1 # Copyright © 2018 Amdocs
2 # Copyright © 2018,2021 Bell Canada
3 # Copyright © 2019 Samsung Electronics
4 # Copyright © 2020 Bitnami, Orange
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
19 #################################################################
21 #################################################################
23 - uid: '{{ include "common.mariadb.secret.rootPassUID" . }}'
25 externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}'
26 password: '{{ .Values.rootUser.password }}'
27 - uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}'
29 externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}'
30 login: '{{ .Values.db.user }}'
31 password: '{{ .Values.db.password }}'
32 - uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}'
34 externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}'
35 login: '{{ .Values.galera.mariabackup.user }}'
36 password: '{{ .Values.galera.mariabackup.password }}'
38 # bitnami image doesn't support well single quote in password
39 passwordStrengthOverride: basic
41 #################################################################
42 # Global configuration defaults.
43 #################################################################
47 mountPath: /dockerdata-nfs
49 mountPath: /dockerdata-nfs/backup
50 clusterDomain: cluster.local
53 image: bitnami/mariadb-galera:10.5.8
54 ## Specify a imagePullPolicy
55 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
56 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
60 ## Set to true if you would like to see extra information on logs
61 ## It turns BASH debugging in minideb-extras-base
65 ## Sometimes, especially when a lot of pods are created at the same time,
66 ## actions performed on the databases are tried to be done before actual start.
69 ## String to partially override common.names.fullname template (will maintain the release name)
71 nameOverride: mariadb-galera
73 ## Use an alternate scheduler, e.g. "stork".
74 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
78 ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
79 ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
81 podManagementPolicy: OrderedReady
83 ## MariaDB Gallera K8s svc properties
86 ## Kubernetes service type and port number
90 internalPort: &dbPort 3306
103 ## Pods Service Account
104 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
107 nameOverride: mariadb-galera
111 ## Pod Security Context
112 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
119 ## Database credentials for root (admin) user
122 ## MariaDB admin user
124 ## MariaDB admin password
125 ## Password is ignored if externalSecret is specified.
126 ## If not set, password will be "randomly" generated
127 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
132 ## Custom db configuration
135 ## MariaDB username and password
136 ## Password is ignored if externalSecret is specified.
137 ## If not set, password will be "randomly" generated
138 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
143 ## Database to create
144 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
148 ## Galera configuration
151 ## Galera cluster name
155 ## Bootstraping options
156 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
158 ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
161 ## Force safe_to_bootstrap in grastate.date file.
162 ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
163 forceSafeToBootstrap: false
165 ## Credentials to perform backups
168 ## MariaBackup username and password
169 ## Password is ignored if externalSecret is specified.
170 ## If not set, password will be "randomly" generated
171 ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
177 ## The backup job will mount the mariadb data pvc in order to run mariabackup.
178 ## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
184 ## If true, use a Persistent Volume Claim, If false, use emptyDir
187 # Enable persistence using an existing PVC
189 ## selector can be used to match an existing PersistentVolume
194 ## Persistent Volume Storage Class
195 ## If defined, storageClassName: <storageClass>
196 ## If set to "-", storageClassName: "", which disables dynamic provisioning
197 ## If undefined (the default) or set to null, no storageClassName spec is
198 ## set, choosing the default provisioner. (gp2 on AWS, standard on
199 ## GKE, AWS & OpenStack)
202 ## Persistent Volume Claim annotations
205 ## Persistent Volume Access Mode
207 accessMode: ReadWriteOnce
208 ## Persistent Volume size
215 - '{{ include "common.name" . }}'
223 ## Name of the secret that contains the certificates
225 # certificatesSecret:
226 ## Certificate filename
229 ## Certificate Key filename
232 ## CA Certificate filename
236 ## Configure MariaDB with a custom my.cnf file
237 ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
238 ## Alternatively, you can put your my.cnf under the files/ directory
240 mariadbConfiguration: |-
243 socket=/opt/bitnami/mariadb/tmp/mysql.sock
244 plugin_dir=/opt/bitnami/mariadb/plugin
247 lower_case_table_names = 1
248 default_storage_engine=InnoDB
249 basedir=/opt/bitnami/mariadb
250 datadir=/bitnami/mariadb/data
251 plugin_dir=/opt/bitnami/mariadb/plugin
252 tmpdir=/opt/bitnami/mariadb/tmp
253 socket=/opt/bitnami/mariadb/tmp/mysql.sock
254 pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
258 collation_server=utf8_unicode_ci
259 init_connect='SET NAMES utf8'
260 character_set_server=utf8
264 myisam_recover_options=FORCE,BACKUP
269 max_allowed_packet=16M
270 max_connect_errors=1000000
271 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
277 # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
279 # Required for Galera
284 max_heap_table_size=32M
285 # Re-enabling as now works with Maria 10.1.2
288 query_cache_size=256M
291 open_files_limit=65535
292 table_definition_cache=4096
293 table_open_cache=4096
298 # Mandatory per https://github.com/codership/documentation/issues/25
299 innodb_autoinc_lock_mode=2
300 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
302 innodb_flush_method=O_DIRECT
303 innodb_log_files_in_group=2
304 innodb_log_file_size=128M
305 innodb_flush_log_at_trx_commit=1
306 innodb_file_per_table=1
307 # 80% Memory is default reco.
308 # Need to re-evaluate when DB size grows
309 innodb_buffer_pool_size=2G
310 innodb_file_format=Barracuda
313 log_error=/opt/bitnami/mariadb/logs/mysqld.log
314 slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
315 log_queries_not_using_indexes=1
319 ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
320 # ssl_ca=/certs/ca.pem
321 # ssl_cert=/certs/server-cert.pem
322 # ssl_key=/certs/server-key.pem
326 wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
327 wsrep_sst_method=mariabackup
328 wsrep_slave_threads=4
329 wsrep_cluster_address=gcomm://
330 wsrep_cluster_name=galera
331 wsrep_sst_auth="root:"
332 # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
333 innodb_flush_log_at_trx_commit=2
334 # MYISAM REPLICATION SUPPORT #
335 wsrep_replicate_myisam=ON
337 default_storage_engine=InnoDB
338 innodb_autoinc_lock_mode=2
339 transaction-isolation=READ-COMMITTED
344 plugin_load_add=auth_pam
346 ## Data-at-Rest Encryption
347 ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
348 # plugin_load_add=file_key_management
349 # file_key_management_filename=/encryption/keyfile.enc
350 # file_key_management_filekey=FILE:/encryption/keyfile.key
351 # file_key_management_encryption_algorithm=AES_CTR
353 # encrypt_tmp_files=ON
355 ## InnoDB/XtraDB Encryption
356 # innodb_encrypt_tables=ON
357 # innodb_encrypt_temporary_tables=ON
358 # innodb_encrypt_log=ON
359 # innodb_encryption_threads=4
360 # innodb_encryption_rotate_key_age=1
363 # aria_encrypt_tables=ON
364 # encrypt_tmp_disk_tables=ON
366 ## MariaDB additional command line flags
367 ## Can be used to specify command line flags, for example:
369 ## extraFlags: "--max-connect-errors=1000 --max_connections=155"
371 ## Desired number of cluster nodes
375 ## updateStrategy for MariaDB Master StatefulSet
376 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
381 ## Additional pod annotations for MariaDB Galera pods
382 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
383 ## -> here required to enable mariadb-galera in istio
386 # sidecar.istio.io/inject: "false"
387 traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
388 traffic.sidecar.istio.io/includeInboundPorts: '*'
389 traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
391 ## Pod affinity preset
392 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
393 ## Allowed values: soft, hard
395 podAffinityPreset: ""
397 ## Pod anti-affinity preset
398 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
399 ## Allowed values: soft, hard
401 podAntiAffinityPreset: soft
403 ## Node affinity preset
404 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
405 ## Allowed values: soft, hard
408 ## Node affinity type
409 ## Allowed values: soft, hard
411 ## Node label key to match
413 ## key: "kubernetes.io/e2e-az-name"
416 ## Node label values to match
424 ## Affinity for pod assignment. Evaluated as a template.
425 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
426 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
430 ## Node labels for pod assignment. Evaluated as a template.
431 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
435 ## Tolerations for pod assignment. Evaluated as a template.
436 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
440 ## Enable persistence using Persistent Volume Claims
441 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
444 ## If true, use a Persistent Volume Claim, If false, use emptyDir
447 # Enable persistence using an existing PVC
449 mountPath: /dockerdata-nfs
450 mountSubPath: "mariadb-galera/data"
451 ## selector can be used to match an existing PersistentVolume
456 ## Persistent Volume Storage Class
457 ## If defined, storageClassName: <storageClass>
458 ## If set to "-", storageClassName: "", which disables dynamic provisioning
459 ## If undefined (the default) or set to null, no storageClassName spec is
460 ## set, choosing the default provisioner. (gp2 on AWS, standard on
461 ## GKE, AWS & OpenStack)
464 ## Persistent Volume Claim annotations
467 ## Persistent Volume Access Mode
468 ## Use ReadWriteMany if backup is enabled, see backup section.
470 accessMode: ReadWriteOnce
471 ## Persistent Volume size
475 ## Additional pod labels
478 # extraLabel: extraValue
480 ## Priority Class Name
482 # priorityClassName: 'priorityClass'
484 ## MariaDB Galera containers' resource requests and limits
485 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
505 ## MariaDB Galera containers' liveness and readiness probes
506 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
510 initialDelaySeconds: 1
517 initialDelaySeconds: 1
523 ## Initializing the database could take some time
526 initialDelaySeconds: 10
530 # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
531 # stating startup wasn't good (910s per default)
534 ## Pod disruption budget configuration
537 ## Specifies whether a Pod disruption budget should be created
543 ## Prometheus exporter configuration
546 ## Bitnami MySQL Prometheus exporter image
547 ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
549 image: bitnami/mysqld-exporter:0.12.1-debian-10-r264
551 ## MySQL exporter additional command line flags
552 ## Can be used to specify command line flags
555 ## - --collect.binlog_size
558 ## MySQL Prometheus exporter containers' resource requests and limits
559 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
562 # We usually recommend not to specify default resources and to leave this as a conscious
563 # choice for the user. This also increases chances charts run on environments with little
564 # resources, such as Minikube. If you do want to specify resources, uncomment the following
565 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
572 ## MariaDB Galera metrics container's liveness and readiness probes
573 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
577 initialDelaySeconds: 30
584 initialDelaySeconds: 5
589 ## MySQL Prometheus exporter service parameters
595 prometheus.io/scrape: "true"
596 prometheus.io/port: "9104"
598 ## Prometheus Operator ServiceMonitor configuration
602 ## Namespace in which Prometheus is running
604 # namespace: monitoring
606 ## Interval at which metrics should be scraped.
607 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
611 ## Timeout after which the scrape is ended
612 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
616 ## ServiceMonitor selector labels
617 ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
620 # prometheus: kube-prometheus
622 ## RelabelConfigs to apply to samples before scraping
623 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
624 ## Value is evalued as a template
628 ## MetricRelabelConfigs to apply to samples before ingestion
629 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
630 ## Value is evalued as a template
632 metricRelabelings: []
635 # targetLabel: "__name__"
638 # replacement: 'example_prefix_$1'
640 ## Prometheus Operator PrometheusRule configuration
645 ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
646 ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
648 app: prometheus-operator
653 # - alert: MariaDB-Down
655 # message: 'MariaDB instance {{ $labels.instance }} is down'
656 # summary: MariaDB instance is down
657 # expr: absent(up{job="mariadb-galera"} == 1)
660 # service: mariadb-galera