1 # Copyright © 2018 Amdocs
2 # Copyright © 2018,2021 Bell Canada
3 # Copyright © 2019 Samsung Electronics
4 # Copyright © 2020 Bitnami, Orange
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
18 #################################################################
19 # Global configuration defaults.
20 #################################################################
24 mountPath: /dockerdata-nfs
26 mountPath: /dockerdata-nfs/backup
27 clusterDomain: cluster.local
30 # flag to enable the DB creation via mariadb-operator
32 # if useOperator set to "true", set "enableServiceAccount to "false"
33 # as the SA is created by the Operator
34 enableServiceAccount: false
35 nameOverride: mariadb-galera
36 service: mariadb-galera
38 #################################################################
40 #################################################################
42 - uid: '{{ include "common.mariadb.secret.rootPassUID" . }}'
44 externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}'
45 password: '{{ .Values.rootUser.password }}'
46 - uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}'
48 externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}'
49 login: '{{ .Values.db.user }}'
50 password: '{{ .Values.db.password }}'
51 - uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}'
53 externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}'
54 login: '{{ .Values.galera.mariabackup.user }}'
55 password: '{{ .Values.galera.mariabackup.password }}'
61 #storageClassName: default
65 agentImage: mariadb-operator/mariadb-operator
67 initImage: mariadb-operator/mariadb-operator
70 ## String to partially override common.names.fullname template (will maintain the release name)
72 nameOverride: mariadb-galera
74 ## Custom db configuration
77 ## MariaDB username and password
78 ## Password is ignored if externalSecret is specified.
79 ## If not set, password will be "randomly" generated
80 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
86 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
90 ## Desired number of cluster nodes
94 ## Additional pod annotations for MariaDB Galera pods
95 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
96 ## -> here required to enable mariadb-galera in istio
99 # sidecar.istio.io/inject: "false"
100 traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
101 traffic.sidecar.istio.io/includeInboundPorts: '*'
102 traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568,443"
104 mariadbOpConfiguration: |-
106 max_allowed_packet=256M
107 lower_case_table_names = 1
110 collation_server=utf8_unicode_ci
111 init_connect='SET NAMES utf8'
112 character_set_server=utf8
116 myisam_recover_options=FORCE,BACKUP
121 max_allowed_packet=16M
122 max_connect_errors=1000000
123 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
128 max_heap_table_size=32M
129 # Re-enabling as now works with Maria 10.1.2
132 query_cache_size=256M
135 open_files_limit=65535
136 table_definition_cache=4096
137 table_open_cache=4096
142 # Mandatory per https://github.com/codership/documentation/issues/25
143 innodb_autoinc_lock_mode=2
144 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
146 innodb_flush_method=O_DIRECT
147 innodb_log_files_in_group=2
148 innodb_log_file_size=128M
149 innodb_flush_log_at_trx_commit=1
150 innodb_file_per_table=1
151 # 80% Memory is default reco.
152 # Need to re-evaluate when DB size grows
153 innodb_buffer_pool_size=2G
154 innodb_file_format=Barracuda
156 ##########################################################################################
157 # !!! the following configuration entries are ignored, when mariadbOperator is enabled !!!
158 ##########################################################################################
159 # bitnami image doesn't support well single quote in password
160 passwordStrengthOverride: basic
162 image: bitnami/mariadb-galera:10.5.8
163 ## Specify a imagePullPolicy
164 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
165 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
169 ## Set to true if you would like to see extra information on logs
170 ## It turns BASH debugging in minideb-extras-base
174 ## Sometimes, especially when a lot of pods are created at the same time,
175 ## actions performed on the databases are tried to be done before actual start.
178 ## Use an alternate scheduler, e.g. "stork".
179 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
183 ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
184 ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
186 podManagementPolicy: OrderedReady
188 ## MariaDB Gallera K8s svc properties
191 ## Kubernetes service type and port number
195 internalPort: &dbPort 3306
208 ## Pods Service Account
209 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
212 nameOverride: mariadb-galera
216 ## Pod Security Context
217 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
224 ## Database credentials for root (admin) user
227 ## MariaDB admin user
229 ## MariaDB admin password
230 ## Password is ignored if externalSecret is specified.
231 ## If not set, password will be "randomly" generated
232 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
237 ## Galera configuration
240 ## Galera cluster name
244 ## Bootstraping options
245 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
247 ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
250 ## Force safe_to_bootstrap in grastate.date file.
251 ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
252 forceSafeToBootstrap: false
254 ## Credentials to perform backups
257 ## MariaBackup username and password
258 ## Password is ignored if externalSecret is specified.
259 ## If not set, password will be "randomly" generated
260 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
266 ## The backup job will mount the mariadb data pvc in order to run mariabackup.
267 ## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
270 # used in the mariadb-operator to override the backup name (default is DBName)
272 # defines the backup job execution period
274 # used by mariadb-operator to set the max retention time
277 # used by mariadb-operator to set the backup storage type (PVC, S3, volume)
279 # configuration used for PVC backup storage
281 ## If true, use a Persistent Volume Claim, If false, use emptyDir
284 # Enable persistence using an existing PVC
286 ## selector can be used to match an existing PersistentVolume
291 ## Persistent Volume Storage Class
292 ## If defined, storageClassName: <storageClass>
293 ## If set to "-", storageClassName: "", which disables dynamic provisioning
294 ## If undefined (the default) or set to null, no storageClassName spec is
295 ## set, choosing the default provisioner. (gp2 on AWS, standard on
296 ## GKE, AWS & OpenStack)
299 ## Persistent Volume Claim annotations
302 ## Persistent Volume Access Mode
304 accessMode: ReadWriteOnce
305 ## Persistent Volume size
308 # requires mariadb-operator v0.24.0
309 # configuration used for S3 backup storage
310 # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
313 endpoint: minio.minio.svc.cluster.local:9000
315 accessKeyIdSecretKeyRef:
318 secretAccessKeySecretKeyRef:
320 key: secret-access-key
326 # configuration used for kubernetes volumes as backup storage
327 # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
333 - '{{ include "common.servicename" . }}'
341 ## Name of the secret that contains the certificates
343 # certificatesSecret:
344 ## Certificate filename
347 ## Certificate Key filename
350 ## CA Certificate filename
354 ## Configure MariaDB with a custom my.cnf file
355 ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
356 ## Alternatively, you can put your my.cnf under the files/ directory
358 mariadbConfiguration: |-
361 socket=/opt/bitnami/mariadb/tmp/mysql.sock
362 plugin_dir=/opt/bitnami/mariadb/plugin
365 lower_case_table_names = 1
366 default_storage_engine=InnoDB
367 basedir=/opt/bitnami/mariadb
368 datadir=/bitnami/mariadb/data
369 plugin_dir=/opt/bitnami/mariadb/plugin
370 tmpdir=/opt/bitnami/mariadb/tmp
371 socket=/opt/bitnami/mariadb/tmp/mysql.sock
372 pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
376 collation_server=utf8_unicode_ci
377 init_connect='SET NAMES utf8'
378 character_set_server=utf8
382 myisam_recover_options=FORCE,BACKUP
387 max_allowed_packet=16M
388 max_connect_errors=1000000
389 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
395 # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
397 # Required for Galera
402 max_heap_table_size=32M
403 # Re-enabling as now works with Maria 10.1.2
406 query_cache_size=256M
409 open_files_limit=65535
410 table_definition_cache=4096
411 table_open_cache=4096
416 # Mandatory per https://github.com/codership/documentation/issues/25
417 innodb_autoinc_lock_mode=2
418 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
420 innodb_flush_method=O_DIRECT
421 innodb_log_files_in_group=2
422 innodb_log_file_size=128M
423 innodb_flush_log_at_trx_commit=1
424 innodb_file_per_table=1
425 # 80% Memory is default reco.
426 # Need to re-evaluate when DB size grows
427 innodb_buffer_pool_size=2G
428 innodb_file_format=Barracuda
431 log_error=/opt/bitnami/mariadb/logs/mysqld.log
432 slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
433 log_queries_not_using_indexes=1
437 ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
438 # ssl_ca=/certs/ca.pem
439 # ssl_cert=/certs/server-cert.pem
440 # ssl_key=/certs/server-key.pem
444 wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
445 wsrep_sst_method=mariabackup
446 wsrep_slave_threads=4
447 wsrep_cluster_address=gcomm://
448 wsrep_cluster_name=galera
449 wsrep_sst_auth="root:"
450 # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
451 innodb_flush_log_at_trx_commit=2
452 # MYISAM REPLICATION SUPPORT #
453 wsrep_replicate_myisam=ON
455 default_storage_engine=InnoDB
456 innodb_autoinc_lock_mode=2
457 transaction-isolation=READ-COMMITTED
462 plugin_load_add=auth_pam
464 ## Data-at-Rest Encryption
465 ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
466 # plugin_load_add=file_key_management
467 # file_key_management_filename=/encryption/keyfile.enc
468 # file_key_management_filekey=FILE:/encryption/keyfile.key
469 # file_key_management_encryption_algorithm=AES_CTR
471 # encrypt_tmp_files=ON
473 ## InnoDB/XtraDB Encryption
474 # innodb_encrypt_tables=ON
475 # innodb_encrypt_temporary_tables=ON
476 # innodb_encrypt_log=ON
477 # innodb_encryption_threads=4
478 # innodb_encryption_rotate_key_age=1
481 # aria_encrypt_tables=ON
482 # encrypt_tmp_disk_tables=ON
484 ## MariaDB additional command line flags
485 ## Can be used to specify command line flags, for example:
487 ## extraFlags: "--max-connect-errors=1000 --max_connections=155"
489 ## updateStrategy for MariaDB Master StatefulSet
490 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
495 ## Pod affinity preset
496 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
497 ## Allowed values: soft, hard
499 podAffinityPreset: ""
501 ## Pod anti-affinity preset
502 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
503 ## Allowed values: soft, hard
505 podAntiAffinityPreset: soft
507 ## Node affinity preset
508 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
509 ## Allowed values: soft, hard
512 ## Node affinity type
513 ## Allowed values: soft, hard
515 ## Node label key to match
517 ## key: "kubernetes.io/e2e-az-name"
520 ## Node label values to match
528 ## Affinity for pod assignment. Evaluated as a template.
529 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
530 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
534 ## Node labels for pod assignment. Evaluated as a template.
535 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
539 ## Tolerations for pod assignment. Evaluated as a template.
540 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
544 ## Enable persistence using Persistent Volume Claims
545 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
548 ## If true, use a Persistent Volume Claim, If false, use emptyDir
551 # Enable persistence using an existing PVC
553 mountPath: /dockerdata-nfs
554 mountSubPath: "mariadb-galera/data"
555 ## selector can be used to match an existing PersistentVolume
560 ## Persistent Volume Storage Class
561 ## If defined, storageClassName: <storageClass>
562 ## If set to "-", storageClassName: "", which disables dynamic provisioning
563 ## If undefined (the default) or set to null, no storageClassName spec is
564 ## set, choosing the default provisioner. (gp2 on AWS, standard on
565 ## GKE, AWS & OpenStack)
568 ## Persistent Volume Claim annotations
571 ## Persistent Volume Access Mode
572 ## Use ReadWriteMany if backup is enabled, see backup section.
574 accessMode: ReadWriteOnce
575 ## Persistent Volume size
579 ## Additional pod labels
582 # extraLabel: extraValue
584 ## Priority Class Name
586 # priorityClassName: 'priorityClass'
588 ## MariaDB Galera containers' resource requests and limits
589 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
609 ## MariaDB Galera containers' liveness and readiness probes
610 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
614 initialDelaySeconds: 1
621 initialDelaySeconds: 1
627 ## Initializing the database could take some time
630 initialDelaySeconds: 10
634 # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
635 # stating startup wasn't good (910s per default)
638 ## Pod disruption budget configuration
641 ## Specifies whether a Pod disruption budget should be created
647 ## Prometheus exporter configuration
650 ## Bitnami MySQL Prometheus exporter image
651 ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
653 image: bitnami/mysqld-exporter:0.12.1-debian-10-r264
655 ## MySQL exporter additional command line flags
656 ## Can be used to specify command line flags
659 ## - --collect.binlog_size
662 ## MySQL Prometheus exporter containers' resource requests and limits
663 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
666 # We usually recommend not to specify default resources and to leave this as a conscious
667 # choice for the user. This also increases chances charts run on environments with little
668 # resources, such as Minikube. If you do want to specify resources, uncomment the following
669 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
676 ## MariaDB Galera metrics container's liveness and readiness probes
677 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
681 initialDelaySeconds: 30
688 initialDelaySeconds: 5
693 ## MySQL Prometheus exporter service parameters
699 prometheus.io/scrape: "true"
700 prometheus.io/port: "9104"
702 ## Prometheus Operator ServiceMonitor configuration
706 ## Namespace in which Prometheus is running
708 # namespace: monitoring
710 ## Interval at which metrics should be scraped.
711 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
715 ## Timeout after which the scrape is ended
716 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
720 ## ServiceMonitor selector labels
721 ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
724 # prometheus: kube-prometheus
726 ## RelabelConfigs to apply to samples before scraping
727 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
728 ## Value is evalued as a template
732 ## MetricRelabelConfigs to apply to samples before ingestion
733 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
734 ## Value is evalued as a template
736 metricRelabelings: []
739 # targetLabel: "__name__"
742 # replacement: 'example_prefix_$1'
744 ## Prometheus Operator PrometheusRule configuration
749 ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
750 ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
752 app: prometheus-operator
757 # - alert: MariaDB-Down
759 # message: 'MariaDB instance {{ $labels.instance }} is down'
760 # summary: MariaDB instance is down
761 # expr: absent(up{job="mariadb-galera"} == 1)
764 # service: mariadb-galera