blob: be7ad8ef072745db1581b2cee54fb30ceb3cd363 [file] [log] [blame]
# Copyright © 2018 Amdocs
# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2020 Bitnami, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefix: 302
persistence:
mountPath: /dockerdata-nfs
backup:
mountPath: /dockerdata-nfs/backup
clusterDomain: cluster.local
metrics: {}
mariadbGalera:
# flag to enable the DB creation via mariadb-operator
useOperator: true
# if useOperator set to "true", set "enableServiceAccount to "false"
# as the SA is created by the Operator
enableServiceAccount: false
nameOverride: mariadb-galera
service: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: '{{ include "common.mariadb.secret.rootPassUID" . }}'
type: password
externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}'
password: '{{ .Values.rootUser.password }}'
- uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
- uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}'
login: '{{ .Values.galera.mariabackup.user }}'
password: '{{ .Values.galera.mariabackup.password }}'
mariadbOperator:
image: mariadb
appVersion: 11.1.2
persistence:
#storageClassName: default
size: 3Gi
galera:
enabled: true
agentImage: mariadb-operator/agent
agentVersion: v0.0.3
initImage: mariadb-operator/init
initVersion: v0.0.6
## String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: mariadb-galera
## Custom db configuration
##
db:
## MariaDB username and password
## Password is ignored if externalSecret is specified.
## If not set, password will be "randomly" generated
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
##
user: my-user
# password:
# externalSecret:
## Database to create
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
##
# name: my_database
## Desired number of cluster nodes
##
replicaCount: 3
## Additional pod annotations for MariaDB Galera pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
## -> here required to enable mariadb-galera in istio
##
podAnnotations:
# sidecar.istio.io/inject: "false"
traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
traffic.sidecar.istio.io/includeInboundPorts: '*'
traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
mariadbOpConfiguration: |-
[mysqld]
max_allowed_packet=256M
lower_case_table_names = 1
## Character set
collation_server=utf8_unicode_ci
init_connect='SET NAMES utf8'
character_set_server=utf8
## MyISAM
key_buffer_size=32M
myisam_recover_options=FORCE,BACKUP
## Safety
skip_host_cache
skip_name_resolve
max_allowed_packet=16M
max_connect_errors=1000000
sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
sysdate_is_now=1
## Caches and Limits
tmp_table_size=32M
max_heap_table_size=32M
# Re-enabling as now works with Maria 10.1.2
query_cache_type=1
query_cache_limit=4M
query_cache_size=256M
max_connections=500
thread_cache_size=50
open_files_limit=65535
table_definition_cache=4096
table_open_cache=4096
## InnoDB
innodb=FORCE
innodb_strict_mode=1
# Mandatory per https://github.com/codership/documentation/issues/25
innodb_autoinc_lock_mode=2
# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
innodb_doublewrite=1
innodb_flush_method=O_DIRECT
innodb_log_files_in_group=2
innodb_log_file_size=128M
innodb_flush_log_at_trx_commit=1
innodb_file_per_table=1
# 80% Memory is default reco.
# Need to re-evaluate when DB size grows
innodb_buffer_pool_size=2G
innodb_file_format=Barracuda
##########################################################################################
# !!! the following configuration entries are ignored, when mariadbOperator is enabled !!!
##########################################################################################
# bitnami image doesn't support well single quote in password
passwordStrengthOverride: basic
image: bitnami/mariadb-galera:10.5.8
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Set to true if you would like to see extra information on logs
## It turns BASH debugging in minideb-extras-base
##
debug: true
## Sometimes, especially when a lot of pods are created at the same time,
## actions performed on the databases are tried to be done before actual start.
init_sleep_time: 5
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
##
podManagementPolicy: OrderedReady
## MariaDB Gallera K8s svc properties
##
service:
## Kubernetes service type and port number
##
type: ClusterIP
headless: {}
internalPort: &dbPort 3306
ports:
- name: tcp-mysql
port: *dbPort
headlessPorts:
- name: tcp-galera
port: 4567
- name: tcp-ist
port: 4568
- name: tcp-sst
port: 4444
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
nameOverride: mariadb-galera
roles:
- read
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
user_id: 10001
group_id: 10001
## Database credentials for root (admin) user
##
rootUser:
## MariaDB admin user
user: root
## MariaDB admin password
## Password is ignored if externalSecret is specified.
## If not set, password will be "randomly" generated
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
##
# password:
# externalSecret:
## Galera configuration
##
galera:
## Galera cluster name
##
name: galera
## Bootstraping options
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
bootstrap:
## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
##
bootstrapFromNode:
## Force safe_to_bootstrap in grastate.date file.
## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
forceSafeToBootstrap: false
## Credentials to perform backups
##
mariabackup:
## MariaBackup username and password
## Password is ignored if externalSecret is specified.
## If not set, password will be "randomly" generated
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
##
user: mariabackup
# password:
# externalSecret:
## The backup job will mount the mariadb data pvc in order to run mariabackup.
## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
backup:
enabled: false
# used in the mariadb-operator to override the backup name (default is DBName)
# nameOverride:
# defines the backup job execution period
cron: "00 00 * * *"
# used by mariadb-operator to set the max retention time
maxRetention: 720h
retentionPeriod: 3
# used by mariadb-operator to set the backup storage type (PVC, S3, volume)
storageType: PVC
# configuration used for PVC backup storage
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: true
# Enable persistence using an existing PVC
# existingClaim:
## selector can be used to match an existing PersistentVolume
## selector:
## matchLabels:
## app: my-app
selector: {}
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
##
accessMode: ReadWriteOnce
## Persistent Volume size
##
size: 2Gi
# requires mariadb-operator v0.24.0
# configuration used for S3 backup storage
# see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
s3:
bucket: backups
endpoint: minio.minio.svc.cluster.local:9000
#region: us-east-1
accessKeyIdSecretKeyRef:
name: minio
key: access-key-id
secretAccessKeySecretKeyRef:
name: minio
key: secret-access-key
tls:
enabled: false
caSecretKeyRef:
name: minio-ca
key: ca.crt
# configuration used for kubernetes volumes as backup storage
# see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
volume: {}
readinessCheck:
wait_for:
apps:
- '{{ include "common.name" . }}'
## TLS configuration
##
tls:
## Enable TLS
##
enabled: false
## Name of the secret that contains the certificates
##
# certificatesSecret:
## Certificate filename
##
# certFilename:
## Certificate Key filename
##
# certKeyFilename:
## CA Certificate filename
##
# certCAFilename:
## Configure MariaDB with a custom my.cnf file
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
## Alternatively, you can put your my.cnf under the files/ directory
##
mariadbConfiguration: |-
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
plugin_dir=/opt/bitnami/mariadb/plugin
[mysqld]
lower_case_table_names = 1
default_storage_engine=InnoDB
basedir=/opt/bitnami/mariadb
datadir=/bitnami/mariadb/data
plugin_dir=/opt/bitnami/mariadb/plugin
tmpdir=/opt/bitnami/mariadb/tmp
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
bind_address=0.0.0.0
## Character set
collation_server=utf8_unicode_ci
init_connect='SET NAMES utf8'
character_set_server=utf8
## MyISAM
key_buffer_size=32M
myisam_recover_options=FORCE,BACKUP
## Safety
skip_host_cache
skip_name_resolve
max_allowed_packet=16M
max_connect_errors=1000000
sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
sysdate_is_now=1
## Binary Logging
log_bin=mysql-bin
expire_logs_days=14
# Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
sync_binlog=0
# Required for Galera
binlog_format=row
## Caches and Limits
tmp_table_size=32M
max_heap_table_size=32M
# Re-enabling as now works with Maria 10.1.2
query_cache_type=1
query_cache_limit=4M
query_cache_size=256M
max_connections=500
thread_cache_size=50
open_files_limit=65535
table_definition_cache=4096
table_open_cache=4096
## InnoDB
innodb=FORCE
innodb_strict_mode=1
# Mandatory per https://github.com/codership/documentation/issues/25
innodb_autoinc_lock_mode=2
# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
innodb_doublewrite=1
innodb_flush_method=O_DIRECT
innodb_log_files_in_group=2
innodb_log_file_size=128M
innodb_flush_log_at_trx_commit=1
innodb_file_per_table=1
# 80% Memory is default reco.
# Need to re-evaluate when DB size grows
innodb_buffer_pool_size=2G
innodb_file_format=Barracuda
## Logging
log_error=/opt/bitnami/mariadb/logs/mysqld.log
slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
log_queries_not_using_indexes=1
slow_query_log=1
## SSL
## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
# ssl_ca=/certs/ca.pem
# ssl_cert=/certs/server-cert.pem
# ssl_key=/certs/server-key.pem
[galera]
wsrep_on=ON
wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
wsrep_sst_method=mariabackup
wsrep_slave_threads=4
wsrep_cluster_address=gcomm://
wsrep_cluster_name=galera
wsrep_sst_auth="root:"
# Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
innodb_flush_log_at_trx_commit=2
# MYISAM REPLICATION SUPPORT #
wsrep_replicate_myisam=ON
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
transaction-isolation=READ-COMMITTED
wsrep_causal_reads=1
wsrep_sync_wait=7
[mariadb]
plugin_load_add=auth_pam
## Data-at-Rest Encryption
## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
# plugin_load_add=file_key_management
# file_key_management_filename=/encryption/keyfile.enc
# file_key_management_filekey=FILE:/encryption/keyfile.key
# file_key_management_encryption_algorithm=AES_CTR
# encrypt_binlog=ON
# encrypt_tmp_files=ON
## InnoDB/XtraDB Encryption
# innodb_encrypt_tables=ON
# innodb_encrypt_temporary_tables=ON
# innodb_encrypt_log=ON
# innodb_encryption_threads=4
# innodb_encryption_rotate_key_age=1
## Aria Encryption
# aria_encrypt_tables=ON
# encrypt_tmp_disk_tables=ON
## MariaDB additional command line flags
## Can be used to specify command line flags, for example:
##
## extraFlags: "--max-connect-errors=1000 --max_connections=155"
## updateStrategy for MariaDB Master StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## Node affinity type
## Allowed values: soft, hard
type: ""
## Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: true
# Enable persistence using an existing PVC
# existingClaim:
mountPath: /dockerdata-nfs
mountSubPath: "mariadb-galera/data"
## selector can be used to match an existing PersistentVolume
## selector:
## matchLabels:
## app: my-app
selector: {}
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
## Use ReadWriteMany if backup is enabled, see backup section.
##
accessMode: ReadWriteOnce
## Persistent Volume size
##
size: 3Gi
## Additional pod labels
##
# podLabels:
# extraLabel: extraValue
## Priority Class Name
#
# priorityClassName: 'priorityClass'
## MariaDB Galera containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
flavor: small
resources:
small:
limits:
cpu: '1'
memory: 4Gi
requests:
cpu: 500m
memory: 2Gi
large:
limits:
cpu: '2'
memory: 6Gi
requests:
cpu: '1'
memory: 3Gi
unlimited: {}
## MariaDB Galera containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 180
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 180
successThreshold: 1
failureThreshold: 3
startupProbe:
## Initializing the database could take some time
##
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 180
successThreshold: 1
# will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
# stating startup wasn't good (910s per default)
failureThreshold: 90
## Pod disruption budget configuration
##
podDisruptionBudget:
## Specifies whether a Pod disruption budget should be created
##
create: true
minAvailable: 1
# maxUnavailable: 1
## Prometheus exporter configuration
##
metrics:
## Bitnami MySQL Prometheus exporter image
## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
##
image: bitnami/mysqld-exporter:0.12.1-debian-10-r264
pullPolicy: Always
## MySQL exporter additional command line flags
## Can be used to specify command line flags
## E.g.:
## extraFlags:
## - --collect.binlog_size
##
extraFlags: []
## MySQL Prometheus exporter containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 0.5
memory: 256Mi
requests:
cpu: 0.5
memory: 256Mi
## MariaDB Galera metrics container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
## MySQL Prometheus exporter service parameters
##
service:
type: ClusterIP
port: 9104
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9104"
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
enabled: false
## Namespace in which Prometheus is running
##
# namespace: monitoring
## Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# interval: 10s
## Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
# scrapeTimeout: 10s
## ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
# selector:
# prometheus: kube-prometheus
## RelabelConfigs to apply to samples before scraping
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
## Value is evalued as a template
##
relabelings: []
## MetricRelabelConfigs to apply to samples before ingestion
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
## Value is evalued as a template
##
metricRelabelings: []
# - sourceLabels:
# - "__name__"
# targetLabel: "__name__"
# action: replace
# regex: '(.*)'
# replacement: 'example_prefix_$1'
## Prometheus Operator PrometheusRule configuration
##
prometheusRules:
enabled: false
## Additional labels to add to the PrometheusRule so it is picked up by the operator.
## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
selector:
app: prometheus-operator
release: prometheus
## Rules as a map.
rules: []
# - alert: MariaDB-Down
# annotations:
# message: 'MariaDB instance {{ $labels.instance }} is down'
# summary: MariaDB instance is down
# expr: absent(up{job="mariadb-galera"} == 1)
# labels:
# severity: warning
# service: mariadb-galera
# for: 5m