selector | object | `{"app":"prometheus-operator","release":"prometheus"}` | [object] Additional labels to add to the PrometheusRule so it is picked up by the operator If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' | +| metrics.resources.limits | object | `{}` | The resources limits for the container | +| metrics.resources.requests | object | `{}` | The requested resources for the container | +| metrics.service.annotations | object | `{"prometheus.io/port":"9104","prometheus.io/scrape":"true"}` | Prometheus exporter service annotations | +| metrics.service.port | int | `9104` | Prometheus exporter service port | +| metrics.service.type | string | `"ClusterIP"` | Prometheus exporter service type | +| metrics.serviceMonitor.enabled | bool | `false` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | +| metrics.serviceMonitor.interval | string | `""` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | +| metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| metrics.serviceMonitor.namespace | string | `""` | Optional namespace which Prometheus is running in | +| metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | +| metrics.serviceMonitor.scrapeTimeout | string | `""` | Timeout after which the scrape is ended | +| metrics.serviceMonitor.selector | object | `{"prometheus":"kube-prometheus"}` | [object] ServiceMonitor selector labels. Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install. | | nameOverride | string | `""` | | -| nodeAffinityPreset.key | string | `""` | | -| nodeAffinityPreset.type | string | `""` | | -| nodeAffinityPreset.values | list | `[]` | | -| nodeSelector | object | `{}` | | -| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `""` | | -| persistence.mountPath | string | `"/bitnami/mariadb"` | | -| persistence.selector | object | `{}` | | -| persistence.size | string | `"8Gi"` | | -| persistence.storageClass | string | `""` | | -| persistence.subPath | string | `""` | | -| podAffinityPreset | string | `""` | | -| podAnnotations | object | `{}` | | -| podAntiAffinityPreset | string | `"soft"` | | -| podDisruptionBudget.create | bool | `false` | | -| podDisruptionBudget.maxUnavailable | string | `""` | | -| podDisruptionBudget.minAvailable | int | `1` | | -| podLabels | object | `{}` | | -| podManagementPolicy | string | `"OrderedReady"` | | -| priorityClassName | string | `""` | | -| rbac.create | bool | `false` | | -| readinessProbe.enabled | bool | `true` | | -| readinessProbe.failureThreshold | int | `3` | | -| readinessProbe.initialDelaySeconds | int | `30` | | -| readinessProbe.periodSeconds | int | `10` | | -| readinessProbe.successThreshold | int | `1` | | -| readinessProbe.timeoutSeconds | int | `1` | | -| replicaCount | int | `3` | | +| nodeAffinityPreset.key | string | `""` | Node label key to match. Ignored if `affinity` is set. | +| nodeAffinityPreset.type | string | `""` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | +| nodeAffinityPreset.values | list | `[]` | Node label values to match. Ignored if `affinity` is set. | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| persistence.accessModes | list | `["ReadWriteOnce"]` | Persistent Volume Access Modes | +| persistence.annotations | object | `{}` | Persistent Volume Claim annotations | +| persistence.enabled | bool | `true` | Enable persistence using PVC | +| persistence.existingClaim | string | `""` | Provide an existing `PersistentVolumeClaim` | +| persistence.mountPath | string | `"/bitnami/mariadb"` | Path to mount the volume at | +| persistence.selector | object | `{}` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | +| persistence.size | string | `"8Gi"` | Persistent Volume Size | +| persistence.storageClass | string | `""` | Persistent Volume Storage Class | +| persistence.subPath | string | `""` | Subdirectory of the volume to mount | +| podAffinityPreset | string | `""` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | +| podAnnotations | object | `{}` | Annotations for MariaDB Galera pods | +| podAntiAffinityPreset | string | `"soft"` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | +| podDisruptionBudget.create | bool | `false` | Specifies whether a Pod disruption budget should be created | +| podDisruptionBudget.maxUnavailable | string | `""` | Maximum number / percentage of pods that may be made unavailable | +| podDisruptionBudget.minAvailable | int | `1` | Minimum number / percentage of pods that should remain scheduled | +| podLabels | object | `{}` | Extra labels for MariaDB Galera pods | +| podManagementPolicy | string | `"OrderedReady"` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | +| priorityClassName | string | `""` | Priority Class Name for Statefulset | +| rbac.create | bool | `false` | Specify whether RBAC resources should be created and used | +| readinessProbe.enabled | bool | `true` | Turn on and off readiness probe | +| readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe | +| readinessProbe.initialDelaySeconds | int | `30` | Delay before readiness probe is initiated | +| readinessProbe.periodSeconds | int | `10` | How often to perform the probe | +| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe | +| readinessProbe.timeoutSeconds | int | `1` | When the probe times out | +| replicaCount | int | `3` | Desired number of cluster nodes | | resources.limits | object | `{}` | | | resources.requests | object | `{}` | | -| rootUser.forcePassword | bool | `false` | | -| rootUser.password | string | `""` | | -| rootUser.user | string | `"root"` | | -| schedulerName | string | `""` | | -| securityContext.enabled | bool | `true` | | -| securityContext.fsGroup | int | `1001` | | -| securityContext.runAsUser | int | `1001` | | -| service.annotations | object | `{}` | | -| service.clusterIP | string | `""` | | -| service.externalIPs | list | `[]` | | -| service.headless.annotations | object | `{}` | | -| service.loadBalancerIP | string | `""` | | -| service.loadBalancerSourceRanges | list | `[]` | | -| service.nodePort | string | `""` | | -| service.port | int | `3306` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| startupProbe.enabled | bool | `false` | | +| rootUser.forcePassword | bool | `false` | Option to force users to specify a password. That is required for 'helm upgrade' to work properly. If it is not force, a random password will be generated. | +| rootUser.password | string | `""` | Password for the admin user. Ignored if existing secret is provided. Password is ignored if existingSecret is specified. | +| rootUser.user | string | `"root"` | Username for the admin user. | +| schedulerName | string | `""` | Name of the Kubernetes scheduler (other than default) | +| securityContext.enabled | bool | `true` | Enable security context | +| securityContext.fsGroup | int | `1001` | Group ID for the container filesystem | +| securityContext.runAsUser | int | `1001` | User ID for the container | +| service.annotations | object | `{}` | Additional annotations for MariaDB Galera service | +| service.clusterIP | string | `""` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | +| service.externalIPs | list | `[]` | External IP list to use with ClusterIP service type | +| service.headless.annotations | object | `{}` | Annotations for the headless service. May be useful for setting `service.alpha.kubernetes.io/tolerate-unready-endpoints="true"` when using peer-finder. | +| service.loadBalancerIP | string | `""` | `loadBalancerIP` if service type is `LoadBalancer` | +| service.loadBalancerSourceRanges | list | `[]` | Addresses that are allowed when svc is `LoadBalancer` | +| service.nodePort | string | `""` | Specify the nodePort value for the LoadBalancer and NodePort service types. | +| service.port | int | `3306` | MariaDB service port | +| service.type | string | `"ClusterIP"` | Kubernetes service type | +| serviceAccount.create | bool | `false` | Specify whether a ServiceAccount should be created | +| serviceAccount.name | string | `""` | The name of the ServiceAccount to create If not set and create is true, a name is generated using the common.names.fullname template | +| startupProbe.enabled | bool | `false` | Turn on and off startup probe | | startupProbe.failureThreshold | int | `48` | | | startupProbe.initialDelaySeconds | int | `120` | | -| startupProbe.periodSeconds | int | `10` | | -| startupProbe.successThreshold | int | `1` | | -| startupProbe.timeoutSeconds | int | `1` | | -| tls.autoGenerated | bool | `false` | | -| tls.certCAFilename | string | `""` | | -| tls.certFilename | string | `""` | | -| tls.certKeyFilename | string | `""` | | -| tls.certificatesSecret | string | `""` | | -| tls.enabled | bool | `false` | | -| tolerations | list | `[]` | | -| updateStrategy.type | string | `"RollingUpdate"` | | -| usePasswordFiles | bool | `false` | | +| startupProbe.periodSeconds | int | `10` | How often to perform the probe | +| startupProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe | +| startupProbe.timeoutSeconds | int | `1` | When the probe times out | +| tls.autoGenerated | bool | `false` | Generate automatically self-signed TLS certificates | +| tls.certCAFilename | string | `""` | CA Certificate filename | +| tls.certFilename | string | `""` | Certificate filename | +| tls.certKeyFilename | string | `""` | Certificate key filename | +| tls.certificatesSecret | string | `""` | Name of the secret that contains the certificates | +| tls.enabled | bool | `false` | Enable TLS support for replication traffic | +| tolerations | list | `[]` | Tolerations for pod assignment | +| updateStrategy | object | `{"type":"RollingUpdate"}` | updateStrategy for MariaDB Master StatefulSet | +| usePasswordFiles | bool | `false` | Mount credentials as a files instead of using an environment variable. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/appuio/mariadb-galera/values.yaml b/appuio/mariadb-galera/values.yaml index bde606e5..5770e080 100644 --- a/appuio/mariadb-galera/values.yaml +++ b/appuio/mariadb-galera/values.yaml @@ -1,72 +1,58 @@ -## @section Global parameters +## Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## global: + # -- Global Docker image registry imageRegistry: "" + # -- Global Docker registry secret names as an array ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName - ## imagePullSecrets: [] + # -- Global StorageClass for Persistent Volume(s) storageClass: "" -## @section Common parameters +## Common parameters -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## +# -- String to partially override common.names.fullname template with a string (will prepend the release name) nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template with a string -## +# -- String to fully override common.names.fullname template with a string fullnameOverride: "" -## @param schedulerName Name of the Kubernetes scheduler (other than default) +# -- Name of the Kubernetes scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## schedulerName: "" -## @param clusterDomain Kubernetes DNS Domain name to use -## +# -- Kubernetes DNS Domain name to use clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## +# -- Array of extra objects to deploy with the release (evaluated as a template) extraDeploy: [] ## Diagnostic mode in the deployment -## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## + # -- Enable diagnostic mode (all probes will be disabled and the command will be overridden) enabled: false - ## @param diagnosticMode.command [array] Command to override all containers in the deployment - ## + # -- Command to override all containers in the deployment command: - sleep - ## @param diagnosticMode.args [array] Args to override all containers in the deployment - ## + # -- Args to override all containers in the deployment args: - infinity -## @section MariaDB Galera parameters +## MariaDB Galera parameters ## Bitnami MariaDB Galera image ## ref: https://hub.docker.com/r/bitnami/mariadb-galera/tags/ -## @param image.registry MariaDB Galera image registry -## @param image.repository MariaDB Galera image repository -## @param image.tag MariaDB Galera image tag (immutable tags are recommended) -## @param image.pullPolicy MariaDB Galera image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled ## image: + # -- MariaDB Galera image registry registry: docker.io + # -- MariaDB Galera image repository repository: bitnami/mariadb-galera + # -- MariaDB Galera image tag (immutable tags are recommended) tag: 10.5.12-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + # -- MariaDB Galera image pull policy. + # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent @@ -76,55 +62,55 @@ image: ## pullSecrets: ## - myRegistryKeySecretName ## + # -- Specify docker-registry secret names as an array pullSecrets: [] + # -- Specify if debug logs should be enabled ## Set to true if you would like to see extra information on logs - ## debug: false -## @param podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel +# -- StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. +# There are two valid pod management policies: OrderedReady and Parallel ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## podManagementPolicy: OrderedReady -## @param hostAliases Add deployment host aliases +# -- Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## MariaDB Gallera K8s svc properties ## service: - ## @param service.type Kubernetes service type - ## + # -- Kubernetes service type type: ClusterIP - ## @param service.port MariaDB service port - ## + # -- MariaDB service port port: 3306 - ## @param service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service + # -- Specific cluster IP when service type is cluster IP. Use `None` for headless service ## e.g: ## clusterIP: None ## clusterIP: "" - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + # -- Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## e.g: ## nodePort: 30001 ## nodePort: "" - ## @param service.externalIPs External IP list to use with ClusterIP service type + # -- External IP list to use with ClusterIP service type ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## externalIPs: [] - ## @param service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + # -- `loadBalancerIP` if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Addresses that are allowed when svc is `LoadBalancer` + # -- Addresses that are allowed when svc is `LoadBalancer` ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] - ## @param service.annotations Additional annotations for MariaDB Galera service + # -- Additional annotations for MariaDB Galera service ## This can be used toset the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## @@ -132,73 +118,69 @@ service: ## Headless service properties ## headless: - ## @param service.headless.annotations Annotations for the headless service. May be useful for setting `service.alpha.kubernetes.io/tolerate-unready-endpoints="true"` when using peer-finder. + # -- Annotations for the headless service. May be useful for setting `service.alpha.kubernetes.io/tolerate-unready-endpoints="true"` when using peer-finder. ## annotations: {} ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## @param serviceAccount.create Specify whether a ServiceAccount should be created + # -- Specify whether a ServiceAccount should be created ## create: false - ## @param serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the common.names.fullname template + # -- The name of the ServiceAccount to create + # If not set and create is true, a name is generated using the common.names.fullname template ## name: "" -## @param extraEnvVars Array containing extra env vars to configure MariaDB Galera replicas +# -- Array containing extra env vars to configure MariaDB Galera replicas ## For example: ## extraEnvVars: ## - name: TZ ## value: "Europe/Paris" ## extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra env vars to configure MariaDB Galera replicas +# -- ConfigMap containing extra env vars to configure MariaDB Galera replicas ## extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars to configure MariaDB Galera replicas +# -- Secret containing extra env vars to configure MariaDB Galera replicas ## extraEnvVarsSecret: "" ## Role Based Access ## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## rbac: - ## @param rbac.create Specify whether RBAC resources should be created and used - ## + # -- Specify whether RBAC resources should be created and used create: false ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param securityContext.enabled Enable security context -## @param securityContext.fsGroup Group ID for the container filesystem -## @param securityContext.runAsUser User ID for the container ## securityContext: + # -- Enable security context enabled: true + # -- Group ID for the container filesystem fsGroup: 1001 + # -- User ID for the container runAsUser: 1001 ## Database credentials for root (admin) user ## rootUser: - ## @param rootUser.user Username for the admin user. - ## + # -- Username for the admin user. user: root - ## @param rootUser.password Password for the admin user. Ignored if existing secret is provided. - ## Password is ignored if existingSecret is specified. + # -- Password for the admin user. Ignored if existing secret is provided. + # Password is ignored if existingSecret is specified. ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run ## password: "" - ## @param rootUser.forcePassword Option to force users to specify a password. That is required for 'helm upgrade' to work properly. - ## If it is not force, a random password will be generated. + # -- Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + # If it is not force, a random password will be generated. ## forcePassword: false -## @param existingSecret Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret) -## The secret has to contain the keys mariadb-root-password, mariadb-galera-mariabackup-password and mariadb-password. -## +# -- Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret) +# The secret has to contain the keys mariadb-root-password, mariadb-galera-mariabackup-password and mariadb-password. existingSecret: "" -## @param usePasswordFiles Mount credentials as a files instead of using an environment variable. -## +# -- Mount credentials as a files instead of using an environment variable. usePasswordFiles: false -## @param customPasswordFiles Use custom password files when `usePasswordFiles` is set to `true`. Define path for keys `root`, `user`, and `mariabackup`. +# -- Use custom password files when `usePasswordFiles` is set to `true`. Define path for keys `root`, `user`, and `mariabackup`. ## Example: ## customPasswordFiles: ## root: /vault/secrets/mariadb-root @@ -209,102 +191,84 @@ customPasswordFiles: {} ## Custom db configuration ## db: - ## @param db.user Username of new user to create + # -- Username of new user to create ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run - ## user: "" - ## @param db.password Password for the new user. Ignored if existing secret is provided. - ## + # -- Password for the new user. Ignored if existing secret is provided. password: "" - ## @param db.name Name for new database to create + # -- Name for new database to create ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run - ## name: my_database - ## @param db.forcePassword Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + # -- Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. - ## forcePassword: false ## Galera configuration ## galera: - ## @param galera.name Galera cluster name - ## + # -- Galera cluster name name: galera ## Bootstraping options ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping - ## bootstrap: - ## @param galera.bootstrap.bootstrapFromNode Node to bootstrap from, you will need to change this parameter in case you want to bootstrap from other node - ## + # -- Node to bootstrap from, you will need to change this parameter in case you want to bootstrap from other node bootstrapFromNode: "" - ## @param galera.bootstrap.forceSafeToBootstrap Force `safe_to_bootstrap: 1` in `grastate.date` file - ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. - ## + # -- Force `safe_to_bootstrap: 1` in `grastate.date` file. + # This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. forceSafeToBootstrap: false ## Credentials to perform backups ## mariabackup: - ## @param galera.mariabackup.user MariaBackup username + # -- MariaBackup username ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster - ## user: mariabackup - ## @param galera.mariabackup.password MariaBackup password. Password is ignored if existingSecret is specified. - ## + # -- MariaBackup password. Password is ignored if existingSecret is specified. password: "" - ## @param galera.mariabackup.forcePassword Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + # -- Option to force users to specify a password. That is required for 'helm upgrade' to work properly. ## If it is not force, a random password will be generated. - ## forcePassword: false ## LDAP configuration -## @param ldap.enabled Enable LDAP support -## @param ldap.uri LDAP URL beginning in the form `ldap -## @param ldap.base LDAP base DN -## @param ldap.binddn LDAP bind DN -## @param ldap.bindpw LDAP bind password -## @param ldap.bslookup LDAP base lookup -## @param ldap.filter LDAP custom filter -## @param ldap.map LDAP custom map -## @param ldap.nss_initgroups_ignoreusers LDAP ignored users -## @param ldap.scope LDAP search scope -## @param ldap.tls_reqcert LDAP TLS check on server certificates ## ldap: + # -- Enable LDAP support enabled: false + # -- LDAP URL beginning in the form `ldap uri: "" + # -- LDAP base DN base: "" + # --DAP bind DN binddn: "" + # -- LDAP bind password bindpw: "" + # -- LDAP base lookup bslookup: "" + # -- LDAP custom filter filter: "" + # -- LDAP custom map map: "" + # -- LDAP ignored users nss_initgroups_ignoreusers: root,nslcd + # -- LDAP search scope scope: "" + # -- LDAP TLS check on server certificates tls_reqcert: "" ## TLS configuration ## tls: - ## @param tls.enabled Enable TLS support for replication traffic - ## + # -- Enable TLS support for replication traffic enabled: false - ## @param tls.autoGenerated Generate automatically self-signed TLS certificates - ## + # -- Generate automatically self-signed TLS certificates autoGenerated: false - ## @param tls.certificatesSecret Name of the secret that contains the certificates - ## + # -- Name of the secret that contains the certificates certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## + # -- Certificate filename certFilename: "" - ## @param tls.certKeyFilename Certificate key filename - ## + # -- Certificate key filename certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## + # -- CA Certificate filename certCAFilename: "" -## @param mariadbConfiguration [string] Configuration for the MariaDB server +# -- Configuration for the MariaDB server ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## Alternatively, you can put your my.cnf under the files/ directory -## mariadbConfiguration: |- [client] port=3306 @@ -430,11 +394,9 @@ mariadbConfiguration: |- ## Aria Encryption # aria_encrypt_tables=ON # encrypt_tmp_disk_tables=ON -## @param configurationConfigMap ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. -## +# -- ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. configurationConfigMap: "" -## initdb scripts -## @param initdbScripts Specify dictionary of scripts to be run at first boot +# -- Specify dictionary of scripts to be run at first boot ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory ## e.g: ## initdbScripts: @@ -443,98 +405,82 @@ configurationConfigMap: "" ## echo "Do something." ## initdbScripts: {} -## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) -## +# -- ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) initdbScriptsConfigMap: "" -## @param extraFlags MariaDB additional command line flags +# -- MariaDB additional command line flags ## Can be used to specify command line flags, for example: ## e.g: ## extraFlags: "--max-connect-errors=1000 --max_connections=155" ## extraFlags: "" -## @param replicaCount Desired number of cluster nodes -## +# -- Desired number of cluster nodes replicaCount: 3 -## @param updateStrategy.type updateStrategy for MariaDB Master StatefulSet +# -- updateStrategy for MariaDB Master StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## updateStrategy: type: RollingUpdate -## @param podLabels Extra labels for MariaDB Galera pods +# -- Extra labels for MariaDB Galera pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## podLabels: {} -## @param podAnnotations Annotations for MariaDB Galera pods +# -- Annotations for MariaDB Galera pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +# -- Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +# -- Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## + # -- Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + # -- Node label key to match. Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" - ## key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + # -- Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 - ## values: [] -## @param affinity Affinity for pod assignment +# -- Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} -## @param nodeSelector Node labels for pod assignment +# -- Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} -## @param tolerations Tolerations for pod assignment +# -- Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] -## @param forceUpdate Force update the StatefulSet. +# -- Force update the StatefulSet. ## If enabled the chart will recreate the StatefulSet without touching the Pods (cascade orphan), allowing you to update locked field, such as PVC size. -## forceUpdate: false ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## persistence: - ## @param persistence.enabled Enable persistence using PVC - ## + # -- Enable persistence using PVC enabled: true - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` - ## + # -- Provide an existing `PersistentVolumeClaim` existingClaim: "" - ## @param persistence.subPath Subdirectory of the volume to mount - ## + # -- Subdirectory of the volume to mount subPath: "" - ## @param persistence.mountPath Path to mount the volume at - ## + # -- Path to mount the volume at mountPath: /bitnami/mariadb - ## @param persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + # -- Selector to match an existing Persistent Volume (this value is evaluated as a template) ## selector: ## matchLabels: ## app: my-app ## selector: {} - ## @param persistence.storageClass Persistent Volume Storage Class + # -- Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is @@ -542,32 +488,28 @@ persistence: ## GKE, AWS & OpenStack) ## storageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations + # -- Persistent Volume Claim annotations ## annotations: {} - ## @param persistence.accessModes Persistent Volume Access Modes + # -- Persistent Volume Access Modes ## accessModes: - ReadWriteOnce - ## @param persistence.size Persistent Volume Size + # -- Persistent Volume Size ## size: 8Gi -## @param priorityClassName Priority Class Name for Statefulset -## +# -- Priority Class Name for Statefulset priorityClassName: "" -## @param extraInitContainers Additional init containers (this value is evaluated as a template) +# -- Additional init containers (this value is evaluated as a template) ## extraInitContainers: ## - name: do-something ## image: bitnami/minideb ## command: ['do', 'something'] -## extraInitContainers: [] -## @param extraContainers Additional containers (this value is evaluated as a template) +# -- Additional containers (this value is evaluated as a template) ## extraContainers: [] ## extraVolumes and extraVolumeMounts allows you to mount other volumes -## @param extraVolumes Extra volumes -## @param extraVolumeMounts Mount extra volume(s) ## Example Use Cases: ## mount certificates to enable data-in-transit encryption ## mount keys for data-at-rest encryption using file plugin @@ -582,6 +524,7 @@ extraContainers: [] ## defaultMode: 288 ## secretName: mariadb-encryption ## +# -- Extra volumes extraVolumes: [] ## extraVolumeMounts: ## - name: mariadb-certs @@ -591,119 +534,113 @@ extraVolumes: [] ## mountPath: /encryption ## readOnly: true ## +# -- Mount extra volume(s) extraVolumeMounts: [] ## MariaDB Galera containers' resource requests and limits ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container ## resources: ## Example: ## limits: ## cpu: 0.5 ## memory: 256Mi + # -- The resources limits for the container limits: {} ## Examples: ## requests: ## cpu: 0.5 ## memory: 256Mi + # -- The requested resources for the container requests: {} ## MariaDB Galera containers' liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Turn on and off liveness probe -## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated -## @param livenessProbe.periodSeconds How often to perform the probe -## @param livenessProbe.timeoutSeconds When the probe times out -## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe -## @param livenessProbe.successThreshold Minimum consecutive successes for the probe ## livenessProbe: + # -- Turn on and off liveness probe enabled: true ## Initializing the database could take some time - ## + # -- Delay before liveness probe is initiated initialDelaySeconds: 120 + # -- How often to perform the probe periodSeconds: 10 + # -- When the probe times out timeoutSeconds: 1 + # -- consecutive successes for the probe successThreshold: 1 + # -- Minimum consecutive failures for the probe failureThreshold: 3 ## MariaDB Galera containers' readiness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Turn on and off readiness probe -## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated -## @param readinessProbe.periodSeconds How often to perform the probe -## @param readinessProbe.timeoutSeconds When the probe times out -## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe -## @param readinessProbe.successThreshold Minimum consecutive successes for the probe ## readinessProbe: + # -- Turn on and off readiness probe enabled: true + # -- Delay before readiness probe is initiated initialDelaySeconds: 30 + # -- How often to perform the probe periodSeconds: 10 + # -- When the probe times out timeoutSeconds: 1 + # -- Minimum consecutive successes for the probe successThreshold: 1 + # -- Minimum consecutive failures for the probe failureThreshold: 3 ## MariaDB Galera containers' startup probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param startupProbe.enabled Turn on and off startup probe -## @param startupProbe.initialDelaySeconds Delay before startup probe is initiated -## @param startupProbe.periodSeconds How often to perform the probe -## @param startupProbe.timeoutSeconds When the probe times out -## @param startupProbe.failureThreshold Minimum consecutive failures for the probe -## @param startupProbe.successThreshold Minimum consecutive successes for the probe ## startupProbe: + # -- Turn on and off startup probe enabled: false ## Initializing the database could take some time - ## + # -- Delay before startup probe is initiated initialDelaySeconds: 120 + # -- How often to perform the probe periodSeconds: 10 + # -- When the probe times out timeoutSeconds: 1 + # -- Minimum consecutive successes for the probe successThreshold: 1 ## Let's wait 600 seconds by default, it should give enough time in any cluster for mysql to init - ## + # -- Minimum consecutive failures for the probe failureThreshold: 48 ## Pod disruption budget configuration ## podDisruptionBudget: - ## @param podDisruptionBudget.create Specifies whether a Pod disruption budget should be created - ## + # -- Specifies whether a Pod disruption budget should be created create: false - ## @param podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled - ## + # -- Minimum number / percentage of pods that should remain scheduled minAvailable: 1 - ## @param podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable - ## + # -- Maximum number / percentage of pods that may be made unavailable maxUnavailable: "" ## Prometheus exporter configuration ## metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## + # -- Start a side-car prometheus exporter enabled: false ## Bitnami MySQL Prometheus exporter image ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ - ## @param metrics.image.registry MariaDB Prometheus exporter image registry - ## @param metrics.image.repository MariaDB Prometheus exporter image repository - ## @param metrics.image.tag MariaDB Prometheus exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy MariaDB Prometheus exporter image pull policy - ## @param metrics.image.pullSecrets MariaDB Prometheus exporter image pull secrets ## image: + # -- MariaDB Prometheus exporter image registry registry: docker.io + # -- MariaDB Prometheus exporter image repository repository: bitnami/mysqld-exporter + # -- MariaDB Prometheus exporter image tag (immutable tags are recommended) tag: 0.13.0-debian-10-r75 + # -- MariaDB Prometheus exporter image pull policy pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + # -- MariaDB Prometheus exporter image pull secrets. + # Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] - ## @param metrics.extraFlags MariaDB Prometheus exporter additional command line flags + # -- MariaDB Prometheus exporter additional command line flags ## Can be used to specify command line flags ## E.g.: ## extraFlags: @@ -716,64 +653,59 @@ metrics: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container ## resources: + # -- The resources limits for the container ## Example: ## limits: ## cpu: 0.5 ## memory: 256Mi limits: {} + # -- The requested resources for the container ## Examples: ## requests: ## cpu: 0.5 ## memory: 256Mi requests: {} ## MySQL Prometheus exporter service parameters - ## @param metrics.service.type Prometheus exporter service type - ## @param metrics.service.port Prometheus exporter service port - ## @param metrics.service.annotations [object] Prometheus exporter service annotations ## service: + # -- Prometheus exporter service type type: ClusterIP + # -- Prometheus exporter service port port: 9104 + # -- Prometheus exporter service annotations annotations: prometheus.io/scrape: "true" prometheus.io/port: "9104" ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## + # -- if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) enabled: false - ## @param metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in - ## + # -- Optional namespace which Prometheus is running in namespace: "" - ## @param metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default) + # -- How frequently to scrape metrics (use by default, falling back to Prometheus' default) ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## interval: 10s - ## interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + # -- Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## e.g: ## scrapeTimeout: 10s - ## scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector [object] ServiceMonitor selector labels - ## Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install + # -- [object] ServiceMonitor selector labels. + # Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install. ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## selector: prometheus: kube-prometheus - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + # -- RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template - ## relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + # -- MetricRelabelConfigs to apply to samples before ingestion ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## e.g: @@ -788,16 +720,14 @@ metrics: ## Prometheus Operator PrometheusRule configuration ## prometheusRules: - ## @param metrics.prometheusRules.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`, and makes little sense without ServiceMonitor) - ## + # -- if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`, and makes little sense without ServiceMonitor) enabled: false - ## @param metrics.prometheusRules.selector [object] Additional labels to add to the PrometheusRule so it is picked up by the operator - ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' - ## + # -- [object] Additional labels to add to the PrometheusRule so it is picked up by the operator + # If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' selector: app: prometheus-operator release: prometheus - ## @param metrics.prometheusRules.rules PrometheusRule rules to configure + # -- PrometheusRule rules to configure ## e.g: ## - alert: MariaDB-Down ## annotations: @@ -808,5 +738,4 @@ metrics: ## severity: warning ## service: mariadb-galera ## for: 5m - ## rules: {} From 77986d51c566f005929bfd9006b6b99ec817373e Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Wed, 1 Sep 2021 16:17:46 +0200 Subject: [PATCH 4/6] Switch to fullname for upgrade hook Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/templates/recreate.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/appuio/mariadb-galera/templates/recreate.yaml b/appuio/mariadb-galera/templates/recreate.yaml index 8851e9a2..f2fda457 100644 --- a/appuio/mariadb-galera/templates/recreate.yaml +++ b/appuio/mariadb-galera/templates/recreate.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: sts-deleter + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" @@ -12,7 +12,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: sts-deleter-role + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" @@ -25,24 +25,24 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: sts-deleter-rolebinding + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-6" labels: {{- include "common.labels.standard" . | nindent 4 }} roleRef: kind: Role - name: sts-deleter-role + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount - name: sts-deleter + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} namespace: "{{ .Release.Namespace }}" --- apiVersion: batch/v1 kind: Job metadata: - name: "{{ .Release.Name }}-delete-sts-for-upgrade" + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-5" @@ -53,10 +53,10 @@ spec: backoffLimit: 0 template: metadata: - name: "{{ .Release.Name }}-delete-sts-for-upgrade" + name: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} spec: restartPolicy: Never - serviceAccountName: sts-deleter + serviceAccountName: {{ printf "%s-sts-deleter" (include "common.names.fullname" .) }} containers: - name: pre-upgrade-delete-sts image: "docker.io/bitnami/kubectl" From 50377d9b6e22f3cbe536b24e45ae2356e922259a Mon Sep 17 00:00:00 2001 From: Fabian Fischer Date: Thu, 2 Sep 2021 08:56:30 +0200 Subject: [PATCH 5/6] Add README.gotmpl.md Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/README.gotmpl.md | 7 +++++ appuio/mariadb-galera/README.md | 43 ++++++++++++++++---------- 2 files changed, 33 insertions(+), 17 deletions(-) create mode 100644 appuio/mariadb-galera/README.gotmpl.md diff --git a/appuio/mariadb-galera/README.gotmpl.md b/appuio/mariadb-galera/README.gotmpl.md new file mode 100644 index 00000000..71025d90 --- /dev/null +++ b/appuio/mariadb-galera/README.gotmpl.md @@ -0,0 +1,7 @@ + + +{{ template "chart.valuesSection" . }} diff --git a/appuio/mariadb-galera/README.md b/appuio/mariadb-galera/README.md index 451840c5..f7984f24 100644 --- a/appuio/mariadb-galera/README.md +++ b/appuio/mariadb-galera/README.md @@ -6,23 +6,17 @@ MariaDB Galera is a multi-master database cluster solution for synchronous repli **Homepage:** -## Maintainers +## Installation -| Name | Email | Url | -| ---- | ------ | --- | -| APPUiO Team | info@appuio.ch | | +```bash +helm repo add appuio https://charts.appuio.ch +helm install mariadb-galera appuio/mariadb-galera +``` + ## Values @@ -176,5 +170,20 @@ MariaDB Galera is a multi-master database cluster solution for synchronous repli | updateStrategy | object | `{"type":"RollingUpdate"}` | updateStrategy for MariaDB Master StatefulSet | | usePasswordFiles | bool | `false` | Mount credentials as a files instead of using an environment variable. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +## Source Code + +* +* +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | common | 1.x.x | + + +[resource-units]: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes +[prometheus-operator]: https://github.com/coreos/prometheus-operator From 1b4bbeeb807883934fd3ec82653707d08089dc65 Mon Sep 17 00:00:00 2001 From: Fabian Fischer <10788152+glrf@users.noreply.github.com> Date: Thu, 2 Sep 2021 10:14:41 +0200 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Chris Signed-off-by: Fabian Fischer --- appuio/mariadb-galera/README.md | 2 +- appuio/mariadb-galera/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/appuio/mariadb-galera/README.md b/appuio/mariadb-galera/README.md index f7984f24..4a394b16 100644 --- a/appuio/mariadb-galera/README.md +++ b/appuio/mariadb-galera/README.md @@ -102,7 +102,7 @@ Edit the README.gotmpl.md template instead. | metrics.serviceMonitor.namespace | string | `""` | Optional namespace which Prometheus is running in | | metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | metrics.serviceMonitor.scrapeTimeout | string | `""` | Timeout after which the scrape is ended | -| metrics.serviceMonitor.selector | object | `{"prometheus":"kube-prometheus"}` | [object] ServiceMonitor selector labels. Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install. | +| metrics.serviceMonitor.selector | object | `{"prometheus":"kube-prometheus"}` | ServiceMonitor selector labels. Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install. | | nameOverride | string | `""` | | | nodeAffinityPreset.key | string | `""` | Node label key to match. Ignored if `affinity` is set. | | nodeAffinityPreset.type | string | `""` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | diff --git a/appuio/mariadb-galera/values.yaml b/appuio/mariadb-galera/values.yaml index 5770e080..d10e58f4 100644 --- a/appuio/mariadb-galera/values.yaml +++ b/appuio/mariadb-galera/values.yaml @@ -695,7 +695,7 @@ metrics: ## e.g: ## scrapeTimeout: 10s scrapeTimeout: "" - # -- [object] ServiceMonitor selector labels. + # -- ServiceMonitor selector labels. # Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install. ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ##