{{- printf "db-user-credentials" }}
{{- end -}}
+{{/*
+ UID of mariadb backup credentials
+*/}}
+{{- define "common.mariadb.secret.backupCredentialsUID" -}}
+ {{- printf "db-backup-credentials" }}
+{{- end -}}
+
{{/*
Name of mariadb user credentials secret
*/}}
{{- include "common.mariadb.secret._secretName" (set . "uidTemplate" "common.mariadb.secret.userCredentialsUID") }}
{{- end -}}
+{{/*
+ Choose the name of the mariadb app label to use.
+*/}}
+{{- define "common.mariadbAppName" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{- index .Values "mariadb-galera" "nameOverride" -}}
+ {{- else -}}
+ {{- .Values.global.mariadbGalera.nameOverride -}}
+ {{- end -}}
+{{- end -}}
+
{{/*
Choose the name of the mariadb service to use.
*/}}
{{- define "common.mariadbService" -}}
{{- if .Values.global.mariadbGalera.localCluster -}}
- {{- index .Values "mariadb-galera" "service" "name" -}}
+ {{- if and .Values.global.mariadbGalera.useOperator (index .Values "mariadb-galera" "mariadbOperator" "galera" "enabled") }}
+ {{- printf "%s-primary" (index .Values "mariadb-galera" "nameOverride") -}}
+ {{- else }}
+ {{- index .Values "mariadb-galera" "nameOverride" -}}
+ {{- end }}
{{- else -}}
+ {{- if .Values.global.mariadbGalera.useOperator }}
+ {{- printf "%s-primary" (.Values.global.mariadbGalera.service) }}
+ {{- else }}
{{- .Values.global.mariadbGalera.service -}}
+ {{- end }}
{{- end -}}
{{- end -}}
{{- define "common.mariadbSecretParam" -}}
{{ printf "password" -}}
{{- end -}}
+
+{{/*
+ Create MariDB Database via mariadb-operator
+*/}}
+{{- define "common.mariadbOpDatabase" -}}
+{{- $dot := default . .dot -}}
+{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: Database
+metadata:
+ name: {{ $dbinst }}-{{ $dbname }}
+spec:
+ name: {{ $dbname }}
+ mariaDbRef:
+ name: {{ $dbinst }}
+ characterSet: utf8
+ collate: utf8_general_ci
+ retryInterval: 5s
+{{- end -}}
+
+{{/*
+ Create MariaDB User via mariadb-operator
+*/}}
+{{- define "common.mariadbOpUser" -}}
+{{- $dot := default . .dot -}}
+{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+{{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}}
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: User
+metadata:
+ name: {{ $dbinst }}-{{ $dbuser }}
+spec:
+ name: {{ $dbuser }}
+ mariaDbRef:
+ name: {{ $dbinst }}
+ passwordSecretKeyRef:
+ name: {{ $dbsecret }}
+ key: password
+ # This field is immutable and defaults to 10
+ maxUserConnections: 100
+ retryInterval: 5s
+{{- end -}}
+
+{{/*
+ Grant rights to a MariaDB User via mariadb-operator
+*/}}
+{{- define "common.mariadbOpGrants" -}}
+{{- $dot := default . .dot -}}
+{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}}
+{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: Grant
+metadata:
+ name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }}
+spec:
+ mariaDbRef:
+ name: {{ $dbinst }}
+ privileges:
+ - "ALL"
+ database: {{ $dbname }}
+ table: "*"
+ username: {{ $dbuser }}
+ retryInterval: 5s
+ grantOption: true
+{{- end -}}
+
+{{/*
+ MariaDB Backup via mariadb-operator
+*/}}
+{{- define "common.mariadbOpBackup" -}}
+{{- $dot := default . .dot -}}
+{{- $dbinst := include "common.name" $dot -}}
+{{- $name := default $dbinst $dot.Values.backup.nameOverride -}}
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: Backup
+metadata:
+ name: {{ $name }}
+spec:
+ mariaDbRef:
+ name: {{ $dbinst }}
+ schedule:
+ cron: {{ $dot.Values.backup.cron }}
+ suspend: false
+ maxRetention: {{ $dot.Values.backup.maxRetention }}
+ storage:
+ {{- if eq $dot.Values.backup.storageType "PVC" }}
+ persistentVolumeClaim:
+ resources:
+ requests:
+ storage: {{ $dot.Values.backup.persistence.size }}
+ {{- if $dot.Values.mariadbOperator.storageClassName }}
+ storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }}
+ {{- end }}
+ accessModes:
+ - {{ $dot.Values.backup.persistence.accessMode }}
+ {{- end }}
+ {{- if eq $dot.Values.backup.storageType "S3" }}
+ s3: {{- include "common.tplValue" ( dict "value" .Values.backup.s3 "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if eq $dot.Values.backup.storageType "volume" }}
+ volume: {{- include "common.tplValue" ( dict "value" .Values.backup.volume "context" $) | nindent 6 }}
+ {{- end }}
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 300m
+ memory: 512Mi
+{{- end -}}
+
+{{/*
+ Create a MariaDB instance via mariadb-operator
+*/}}
+{{- define "common.mariadbOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+{{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}}
+{{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}}
+---
+apiVersion: mariadb.mmontes.io/v1alpha1
+kind: MariaDB
+metadata:
+ name: {{ $dbinst }}
+spec:
+ podSecurityContext:
+ runAsUser: 10001
+ runAsGroup: 10001
+ fsGroup: 10001
+ inheritMetadata:
+ {{ if .Values.podAnnotations -}}
+ annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
+ {{- end }}
+ labels:
+ app: {{ $dbinst }}
+ version: {{ .Values.mariadbOperator.appVersion }}
+ rootPasswordSecretKeyRef:
+ name: {{ $dbrootsecret }}
+ key: password
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }}
+ imagePullPolicy: IfNotPresent
+ imagePullSecrets:
+ - name: {{ include "common.namespace" . }}-docker-registry-key
+ port: 3306
+ replicas: {{ $dot.Values.replicaCount }}
+ {{- if $dot.Values.mariadbOperator.galera.enabled }}
+ galera:
+ enabled: true
+ sst: mariabackup
+ replicaThreads: 1
+ agent:
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.mariadbOperator.galera.agentImage }}:{{ $dot.Values.mariadbOperator.galera.agentVersion }}
+ imagePullPolicy: IfNotPresent
+ port: 5555
+ kubernetesAuth:
+ enabled: true
+ authDelegatorRoleName: {{ $dbinst }}-auth
+ gracefulShutdownTimeout: 5s
+ recovery:
+ enabled: true
+ clusterHealthyTimeout: 5m0s
+ clusterBootstrapTimeout: 10m0s
+ podRecoveryTimeout: 5m0s
+ podSyncTimeout: 10m0s
+ initContainer:
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
+ imagePullPolicy: IfNotPresent
+ volumeClaimTemplate:
+ {{- if .Values.mariadbOperator.storageClassName }}
+ storageClassName: {{ .Values.mariadbOperator.storageClassName }}
+ {{- end }}
+ resources:
+ requests:
+ storage: 50Mi
+ accessModes:
+ - ReadWriteOnce
+ {{- end }}
+ livenessProbe:
+ exec:
+ command:
+ - bash
+ - '-c'
+ - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - bash
+ - '-c'
+ - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 5
+ {{- if default false .Values.global.metrics.enabled }}
+ metrics:
+ enabled: true
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: kubernetes.io/hostname
+ tolerations:
+ - key: mariadb.mmontes.io/ha
+ operator: Exists
+ effect: NoSchedule
+ podDisruptionBudget:
+ maxUnavailable: 50%
+ updateStrategy:
+ type: RollingUpdate
+
+ myCnfConfigMapKeyRef:
+ key: my.cnf
+ name: {{ printf "%s-configuration" (include "common.fullname" $dot) }}
+ resources: {{ include "common.resources" . | nindent 4 }}
+ volumeClaimTemplate:
+ {{- if $dot.Values.mariadbOperator.storageClassName }}
+ storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ $dot.Values.mariadbOperator.persistence.size | quote }}
+ accessModes:
+ - ReadWriteOnce
+{{- if $dot.Values.db.user }}
+{{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }}
+{{- end }}
+{{- if $dot.Values.db.name }}
+{{ include "common.mariadbOpDatabase" (dict "dot" . "dbname" $dot.Values.db.name "dbinst" $dbinst) }}
+{{- end }}
+{{- if and $dot.Values.db.user $dot.Values.db.name }}
+{{ include "common.mariadbOpGrants" (dict "dot" . "dbuser" $dot.Values.db.user "dbname" $dot.Values.db.name "dbinst" $dbinst) }}
+{{- end }}
+{{- end -}}