nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows NBI to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
+ localCluster: true
+ globalCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+
#################################################################
# Secrets metaconfig
serviceAccount:
nameOverride: *dbServer
- mariadbConfiguration: |-
- [client]
- port=3306
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- plugin_dir=/opt/bitnami/mariadb/plugin
-
- [mysqld]
- lower_case_table_names = 1
- default_storage_engine=InnoDB
- basedir=/opt/bitnami/mariadb
- datadir=/bitnami/mariadb/data
- plugin_dir=/opt/bitnami/mariadb/plugin
- tmpdir=/opt/bitnami/mariadb/tmp
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
- bind_address=0.0.0.0
-
- ## Character set
- collation_server=utf8_unicode_ci
- init_connect='SET NAMES utf8'
- character_set_server=utf8
-
- ## MyISAM
- key_buffer_size=32M
- myisam_recover_options=FORCE,BACKUP
-
- ## Safety
- skip_host_cache
- skip_name_resolve
- max_allowed_packet=16M
- max_connect_errors=1000000
- sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
- sysdate_is_now=1
-
- ## Binary Logging
- log_bin=mysql-bin
- expire_logs_days=14
- # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
- sync_binlog=0
- # Required for Galera
- binlog_format=row
-
- ## Caches and Limits
- tmp_table_size=32M
- max_heap_table_size=32M
- # Re-enabling as now works with Maria 10.1.2
- query_cache_type=1
- query_cache_limit=4M
- query_cache_size=256M
- max_connections=500
- thread_cache_size=50
- open_files_limit=65535
- table_definition_cache=4096
- table_open_cache=4096
-
- ## InnoDB
- innodb=FORCE
- innodb_strict_mode=1
- # Mandatory per https://github.com/codership/documentation/issues/25
- innodb_autoinc_lock_mode=2
- # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
- innodb_doublewrite=1
- innodb_flush_method=O_DIRECT
- innodb_log_files_in_group=2
- innodb_log_file_size=128M
- innodb_flush_log_at_trx_commit=1
- innodb_file_per_table=1
- # 80% Memory is default reco.
- # Need to re-evaluate when DB size grows
- innodb_buffer_pool_size=2G
- innodb_file_format=Barracuda
-
- ## Logging
- log_error=/opt/bitnami/mariadb/logs/mysqld.log
- slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
- log_queries_not_using_indexes=1
- slow_query_log=1
-
- ## SSL
- ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
- # ssl_ca=/certs/ca.pem
- # ssl_cert=/certs/server-cert.pem
- # ssl_key=/certs/server-key.pem
-
- [galera]
- wsrep_on=ON
- wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
- wsrep_sst_method=mariabackup
- wsrep_slave_threads=4
- wsrep_cluster_address=gcomm://
- wsrep_cluster_name=galera
- wsrep_sst_auth="root:"
- # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
- innodb_flush_log_at_trx_commit=2
- # MYISAM REPLICATION SUPPORT #
- wsrep_replicate_myisam=ON
-
- [mariadb]
- plugin_load_add=auth_pam
-
- ## Data-at-Rest Encryption
- ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
- # plugin_load_add=file_key_management
- # file_key_management_filename=/encryption/keyfile.enc
- # file_key_management_filekey=FILE:/encryption/keyfile.key
- # file_key_management_encryption_algorithm=AES_CTR
- # encrypt_binlog=ON
- # encrypt_tmp_files=ON
-
- ## InnoDB/XtraDB Encryption
- # innodb_encrypt_tables=ON
- # innodb_encrypt_temporary_tables=ON
- # innodb_encrypt_log=ON
- # innodb_encryption_threads=4
- # innodb_encryption_rotate_key_age=1
-
- ## Aria Encryption
- # aria_encrypt_tables=ON
- # encrypt_tmp_disk_tables=ON
-
cds-blueprints-processor:
enabled: true
config:
# Global configuration defaults.
#################################################################
global:
- mariadb:
+ mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ nameOverride: *policy-mariadb
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
prometheusEnabled: false
postgres:
localCluster: false
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
policy: generate
- uid: db-secret
someConfig: blah
mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
+ # mariadb-galera.config and global.mariadbGalera.config must be equals
db:
user: policy-user
# password:
rootUser:
externalSecret: *dbRootPassSecretName
nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadb.service must be equals
+ # mariadb-galera.service and global.mariadbGalera.service must be equals
service: *mariadbService
replicaCount: 1
mariadbOperator:
Code Review / oom.git / commitdiff