[COMMON][MARIADB] Upgrade Mariadb DB galera version
Mariadb DB Galera containers version is outdated and unmaintained. We
need them to move to a new image provider.
As new image provider is not compatible with our old templates, we
also update the templates (by reworking bitnami mariadb-galera chart).
An update of global mariadb image is also done in order to match mariadb
galera version.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 6b1676f..12d2d75 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
+# Copyright © 2020 Bitnami, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,20 +14,28 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: '{{ include "common.mariadb.secret.rootPassUID" . }}'
type: password
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.mariadbRootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}'
+ password: '{{ .Values.rootUser.password }}'
- uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.userName }}'
- password: '{{ .Values.config.userPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ - uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}'
+ login: '{{ .Values.galera.mariabackup.user }}'
+ password: '{{ .Values.galera.mariabackup.password }}'
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
#################################################################
# Global configuration defaults.
@@ -37,56 +46,399 @@
mountPath: /dockerdata-nfs
backup:
mountPath: /dockerdata-nfs/backup
+ clusterDomain: cluster.local
+ metrics: {}
-#################################################################
-# Application configuration defaults.
-#################################################################
+image: bitnami/mariadb-galera:10.5.8
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: Always
-#repository: mysql
-image: adfinissygroup/k8s-mariadb-galera-centos:v002
-pullPolicy: IfNotPresent
+## Set to true if you would like to see extra information on logs
+## It turns BASH debugging in minideb-extras-base
+##
+debug: true
-# application configuration
-config:
- # .mariadbRootPasswordExternalSecret: 'some-external-secret'
- # mariadbRootPassword: secretpassword
- # .userCredentialsExternalSecret: 'some-external-secret'
- userName: my-user
- # userPassword: my-password
- # mysqlDatabase: my-database
+## Sometimes, especially when a lot of pods are created at the same time,
+## actions performed on the databases are tried to be done before actual start.
+init_sleep_time: 5
-# default number of instances in the StatefulSet
+## String to partially override common.names.fullname template (will maintain the release name)
+##
+nameOverride: mariadb-galera
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+# schedulerName:
+
+## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
+## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
+##
+podManagementPolicy: OrderedReady
+
+## MariaDB Gallera K8s svc properties
+##
+service:
+ ## Kubernetes service type and port number
+ ##
+ type: ClusterIP
+ headless: {}
+ ports:
+ - name: mysql
+ port: 3306
+ headlessPorts:
+ - name: galera
+ port: 4567
+ - name: ist
+ port: 4568
+ - name: sst
+ port: 4444
+
+
+## Pods Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+##
+serviceAccount:
+ nameOverride: mariadb-galera
+ roles:
+ - read
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ user_id: 10001
+ group_id: 10001
+
+## Database credentials for root (admin) user
+##
+rootUser:
+ ## MariaDB admin user
+ user: root
+ ## MariaDB admin password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
+ ##
+ # password:
+ # externalSecret:
+
+## Custom db configuration
+##
+db:
+ ## MariaDB username and password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
+ ##
+ user: my-user
+ # password:
+ # externalSecret:
+ ## Database to create
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
+ ##
+ # name: my_database
+
+## Galera configuration
+##
+galera:
+ ## Galera cluster name
+ ##
+ name: galera
+
+ ## Bootstraping options
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
+ bootstrap:
+ ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
+ ##
+ bootstrapFromNode:
+ ## Force safe_to_bootstrap in grastate.date file.
+ ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
+ forceSafeToBootstrap: false
+
+ ## Credentials to perform backups
+ ##
+ mariabackup:
+ ## MariaBackup username and password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
+ ##
+ user: mariabackup
+ # password:
+ # externalSecret:
+
+backup:
+ enabled: false
+ cron: "00 00 * * *"
+ retentionPeriod: 3
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ # Enable persistence using an existing PVC
+ # existingClaim:
+ ## selector can be used to match an existing PersistentVolume
+ ## selector:
+ ## matchLabels:
+ ## app: my-app
+ selector: {}
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 2Gi
+
+
+readinessCheck:
+ wait_for:
+ - '{{ include "common.name" . }}'
+
+## TLS configuration
+##
+tls:
+ ## Enable TLS
+ ##
+ enabled: false
+ ## Name of the secret that contains the certificates
+ ##
+ # certificatesSecret:
+ ## Certificate filename
+ ##
+ # certFilename:
+ ## Certificate Key filename
+ ##
+ # certKeyFilename:
+ ## CA Certificate filename
+ ##
+ # certCAFilename:
+
+## Configure MariaDB with a custom my.cnf file
+## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+## Alternatively, you can put your my.cnf under the files/ directory
+##
+mariadbConfiguration: |-
+ [client]
+ port=3306
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ plugin_dir=/opt/bitnami/mariadb/plugin
+
+ [mysqld]
+ lower_case_table_names = 1
+ default_storage_engine=InnoDB
+ basedir=/opt/bitnami/mariadb
+ datadir=/bitnami/mariadb/data
+ plugin_dir=/opt/bitnami/mariadb/plugin
+ tmpdir=/opt/bitnami/mariadb/tmp
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
+ bind_address=0.0.0.0
+
+ ## Character set
+ collation_server=utf8_unicode_ci
+ init_connect='SET NAMES utf8'
+ character_set_server=utf8
+
+ ## MyISAM
+ key_buffer_size=32M
+ myisam_recover_options=FORCE,BACKUP
+
+ ## Safety
+ skip_host_cache
+ skip_name_resolve
+ max_allowed_packet=16M
+ max_connect_errors=1000000
+ sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
+ sysdate_is_now=1
+
+ ## Binary Logging
+ log_bin=mysql-bin
+ expire_logs_days=14
+ # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
+ sync_binlog=0
+ # Required for Galera
+ binlog_format=row
+
+ ## Caches and Limits
+ tmp_table_size=32M
+ max_heap_table_size=32M
+ # Re-enabling as now works with Maria 10.1.2
+ query_cache_type=1
+ query_cache_limit=4M
+ query_cache_size=256M
+ max_connections=500
+ thread_cache_size=50
+ open_files_limit=65535
+ table_definition_cache=4096
+ table_open_cache=4096
+
+ ## InnoDB
+ innodb=FORCE
+ innodb_strict_mode=1
+ # Mandatory per https://github.com/codership/documentation/issues/25
+ innodb_autoinc_lock_mode=2
+ # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+ innodb_doublewrite=1
+ innodb_flush_method=O_DIRECT
+ innodb_log_files_in_group=2
+ innodb_log_file_size=128M
+ innodb_flush_log_at_trx_commit=1
+ innodb_file_per_table=1
+ # 80% Memory is default reco.
+ # Need to re-evaluate when DB size grows
+ innodb_buffer_pool_size=2G
+ innodb_file_format=Barracuda
+
+ ## Logging
+ log_error=/opt/bitnami/mariadb/logs/mysqld.log
+ slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
+ log_queries_not_using_indexes=1
+ slow_query_log=1
+
+ ## SSL
+ ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
+ # ssl_ca=/certs/ca.pem
+ # ssl_cert=/certs/server-cert.pem
+ # ssl_key=/certs/server-key.pem
+
+ [galera]
+ wsrep_on=ON
+ wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
+ wsrep_sst_method=mariabackup
+ wsrep_slave_threads=4
+ wsrep_cluster_address=gcomm://
+ wsrep_cluster_name=galera
+ wsrep_sst_auth="root:"
+ # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
+ innodb_flush_log_at_trx_commit=2
+ # MYISAM REPLICATION SUPPORT #
+ wsrep_replicate_myisam=ON
+
+ [mariadb]
+ plugin_load_add=auth_pam
+
+ ## Data-at-Rest Encryption
+ ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
+ # plugin_load_add=file_key_management
+ # file_key_management_filename=/encryption/keyfile.enc
+ # file_key_management_filekey=FILE:/encryption/keyfile.key
+ # file_key_management_encryption_algorithm=AES_CTR
+ # encrypt_binlog=ON
+ # encrypt_tmp_files=ON
+
+ ## InnoDB/XtraDB Encryption
+ # innodb_encrypt_tables=ON
+ # innodb_encrypt_temporary_tables=ON
+ # innodb_encrypt_log=ON
+ # innodb_encryption_threads=4
+ # innodb_encryption_rotate_key_age=1
+
+ ## Aria Encryption
+ # aria_encrypt_tables=ON
+ # encrypt_tmp_disk_tables=ON
+
+## MariaDB additional command line flags
+## Can be used to specify command line flags, for example:
+##
+## extraFlags: "--max-connect-errors=1000 --max_connections=155"
+
+## Desired number of cluster nodes
+##
replicaCount: 3
-nodeSelector: {}
+## updateStrategy for MariaDB Master StatefulSet
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+## Additional pod annotations for MariaDB Galera pods
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+ ## Node affinity type
+ ## Allowed values: soft, hard
+ type: ""
+ ## Node label key to match
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## Node label values to match
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
+##
affinity: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
- timeoutSeconds: 5
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
-## Persist data to a persitent volume
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ # Enable persistence using an existing PVC
# existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
+ mountPath: /dockerdata-nfs
+ mountSubPath: "mariadb-galera/data"
+ ## selector can be used to match an existing PersistentVolume
+ ## selector:
+ ## matchLabels:
+ ## app: my-app
+ selector: {}
+ ## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
@@ -94,53 +446,34 @@
## GKE, AWS & OpenStack)
##
# storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "mariadb-galera/data"
- mysqlPath: /var/lib/mysql
- backup:
- mountPath: /dockerdata-nfs/backup{{- if or (or .Values.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}}
-service:
- internalPort: 3306
- name: mariadb-galera
- portName: mariadb-galera
- sstPort: 4444
- sstPortName: sst
- replicationPort: 4567
- replicationName: replication
- istPort: 4568
- istPortName: ist
-
-ingress:
- enabled: false
-
-
-## Configure MariaDB-Galera with a custom my.cnf file
-## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
+## Additional pod labels
##
-#externalConfig: ""
-externalConfig: |-
- [mysqld]
- lower_case_table_names = 1
+# podLabels:
+# extraLabel: extraValue
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+## Priority Class Name
+#
+# priorityClassName: 'priorityClass'
+
+## MariaDB Galera containers' resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+flavor: small
resources:
small:
limits:
cpu: 500m
- memory: 1.5Gi
+ memory: 2.5Gi
requests:
cpu: 100m
memory: 750Mi
@@ -153,13 +486,134 @@
memory: 2Gi
unlimited: {}
-# Name for mariadb-galera cluster - should be unique accross all projects or other clusters
-nameOverride: mariadb-galera
+## MariaDB Galera containers' liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: true
+ ## Initializing the database could take some time
+ ##
+ initialDelaySeconds: 150
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
-# DNS name for mariadb-galera cluster - should be unique accross all projects other clusters
-#dnsnameOverride: mariadb-galera
+## Pod disruption budget configuration
+##
+podDisruptionBudget:
+ ## Specifies whether a Pod disruption budget should be created
+ ##
+ create: true
+ minAvailable: 1
+ # maxUnavailable: 1
-backup:
- enabled: false
- cron: "00 00 * * *"
- retentionPeriod: 3
+## Prometheus exporter configuration
+##
+metrics:
+ ## Bitnami MySQL Prometheus exporter image
+ ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
+ ##
+ image: bitnami/mysqld-exporter:0.12.1-debian-10-r264
+ pullPolicy: Always
+ ## MySQL exporter additional command line flags
+ ## Can be used to specify command line flags
+ ## E.g.:
+ ## extraFlags:
+ ## - --collect.binlog_size
+ ##
+ extraFlags: []
+ ## MySQL Prometheus exporter containers' resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 0.5
+ memory: 256Mi
+ requests:
+ cpu: 0.5
+ memory: 256Mi
+ ## MySQL Prometheus exporter service parameters
+ ##
+ service:
+ type: ClusterIP
+ port: 9104
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9104"
+
+ ## Prometheus Operator ServiceMonitor configuration
+ ##
+ serviceMonitor:
+ enabled: false
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # interval: 10s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ prometheus: kube-prometheus
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+ ## Prometheus Operator PrometheusRule configuration
+ ##
+ prometheusRules:
+ enabled: false
+
+ ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
+ ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
+ selector:
+ app: prometheus-operator
+ release: prometheus
+
+ ## Rules as a map.
+ rules: {}
+ # - alert: MariaDB-Down
+ # annotations:
+ # message: 'MariaDB instance {{ $labels.instance }} is down'
+ # summary: MariaDB instance is down
+ # expr: absent(up{job="mariadb-galera"} == 1)
+ # labels:
+ # severity: warning
+ # service: mariadb-galera
+ # for: 5m