X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_mariadb.tpl;h=3092298a7d64e9c7fb43c3c0f3c9cdd2fb939ccc;hb=refs%2Fheads%2Fmaster;hp=cd7142fd7367768a2223011c79ffc7a2a760b061;hpb=0f15ec82c3ef94ac510350d43184299564a9fa85;p=oom.git diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index cd7142fd73..3092298a7d 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -14,12 +14,71 @@ # limitations under the License. */}} +{{/* + UID of mariadb root password +*/}} +{{- define "common.mariadb.secret.rootPassUID" -}} + {{- printf "db-root-password" }} +{{- end -}} + +{{/* + Name of mariadb secret +*/}} +{{- define "common.mariadb.secret._secretName" -}} + {{- $global := .dot }} + {{- $chartName := tpl .chartName $global -}} + {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }} +{{- end -}} + +{{/* + Name of mariadb root password secret +*/}} +{{- define "common.mariadb.secret.rootPassSecretName" -}} + {{- include "common.mariadb.secret._secretName" (set . "uidTemplate" "common.mariadb.secret.rootPassUID") }} +{{- end -}} + +{{/* + UID of mariadb user credentials +*/}} +{{- define "common.mariadb.secret.userCredentialsUID" -}} + {{- printf "db-user-credentials" }} +{{- end -}} + +{{/* + UID of mariadb backup credentials +*/}} +{{- define "common.mariadb.secret.backupCredentialsUID" -}} + {{- printf "db-backup-credentials" }} +{{- end -}} + +{{/* + Name of mariadb user credentials secret +*/}} +{{- define "common.mariadb.secret.userCredentialsSecretName" -}} + {{- include "common.mariadb.secret._secretName" (set . "uidTemplate" "common.mariadb.secret.userCredentialsUID") }} +{{- end -}} + +{{/* + Choose the name of the mariadb app label to use. +*/}} +{{- define "common.mariadbAppName" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "nameOverride" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.nameOverride -}} + {{- end -}} +{{- end -}} + {{/* Choose the name of the mariadb service to use. */}} {{- define "common.mariadbService" -}} {{- if .Values.global.mariadbGalera.localCluster -}} - {{- index .Values "mariadb-galera" "service" "name" -}} + {{- if and .Values.global.mariadbGalera.useOperator (index .Values "mariadb-galera" "mariadbOperator" "galera" "enabled") }} + {{- printf "%s-primary" (index .Values "mariadb-galera" "nameOverride") -}} + {{- else }} + {{- index .Values "mariadb-galera" "nameOverride" -}} + {{- end }} {{- else -}} {{- .Values.global.mariadbGalera.service -}} {{- end -}} @@ -41,9 +100,9 @@ */}} {{- define "common.mariadbSecret" -}} {{- if .Values.global.mariadbGalera.localCluster -}} - {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} {{- else -}} - {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} + {{ printf "%s-%s-%s" ( include "common.release" .) (index .Values "mariadb-init" "nameOverride") (index .Values "mariadb-init" "config" "mysqlDatabase" ) -}} {{- end -}} {{- end -}} @@ -51,9 +110,260 @@ Choose the value of secret param to retrieve user value. */}} {{- define "common.mariadbSecretParam" -}} - {{- if .Values.global.mariadbGalera.localCluster -}} - {{ printf "user-password" -}} - {{- else -}} - {{ printf "db-user-password" -}} - {{- end -}} + {{ printf "password" -}} +{{- end -}} + +{{/* + Create MariaDB Database via mariadb-operator +*/}} +{{- define "common.mariadbOpDatabase" -}} +{{- $dot := default . .dot -}} +{{- $dbname := (required "'dbame' param, is required." .dbname) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: {{ $dbinst }}-{{ $dbname }} +spec: + name: {{ $dbname }} + mariaDbRef: + name: {{ $dbinst }} + characterSet: utf8 + collate: utf8_general_ci + retryInterval: 5s +{{- end -}} + +{{/* + Create MariaDB User via mariadb-operator +*/}} +{{- define "common.mariadbOpUser" -}} +{{- $dot := default . .dot -}} +{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +{{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: {{ $dbinst }}-{{ $dbuser }} +spec: + name: {{ $dbuser }} + mariaDbRef: + name: {{ $dbinst }} + waitForIt: true + passwordSecretKeyRef: + name: {{ $dbsecret }} + key: password + # This field is immutable and defaults to 10 + maxUserConnections: 100 + retryInterval: 5s +{{- end -}} + +{{/* + Grant rights to a MariaDB User via mariadb-operator +*/}} +{{- define "common.mariadbOpGrants" -}} +{{- $dot := default . .dot -}} +{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}} +{{- $dbname := (required "'dbame' param, is required." .dbname) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }} +spec: + mariaDbRef: + name: {{ $dbinst }} + waitForIt: true + privileges: + - "ALL" + database: {{ $dbname }} + table: "*" + username: {{ $dbuser }} + retryInterval: 5s + grantOption: true +{{- end -}} + +{{/* + MariaDB Backup via mariadb-operator +*/}} +{{- define "common.mariadbOpBackup" -}} +{{- $dot := default . .dot -}} +{{- $dbinst := include "common.name" $dot -}} +{{- $name := default $dbinst $dot.Values.backup.nameOverride -}} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: {{ $name }} +spec: + inheritMetadata: + labels: + sidecar.istio.io/inject: 'false' + backoffLimit: 5 + logLevel: info + mariaDbRef: + name: {{ $dbinst }} + waitForIt: true + schedule: + cron: {{ $dot.Values.backup.cron }} + suspend: false + maxRetention: {{ $dot.Values.backup.maxRetention }} + storage: + {{- if eq $dot.Values.backup.storageType "PVC" }} + persistentVolumeClaim: + resources: + requests: + storage: {{ $dot.Values.backup.persistence.size }} + {{- if $dot.Values.mariadbOperator.storageClassName }} + storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }} + {{- end }} + accessModes: + - {{ $dot.Values.backup.persistence.accessMode }} + {{- end }} + {{- if eq $dot.Values.backup.storageType "S3" }} + s3: {{- include "common.tplValue" ( dict "value" .Values.backup.s3 "context" $) | nindent 6 }} + {{- end }} + {{- if eq $dot.Values.backup.storageType "volume" }} + volume: {{- include "common.tplValue" ( dict "value" .Values.backup.volume "context" $) | nindent 6 }} + {{- end }} + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "300m" + memory: "500Mi" +{{- end -}} + +{{/* + Create a MariaDB instance via mariadb-operator +*/}} +{{- define "common.mariadbOpInstance" -}} +{{- $dot := default . .dot -}} +{{- $global := $dot.Values.global -}} +{{- $dbinst := include "common.name" $dot -}} +{{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}} +{{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: {{ $dbinst }} +spec: + podSecurityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + inheritMetadata: + {{ if .Values.podAnnotations -}} + annotations: {{ toYaml .Values.podAnnotations | nindent 6 }} + {{- end }} + labels: + # temporarily test mariaDB without sidecar (fix initial Job, Backup and Metrics) + # will be obsolete with "native-sidecars" feature in K8S and Istio + sidecar.istio.io/inject: "false" + app: {{ $dbinst }} + version: {{ .Values.mariadbOperator.appVersion }} + rootPasswordSecretKeyRef: + name: {{ $dbrootsecret }} + key: password + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }} + imagePullPolicy: IfNotPresent + {{- include "common.imagePullSecrets" . | nindent 2 }} + port: 3306 + replicas: {{ $dot.Values.replicaCount }} + {{- if $dot.Values.mariadbOperator.galera.enabled }} + galera: + enabled: true + sst: mariabackup + replicaThreads: 1 + agent: + image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.mariadbOperator.galera.agentImage }}:{{ $dot.Values.mariadbOperator.galera.agentVersion }} + imagePullPolicy: IfNotPresent + port: 5555 + kubernetesAuth: + enabled: true + authDelegatorRoleName: {{ $dbinst }}-auth + gracefulShutdownTimeout: 5s + primary: + automaticFailover: true + podIndex: 0 + recovery: + enabled: true + clusterHealthyTimeout: 30s + clusterBootstrapTimeout: 10m0s + minClusterSize: 50% + podRecoveryTimeout: 3m0s + podSyncTimeout: 3m0s + initContainer: + image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }} + imagePullPolicy: IfNotPresent + config: + reuseStorageVolume: false + volumeClaimTemplate: + {{- if .Values.mariadbOperator.persistence.storageClassName }} + storageClassName: {{ .Values.mariadbOperator.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: 50Mi + accessModes: + - ReadWriteOnce + {{- end }} + livenessProbe: + exec: + command: + - bash + - '-c' + - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - bash + - '-c' + - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + {{- if default false $dot.Values.global.metrics.enabled }} + metrics: + enabled: true + {{- end }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + tolerations: + - key: k8s.mariadb.com/ha + operator: Exists + effect: NoSchedule + podDisruptionBudget: + maxUnavailable: 50% + updateStrategy: + type: RollingUpdate + + myCnfConfigMapKeyRef: + key: my.cnf + name: {{ printf "%s-configuration" (include "common.fullname" $dot) }} + resources: {{ include "common.resources" . | nindent 4 }} + storage: + {{- if $dot.Values.mariadbOperator.persistence.storageClassName }} + storageClassName: {{ $dot.Values.mariadbOperator.persistence.storageClassName }} + {{- end }} + size: {{ $dot.Values.mariadbOperator.persistence.size | quote }} +{{- if $dot.Values.db.user }} +{{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }} +{{- end }} +{{- if $dot.Values.db.name }} +{{ include "common.mariadbOpDatabase" (dict "dot" . "dbname" $dot.Values.db.name "dbinst" $dbinst) }} +{{- end }} +{{- if and $dot.Values.db.user $dot.Values.db.name }} +{{ include "common.mariadbOpGrants" (dict "dot" . "dbuser" $dot.Values.db.user "dbname" $dot.Values.db.name "dbinst" $dbinst) }} +{{- end }} {{- end -}}