# Copyright © 2020 Samsung Electronics # Copyright © 2019 Orange, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs cdsKafkaUser: cds-kafka-user cdsSdcListenerKafkaUser: cds-sdc-list-user ################################################################# # Secrets metaconfig ################################################################# secrets: - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret' uid: 'cds-db-secret' type: basicAuth externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' login: '{{ index .Values "mariadb-galera" "db" "user" }}' password: '{{ index .Values "mariadb-galera" "db" "password" }}' ################################################################# # Application configuration defaults. ################################################################# # application images pullPolicy: Always subChartsOnly: enabled: true # flag to enable debugging - application support required debugEnabled: false # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 20 periodSeconds: 20 timeoutSeconds: 20 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 ingress: enabled: false mariadb-galera: db: user: sdnctl # password: externalSecret: *dbUserSecretName name: &mysqlDbName sdnctl nameOverride: &dbServer cds-db replicaCount: 1 persistence: enabled: true mountSubPath: cds/data serviceAccount: nameOverride: *dbServer mariadbConfiguration: |- [client] port=3306 socket=/opt/bitnami/mariadb/tmp/mysql.sock plugin_dir=/opt/bitnami/mariadb/plugin [mysqld] lower_case_table_names = 1 default_storage_engine=InnoDB basedir=/opt/bitnami/mariadb datadir=/bitnami/mariadb/data plugin_dir=/opt/bitnami/mariadb/plugin tmpdir=/opt/bitnami/mariadb/tmp socket=/opt/bitnami/mariadb/tmp/mysql.sock pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid bind_address=0.0.0.0 ## Character set collation_server=utf8_unicode_ci init_connect='SET NAMES utf8' character_set_server=utf8 ## MyISAM key_buffer_size=32M myisam_recover_options=FORCE,BACKUP ## Safety skip_host_cache skip_name_resolve max_allowed_packet=16M max_connect_errors=1000000 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY sysdate_is_now=1 ## Binary Logging log_bin=mysql-bin expire_logs_days=14 # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql sync_binlog=0 # Required for Galera binlog_format=row ## Caches and Limits tmp_table_size=32M max_heap_table_size=32M # Re-enabling as now works with Maria 10.1.2 query_cache_type=1 query_cache_limit=4M query_cache_size=256M max_connections=500 thread_cache_size=50 open_files_limit=65535 table_definition_cache=4096 table_open_cache=4096 ## InnoDB innodb=FORCE innodb_strict_mode=1 # Mandatory per https://github.com/codership/documentation/issues/25 innodb_autoinc_lock_mode=2 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ innodb_doublewrite=1 innodb_flush_method=O_DIRECT innodb_log_files_in_group=2 innodb_log_file_size=128M innodb_flush_log_at_trx_commit=1 innodb_file_per_table=1 # 80% Memory is default reco. # Need to re-evaluate when DB size grows innodb_buffer_pool_size=2G innodb_file_format=Barracuda ## Logging log_error=/opt/bitnami/mariadb/logs/mysqld.log slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log log_queries_not_using_indexes=1 slow_query_log=1 ## SSL ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem # ssl_ca=/certs/ca.pem # ssl_cert=/certs/server-cert.pem # ssl_key=/certs/server-key.pem [galera] wsrep_on=ON wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so wsrep_sst_method=mariabackup wsrep_slave_threads=4 wsrep_cluster_address=gcomm:// wsrep_cluster_name=galera wsrep_sst_auth="root:" # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit innodb_flush_log_at_trx_commit=2 # MYISAM REPLICATION SUPPORT # wsrep_replicate_myisam=ON [mariadb] plugin_load_add=auth_pam ## Data-at-Rest Encryption ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem # plugin_load_add=file_key_management # file_key_management_filename=/encryption/keyfile.enc # file_key_management_filekey=FILE:/encryption/keyfile.key # file_key_management_encryption_algorithm=AES_CTR # encrypt_binlog=ON # encrypt_tmp_files=ON ## InnoDB/XtraDB Encryption # innodb_encrypt_tables=ON # innodb_encrypt_temporary_tables=ON # innodb_encrypt_log=ON # innodb_encryption_threads=4 # innodb_encryption_rotate_key_age=1 ## Aria Encryption # aria_encrypt_tables=ON # encrypt_tmp_disk_tables=ON cds-blueprints-processor: enabled: true config: cdsDB: dbServer: *dbServer dbPort: 3306 dbName: *mysqlDbName dbCredsExternalSecret: *dbUserSecretName jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}' cds-command-executor: enabled: true cds-py-executor: enabled: true cds-sdc-listener: enabled: true config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cdsSdcListenerKafkaUser }}' cds-ui: enabled: true #Resource Limit flavor -By Default using small flavor: small #segregation for different envionment (Small and Large) resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 1 memory: 2Gi large: limits: cpu: 4 memory: 8Gi requests: cpu: 2 memory: 4Gi unlimited: {}