From 93a5b49185695a7960ada82f5899265b5bc2e504 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Fri, 27 Nov 2020 11:07:42 +0100 Subject: [PATCH] [COMMON][MARIADB] Upgrade Mariadb DB galera version Mariadb DB Galera containers version is outdated and unmaintained. We need them to move to a new image provider. As new image provider is not compatible with our old templates, we also update the templates (by reworking bitnami mariadb-galera chart). An update of global mariadb image is also done in order to match mariadb galera version. Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac --- docs/release-notes-guilin.rst | 148 +++++ docs/release-notes.rst | 43 +- .../components/appc-ansible-server/values.yaml | 2 +- kubernetes/appc/values.yaml | 21 +- kubernetes/cds/values.yaml | 21 +- kubernetes/common/mariadb-galera/.helmignore | 3 - kubernetes/common/mariadb-galera/Chart.yaml | 1 + kubernetes/common/mariadb-galera/requirements.yaml | 9 +- .../resources/config/configure-mysql.sh | 92 --- .../mariadb-galera/resources/create-deployment.yml | 50 -- .../resources/post-upgrade-script.sh | 142 ----- .../mariadb-galera/resources/upgrade-scripts.sh | 101 ---- .../common/mariadb-galera/templates/NOTES.txt | 28 +- .../mariadb-galera/templates/backup/cronjob.yaml | 237 ++++---- .../common/mariadb-galera/templates/backup/pv.yaml | 24 +- .../mariadb-galera/templates/backup/pvc.yaml | 24 +- .../common/mariadb-galera/templates/configmap.yaml | 66 +-- .../common/mariadb-galera/templates/job.yaml | 109 ---- .../mariadb-galera/templates/metrics-svc.yaml | 34 ++ .../common/mariadb-galera/templates/pdb.yaml | 30 + .../mariadb-galera/templates/prometheusrules.yaml | 31 + kubernetes/common/mariadb-galera/templates/pv.yaml | 34 +- .../common/mariadb-galera/templates/secrets.yaml | 3 +- .../common/mariadb-galera/templates/service.yaml | 24 +- .../mariadb-galera/templates/servicemonitor.yaml | 51 ++ .../mariadb-galera/templates/statefulset.yaml | 314 ++++++---- .../common/mariadb-galera/tests/pv_test.yaml | 35 -- .../mariadb-galera/tests/storage_class_test.yaml | 67 --- .../mariadb-galera/tests/values/persistence.yaml | 6 - kubernetes/common/mariadb-galera/values.yaml | 630 ++++++++++++++++++--- .../network-name-gen/templates/deployment.yaml | 2 +- kubernetes/common/network-name-gen/values.yaml | 16 +- kubernetes/common/repositoryGenerator/values.yaml | 2 +- kubernetes/contrib/components/ejbca/values.yaml | 16 +- .../resources/config/provserver.properties | 2 +- .../dmaap/components/dmaap-dr-prov/values.yaml | 21 +- .../components/modeling-etsicatalog/values.yaml | 17 +- kubernetes/nbi/templates/deployment.yaml | 2 +- kubernetes/nbi/values.yaml | 22 +- kubernetes/onap/values.yaml | 21 +- kubernetes/oof/components/oof-cmso/values.yaml | 29 +- kubernetes/policy/values.yaml | 32 +- kubernetes/sdnc/requirements.yaml | 2 +- kubernetes/sdnc/values.yaml | 53 +- kubernetes/so/values.yaml | 16 +- kubernetes/vfc/values.yaml | 11 +- kubernetes/vid/resources/config/db_cmd.sh | 4 +- kubernetes/vid/templates/deployment.yaml | 2 +- kubernetes/vid/values.yaml | 24 +- 49 files changed, 1416 insertions(+), 1258 deletions(-) create mode 100644 docs/release-notes-guilin.rst delete mode 100755 kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh delete mode 100644 kubernetes/common/mariadb-galera/resources/create-deployment.yml delete mode 100644 kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh delete mode 100644 kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh delete mode 100644 kubernetes/common/mariadb-galera/templates/job.yaml create mode 100644 kubernetes/common/mariadb-galera/templates/metrics-svc.yaml create mode 100644 kubernetes/common/mariadb-galera/templates/pdb.yaml create mode 100644 kubernetes/common/mariadb-galera/templates/prometheusrules.yaml create mode 100644 kubernetes/common/mariadb-galera/templates/servicemonitor.yaml delete mode 100644 kubernetes/common/mariadb-galera/tests/pv_test.yaml delete mode 100644 kubernetes/common/mariadb-galera/tests/storage_class_test.yaml delete mode 100644 kubernetes/common/mariadb-galera/tests/values/persistence.yaml diff --git a/docs/release-notes-guilin.rst b/docs/release-notes-guilin.rst new file mode 100644 index 0000000000..7c820270d3 --- /dev/null +++ b/docs/release-notes-guilin.rst @@ -0,0 +1,148 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 + International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) ONAP Project and its contributors +.. _release_notes_guilin: + +************************************* +ONAP Operations Manager Release Notes +************************************* + +Previous Release Notes +====================== + +- :ref:`Frankfurt ` +- :ref:`El Alto ` +- :ref:`Dublin ` +- :ref:`Casablanca ` +- :ref:`Beijing ` +- :ref:`Amsterdam ` + +Abstract +======== + +This document provides the release notes for the Guilin release. + +Summary +======= + +The focus of this release is to strengthen the foundation of OOM installer. + +Release Data +============ + ++--------------------------------------+--------------------------------------+ +| **Project** | OOM | +| | | ++--------------------------------------+--------------------------------------+ +| **Docker images** | N/A | +| | | ++--------------------------------------+--------------------------------------+ +| **Release designation** | Guilin | +| | | ++--------------------------------------+--------------------------------------+ +| **Release date** | 2020/12/03 | +| | | ++--------------------------------------+--------------------------------------+ + +New features +------------ + +* Kubernetes support for version up to 1.19 +* Helm (experimental) support for version up to 3.3 +* Limits are set for most of the components + +**Bug fixes** + +A list of issues resolved in this release can be found here: +https://jira.onap.org/projects/OOM/versions/10826 + +**Known Issues** + +- `OOM-1237 `_ Source Helm Charts from + ONAP Repo. Having helm charts repo is not possible for Frankfurt release. +- `OOM-1720 `_ galera container is + outdated. containers used for mariadb are outdated and not supported anymore. +- `OOM-1817 `_ Use of global.repository + inconsistent across Helm Charts. it's then may be hard to retrieve some + containers when deploying in constrained environment. +- `OOM-2227 `_ Cassandra Backup Mechanism + works only on "static PV" mode. +- `OOM-2285 `_ deploy.sh does not work + for mariadb-galera. deploy script doesn't behave well with "-" in the + component name. +- `OOM-2421 `_ OOM nbi chart deployment + error +- `OOM-2534 `_ Cert-Service leverages + runtime external dependency +- `OOM-2554 `_ Common pods have java 8 +- `OOM-2588 `_ Various subcharts not + installing due to helm size issues +- `OOM-2629 `_ NetBox demo entry setup + not complete + + +Deliverables +------------ + +Software Deliverables +~~~~~~~~~~~~~~~~~~~~~ + +OOM provides `Helm charts `_ that needs to be +"compiled" into Helm package. see step 6 in +:doc:`quickstart guide `. + +Documentation Deliverables +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- :doc:`Project Description ` +- :doc:`Cloud Setup Guide ` +- :doc:`Quick Start Guide ` +- :doc:`Setup Ingress Controller ` +- :doc:`Developer Guide ` +- :doc:`Hardcoded Certificates ` + +Known Limitations, Issues and Workarounds +========================================= + +Known Vulnerabilities +--------------------- + +- Hard coded password used for all OOM deployments + [`OJSI-188 `_] +- :doc:`Hard coded certificates ` in Helm packages + +Workarounds +----------- + +- `OOM-1237 `_ Workaround is to generate + them as explained in documentation. +- `OOM-1817 `_ Workaround is to use + offline installer if needed. +- `OOM-2227 `_ Workaround is to stick to + "static PV" (so, not using storage class) if backup is needed. +- `OOM-2285 `_ Workaround is to use + directly helm upgrade if needed. +- `OOM-2534 `_ Workaround is to download + in advance docker.io/openjdk:11-jre-slim where you will generate the charts + +Security Notes +-------------- + +**Fixed Security Issues** + +References +========== + +For more information on the ONAP Frankfurt release, please see: + +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ + + +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 30f4353ba4..16bc15dd5f 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes Previous Release Notes ====================== +- :ref:`Guilin ` - :ref:`Frankfurt ` - :ref:`El Alto ` - :ref:`Dublin ` @@ -21,7 +22,7 @@ Previous Release Notes Abstract ======== -This document provides the release notes for the Frankfurt release. +This document provides the release notes for the Honolulu release. Summary ======= @@ -38,7 +39,7 @@ Release Data | **Docker images** | N/A | | | | +--------------------------------------+--------------------------------------+ -| **Release designation** | Guilin | +| **Release designation** | Honolulu | | | | +--------------------------------------+--------------------------------------+ | **Release date** | 2020/12/03 | @@ -59,27 +60,9 @@ https://jira.onap.org/projects/OOM/versions/10826 **Known Issues** -- `OOM-1237 `_ Source Helm Charts from - ONAP Repo. Having helm charts repo is not possible for Frankfurt release. -- `OOM-1720 `_ galera container is - outdated. containers used for mariadb are outdated and not supported anymore. -- `OOM-1817 `_ Use of global.repository - inconsistent across Helm Charts. it's then may be hard to retrieve some - containers when deploying in constrained environment. -- `OOM-2227 `_ Cassandra Backup Mechanism - works only on "static PV" mode. -- `OOM-2285 `_ deploy.sh does not work - for mariadb-galera. deploy script doesn't behave well with "-" in the - component name. -- `OOM-2421 `_ OOM nbi chart deployment - error -- `OOM-2534 `_ Cert-Service leverages - runtime external dependency -- `OOM-2554 `_ Common pods have java 8 -- `OOM-2588 `_ Various subcharts not - installing due to helm size issues -- `OOM-2629 `_ NetBox demo entry setup - not complete +- ``_ + bitnami mariadb galera image doesn't support single quote in password. + Deliverables @@ -115,16 +98,10 @@ Known Vulnerabilities Workarounds ----------- -- `OOM-1237 `_ Workaround is to generate - them as explained in documentation. -- `OOM-1817 `_ Workaround is to use - offline installer if needed. -- `OOM-2227 `_ Workaround is to stick to - "static PV" (so, not using storage class) if backup is needed. -- `OOM-2285 `_ Workaround is to use - directly helm upgrade if needed. -- `OOM-2534 `_ Workaround is to download - in advance docker.io/openjdk:11-jre-slim where you will generate the charts +- ``_ + Workaround is to generate a password with "short" strenght or pregenerate + passwords without single quote in it. Default deployment is using "short" + password generation for mariadb. Security Notes -------------- diff --git a/kubernetes/appc/components/appc-ansible-server/values.yaml b/kubernetes/appc/components/appc-ansible-server/values.yaml index 1588bc52d6..076cf6b5f2 100644 --- a/kubernetes/appc/components/appc-ansible-server/values.yaml +++ b/kubernetes/appc/components/appc-ansible-server/values.yaml @@ -36,7 +36,7 @@ config: ansibleUid: 100 ansibleGid: 101 appcChartName: appc - mysqlServiceName: appc-dbhost + mysqlServiceName: appc-db configDir: /opt/onap/ccsdk # default number of instances diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 92c9985c35..cc56bb4859 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -82,8 +82,8 @@ config: odlGid: 101 ansibleServiceName: appc-ansible-server ansiblePort: 8000 - mariadbGaleraSVCName: appc-dbhost - mariadbGaleraContName: appc-db + mariadbGaleraSVCName: &appc-db appc-db + mariadbGaleraContName: *appc-db enableAAF: true enableClustering: false configDir: /opt/onap/appc/data/properties @@ -110,24 +110,25 @@ appc-ansible-server: name: appc-ansible-server internalPort: 8000 config: - mysqlServiceName: appc-dbhost + mysqlServiceName: *appc-db appc-cdt: enabled: true mariadb-galera: - nameOverride: appc-db - config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' + nameOverride: *appc-db + rootUser: + externalSecret: '{{ include "common.release" . }}-appc-db-root-pass' service: - name: appc-dbhost - portName: appc-dbhost + name: *appc-db nfsprovisionerPrefix: appc sdnctlPrefix: appc persistence: mountSubPath: appc/data enabled: true disableNfsProvisioner: true + serviceAccount: + nameOverride: *appc-db dgbuilder: nameOverride: appc-dgbuilder @@ -137,8 +138,8 @@ dgbuilder: db: rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds' - dbPodName: appc-db - dbServiceName: appc-dbhost + dbPodName: *appc-db + dbServiceName: *appc-db service: name: appc-dgbuilder diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index 0b7403e8ac..5510b3a3a0 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -30,9 +30,9 @@ secrets: - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret' uid: 'cds-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' ################################################################# # Application configuration defaults. @@ -71,19 +71,18 @@ ingress: enabled: false mariadb-galera: - config: - userName: sdnctl - # userPassword: sdnctl - userCredentialsExternalSecret: *dbUserSecretName - mysqlDatabase: &mysqlDbName sdnctl + db: + user: sdnctl + # password: + externalSecret: *dbUserSecretName + name: &mysqlDbName sdnctl nameOverride: &dbServer cds-db - service: - name: cds-db - portName: cds-db replicaCount: 1 persistence: enabled: true mountSubPath: cds/data + serviceAccount: + nameOverride: *dbServer cds-blueprints-processor: enabled: true diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore index f3d010c5f7..f0c1319444 100644 --- a/kubernetes/common/mariadb-galera/.helmignore +++ b/kubernetes/common/mariadb-galera/.helmignore @@ -19,6 +19,3 @@ .project .idea/ *.tmproj - -# Unit tests folder -tests diff --git a/kubernetes/common/mariadb-galera/Chart.yaml b/kubernetes/common/mariadb-galera/Chart.yaml index 0b4b3ba783..209c8c03e5 100644 --- a/kubernetes/common/mariadb-galera/Chart.yaml +++ b/kubernetes/common/mariadb-galera/Chart.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Bitnami, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/mariadb-galera/requirements.yaml b/kubernetes/common/mariadb-galera/requirements.yaml index 2397316010..b378e5738b 100644 --- a/kubernetes/common/mariadb-galera/requirements.yaml +++ b/kubernetes/common/mariadb-galera/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +17,12 @@ dependencies: - name: common version: ~7.x-0 repository: 'file://../common' + - name: readinessCheck + version: ~7.x-0 + repository: 'file://../readinessCheck' - name: repositoryGenerator version: ~7.x-0 - repository: 'file://../repositoryGenerator' \ No newline at end of file + repository: 'file://../repositoryGenerator' + - name: serviceAccount + version: ~7.x-0 + repository: 'file://../serviceAccount' diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh deleted file mode 100755 index b354efe86c..0000000000 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -{{/* -# -# Adfinis SyGroup AG -# openshift-mariadb-galera: mysql setup script -# -*/}} - -set -eox pipefail - -echo 'Running mysql_install_db ...' -mysql_install_db --datadir=/var/lib/mysql -echo 'Finished mysql_install_db' - -mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF & -pid="$!" - -mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock ) - -for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 -done -if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 -fi - -if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql -fi - -prepare_password() -{ - echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" -} - -mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` -# add MariaDB root user -"${mysql[@]}" <<-EOSQL --- What's done in this file shouldn't be replicated --- or products like mysql-fabric won't work -SET @@SESSION.SQL_LOG_BIN=0; - -DELETE FROM mysql.user ; -CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ; -GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; -DROP DATABASE IF EXISTS test ; -FLUSH PRIVILEGES ; -EOSQL - -# add root password for subsequent calls to mysql -if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) -fi - -# add users require for Galera -# TODO: make them somehow configurable -"${mysql[@]}" <<-EOSQL -CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ; -GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ; -CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe'; -EOSQL - -if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) -fi - -if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - mysql_password=`prepare_password $MYSQL_PASSWORD` - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - - echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" -fi - -if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 -fi - -echo -echo 'MySQL init process done. Ready for start up.' -echo diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml deleted file mode 100644 index 0f6bb5929e..0000000000 --- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ include "common.fullname" . }} - template: - metadata: - labels: - app: {{ include "common.fullname" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.sstPort }} - name: {{ .Values.service.sstPortName }} - - containerPort: {{ .Values.service.replicationPort }} - name: {{ .Values.service.replicationName }} - - containerPort: {{ .Values.service.istPort }} - name: {{ .Values.service.istPortName }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: login - name: {{ include "common.fullname" . }}-temp-upgrade-usercred - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: {{ include "common.fullname" . }}-temp-upgrade-usercred - - name: MYSQL_DATABASE - value: {{ default "" .Values.config.mysqlDatabase | quote }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: {{ include "common.fullname" . }}-temp-upgrade-root - subdomain: {{ .Values.service.name }} - hostname: {{ .Values.nameOverride }}-upgrade-deployment diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh deleted file mode 100644 index ec09df3a86..0000000000 --- a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/bash - -TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ - app='{{ include "common.fullname" . }}' -o \ - jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') - -tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ - MYSQL_PASSWORD) | base64) - -tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ - MYSQL_ROOT_PASSWORD) | base64) - -FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}' - -FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}' - -kubectl patch secret $FLAG_EX_ROOT_SEC -p \ - '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}' - -kubectl patch secret $FLAG_EX_SEC -p \ - '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}' - -MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_USER) - -MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_PASSWORD)) - -MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_ROOT_PASSWORD) - -CURRENT_STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - -DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-upgrade-deployment -o \ - jsonpath='{.status.replicas}') - -if [[ $CURRENT_STS_REPLICA == "0" ]] -then - echo "Seems there was no upgrade of cluster and we will scale up cluster replicas back to $REPLICA_COUNT now" - kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=$REPLICA_COUNT -fi - -MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - -while [[ ! $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] -do - echo "The cluster is not scaled up to $REPLICA_COUNT yet. Please wait ..." - MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - echo "The current status of the cluster is $MY_REPLICA_NUMBER" - sleep 2 - if [[ $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] - then - break - fi -done - -CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ - awk '{print $2}') - -CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - -while [[ ! $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ - || [[ ! $CLUSTER_STATE == "Synced" ]] -do - echo "$CLUSTER_NO and $CLUSTER_STATE" - CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ - | awk '{print $2}') - CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - sleep 2 - if [[ $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ - && [[ $CLUSTER_STATE == "Synced" ]] - then - echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." - break - fi -done - -MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - -while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] -do - echo "Mariadb deployment is not ready yet." - sleep 2 - MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - if [[ $MYSQL_STATUS == "mysqld is alive" ]] - then - echo "Mariadb deployment is ready and cluster size is $CLUSTER_NO" - break - fi -done - -echo "Deleting upgrade deployment now" - -kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment -kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root -kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred - -CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ - awk '{print $2}') - -CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - -while [[ ! $CLUSTER_NO == $REPLICA_COUNT ]] \ - || [[ ! $CLUSTER_STATE == "Synced" ]] -do - echo "$CLUSTER_NO and $CLUSTER_STATE" - CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ - | awk '{print $2}') - CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - sleep 2 - if [[ $CLUSTER_NO == $REPLICA_COUNT ]] \ - && [[ $CLUSTER_STATE == "Synced" ]] - then - echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." - break - fi -done - -echo "The cluster upgrade is finished now" diff --git a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh deleted file mode 100644 index ff44606e23..0000000000 --- a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER) - -MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD) - -MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD) - -kubectl create secret generic \ - '{{ include "common.fullname" . }}'-temp-upgrade-root \ - --from-literal=password=$MYSQL_ROOT_PASSWORD - -kubectl create secret generic \ - '{{ include "common.fullname" . }}'-temp-upgrade-usercred \ - --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD - -kubectl create -f /upgrade/create-deployment.yml - -TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ - app='{{ include "common.fullname" . }}' -o \ - jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') - -CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ - awk '{print $2}') - -CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - -STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - -DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-upgrade-deployment -o \ - jsonpath='{.status.replicas}') - -while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ - || [[ ! $CLUSTER_STATE == "Synced" ]] -do - echo "$CLUSTER_NO and $CLUSTER_STATE" - CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ - | awk '{print $2}') - CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - sleep 2 - if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ - && [[ $CLUSTER_STATE == "Synced" ]] - then - echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." - break - fi -done - -MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - -while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] -do - echo "Mariadb deployment is not ready yet." - sleep 2 - MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - if [[ $MYSQL_STATUS == "mysqld is alive" ]] - then - echo "Mariadb deployment is ready." - break - fi -done - -kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0 -MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') -echo "The the cluster has $MY_REPLICA_NUMBER replicas." - -while [[ ! $MY_REPLICA_NUMBER == "0" ]] -do - echo "The cluster is not scaled to 0 yet. Please wait ..." - MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - echo "The current status of the cluster is $MY_REPLICA_NUMBER" - sleep 2 - if [[ $MY_REPLICA_NUMBER == "0" ]] - then - break - fi -done - -for (( index=0; index<$STS_REPLICA; index+=1 )) -do - kubectl delete pvc \ - "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index" -done diff --git a/kubernetes/common/mariadb-galera/templates/NOTES.txt b/kubernetes/common/mariadb-galera/templates/NOTES.txt index 96f2fd8c63..d6a9ac0079 100644 --- a/kubernetes/common/mariadb-galera/templates/NOTES.txt +++ b/kubernetes/common/mariadb-galera/templates/NOTES.txt @@ -1,18 +1,24 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Bitnami, Orange # -# This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Full license text at https://creativecommons.org/licenses/by/4.0/legalcode - -MariaDB-Galera service can be accessed via port 3306 on the following DNS name from within your cluster: -{{ include "common.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To connect to your database: +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} -1. Run a pod that you can use as a client: +** Please be patient while the chart is being deployed ** - kubectl run {{ include "common.fullname" . }}-client --rm --tty -i --image mariadb --command -- bash +Tip: -2. Connect using the mysql cli, then provide your password: - $ mysql -h {{ include "common.fullname" . }} {{- if .Values.mysqlRootPassword }} -p {{ .Values.mysqlRootPassword }}{{- end -}} + Watch the deployment status using the command: + kubectl get sts -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 1c780179be..210fbd02ba 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Amdocs, Bell Canada, Samsung Electronics +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,17 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- if .Values.backup.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: name: {{ include "common.fullname" . }}-backup namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: schedule: {{ .Values.backup.cron | quote }} concurrencyPolicy: Forbid @@ -32,141 +30,130 @@ spec: spec: template: spec: + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + {{ include "common.podSecurityContext" . | indent 10 | trim}} restartPolicy: Never - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - {{ include "common.name" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - name: mariadb-galera-backup-init - image: {{ include "repositoryGenerator.image.mariadb" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/bash - - -c - - | - remove_dir(){ - dirToRemove=$1 - rm -rf $dirToRemove - echo "Failed" > /backup/backup.log - echo "Backup failed!!!" - } + initContainers: {{- include "common.readinessCheck.waitFor" . | nindent 12 }} + - name: mariadb-galera-backup-init + image: {{ include "repositoryGenerator.image.mariadb" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 14 | trim }} + command: + - /bin/bash + - -c + - | + remove_dir(){ + dirToRemove=$1 + rm -rf $dirToRemove + echo "Failed" > /backup/backup.log + echo "Backup failed!!!" + } - target_dir=/backup/backup-`date +%s` - mkdir -p $target_dir + target_dir=/backup/backup-`date +%s` + mkdir -p $target_dir - mysqlhost={{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}.{{ .Values.service.name }} + mysqlhost={{ include "common.servicename" . }}.{{ include "common.namespace" . }} - mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost + mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost - ret_code=$? - if [ $ret_code -ne 0 ]; then - remove_dir $target_dir - exit 0 - fi + ret_code=$? + if [ $ret_code -ne 0 ]; then + remove_dir $target_dir + exit 0 + fi - echo "Starting Backup Preparation!!!" - mariabackup --prepare --target-dir=$target_dir - ret_code=$? - if [ $ret_code -ne 0 ]; then - remove_dir $target_dir - exit 0 - fi - echo "Success" > /backup/backup.log - echo "Backup Successful!!!" - env: - - name: DB_PASS - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} - volumeMounts: - - name: backup-dir - mountPath: /backup - - name: db-data - mountPath: /var/lib/mysql + echo "Starting Backup Preparation!!!" + mariabackup --prepare --target-dir=$target_dir + ret_code=$? + if [ $ret_code -ne 0 ]; then + remove_dir $target_dir + exit 0 + fi + echo "Success" > /backup/backup.log + echo "Backup Successful!!!" + env: + - name: DB_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 18 }} + resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - name: backup-dir + mountPath: /backup containers: - - name: mariadb-backup-validate - image: {{ include "repositoryGenerator.image.mariadb" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} - command: - - /bin/bash - - -c - - | - remove_dir(){ - dirToRemove=$1 - rm -rf $dirToRemove - echo "Validation Failed!!!"; - } + - name: mariadb-backup-validate + image: {{ include "repositoryGenerator.image.mariadb" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 14 | trim }} + env: + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 18 }} + command: + - /bin/bash + - -c + - | + remove_dir(){ + dirToRemove=$1 + rm -rf $dirToRemove + echo "Validation Failed!!!"; + } - backup_result=`cat /backup/backup.log` - rm -rf /backup/backup.log + backup_result=`cat /backup/backup.log` + rm -rf /backup/backup.log - if [ "$backup_result" == "Failed" ]; then - echo "Backup Failed!!! So Validation Failed!!!"; - exit 0 - fi + if [ "$backup_result" == "Failed" ]; then + echo "Backup Failed!!! Validation Failed!!!"; + exit 0 + fi - target_dir=$(ls -td -- /backup/backup-* | head -n 1) - cp -Ra $target_dir/* /var/lib/mysql/ + target_dir=$(ls -td -- /backup/backup-* | head -n 1) + cp -Ra $target_dir/* /var/lib/mysql/ - if [ ! "$(ls -A /var/lib/mysql)" ]; then - remove_dir $target_dir - exit 0 - fi + if [ ! "$(ls -A /var/lib/mysql)" ]; then + remove_dir $target_dir + exit 0 + fi - /docker-entrypoint.sh mysqld & + /docker-entrypoint.sh mysqld & - count=0 - until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1"; - do sleep 3; - count=`expr $count + 1`; - if [ $count -ge 30 ]; then - remove_dir $target_dir - exit 0; - fi; - done + count=0 + until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1"; + do sleep 3; + count=`expr $count + 1`; + if [ $count -ge 30 ]; then + remove_dir $target_dir + exit 0; + fi; + done - mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log - error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l` + mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log + error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l` - cat /tmp/output.log + cat /tmp/output.log - if [ $error_lines -gt 1 ];then - remove_dir $target_dir - else - echo "Validation successful!!!" - cd /backup - totalFiles=`ls -t | grep "backup-" | wc -l` - if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then - filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}` - ls -tr | grep backup | head -$filestoDelete | xargs rm -rf - fi - fi - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: backup-dir - mountPath: /backup + if [ $error_lines -gt 1 ];then + remove_dir $target_dir + else + echo "Validation successful!!!" + cd /backup + totalFiles=`ls -t | grep "backup-" | wc -l` + if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then + filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}` + ls -tr | grep backup | head -$filestoDelete | xargs rm -rf + fi + fi + resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: backup-dir + mountPath: /backup + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: backup-dir - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-backup-data - - name: db-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: backup-dir + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-backup-data {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml index ec6f44d955..30eb74b059 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml @@ -1,5 +1,6 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange +# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019-2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,28 +15,29 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim) -}} {{- if eq "True" (include "common.needPV" .) -}} --- apiVersion: v1 kind: PersistentVolume metadata: - name: {{ include "common.fullname" . }}-backup-data + name: {{ include "common.fullname" . }}-backup namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - name: {{ include "common.fullname" . }}-backup-data + app: {{ include "common.fullname" . }}-backup + app.kubernetes.io/name: {{ include "common.name" . }} + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ include "common.release" . }}-backup + app.kubernetes.io/managed-by: {{ .Release.Service }} spec: capacity: - storage: {{ .Values.persistence.size }} + storage: {{ .Values.backup.persistence.size }} accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ .Values.backup.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.backup.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" . }}-data-backup" hostPath: - path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" $ }}/{{ include "common.fullname" $ }} + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.namespace" . }}/{{ include "common.fullname" . }} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index 807833ae93..5dd8a3f52f 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -1,5 +1,6 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange +# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019-2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +15,7 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} --- kind: PersistentVolumeClaim apiVersion: v1 @@ -22,21 +23,22 @@ metadata: name: {{ include "common.fullname" . }}-backup-data namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-backup - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} + app: {{ include "common.fullname" . }}-backup + app.kubernetes.io/name: {{ include "common.name" . }} + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ include "common.release" . }}-backup + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.backup.persistence.annotations }} annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} +{{ toYaml .Values.backup.persistence.annotations | indent 4 }} {{- end }} spec: accessModes: - - {{ .Values.persistence.accessMode }} + - {{ .Values.backup.persistence.accessMode }} resources: requests: - storage: {{ .Values.persistence.size }} -{{- if eq "True" (include "common.needPV" .) -}} + storage: {{ .Values.backup.persistence.size }} +{{- if (include "common.needPV" .) }} storageClassName: "{{ include "common.fullname" . }}-data-backup" {{- else }} storageClassName: {{ include "common.storageClass" . }} diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 685901fa95..c95a234fb7 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics, and TATA Communications +# Copyright © 2020 Samsung Electronics, TATA Communications, Bitnami, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,65 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if .Values.externalConfig }} + +{{ if .Values.mariadbConfiguration }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-external-config + name: {{ printf "%s-configuration" (include "common.fullname" .) }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: - my_extra.cnf: | -{{ .Values.externalConfig | indent 4 }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-upgrade-deployment - annotations: - "helm.sh/hook": "pre-upgrade" - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-post-upgrade-deployment - annotations: - "helm.sh/hook": "post-upgrade" - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }} + my.cnf: | +{{ .Values.mariadbConfiguration | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml deleted file mode 100644 index 250279ace2..0000000000 --- a/kubernetes/common/mariadb-galera/templates/job.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pre-upgrade - annotations: - "helm.sh/hook": "pre-upgrade" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - securityContext: - fsGroup: 1001 - runAsUser: 1001 - containers: - - name: mariadb-job-pre-upgrade - image: {{ include "repositoryGenerator.image.kubectl" . }} - imagePullPolicy: IfNotPresent - env: - - name: NAMESPACE_ENV - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - command: ["/bin/bash", "-c", "--"] - args: ["/upgrade/upgrade-scripts.sh"] - volumeMounts: - - name: config-mariadb-upgrade - mountPath: /upgrade - volumes: - - name: config-mariadb-upgrade - configMap: - name: {{ include "common.fullname" . }}-upgrade-deployment - defaultMode: 0777 - restartPolicy: OnFailure ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-upgrade - annotations: - "helm.sh/hook": "post-upgrade" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - securityContext: - fsGroup: 1001 - runAsUser: 0 - initContainers: - - image: {{ include "repositoryGenerator.image.readiness" . }} - name: mariadb-galera-upgrade-readiness - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - command: - - /app/ready.py - args: - - --container-name - - mariadb-galera - containers: - - name: mariadb-job-post-upgrade - image: {{ include "repositoryGenerator.image.kubectl" . }} - imagePullPolicy: IfNotPresent - env: - - name: NAMESPACE_ENV - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: REPLICA_COUNT - value: "{{ .Values.replicaCount }}" - command: ["/bin/bash", "-c", "--"] - args: ["/upgrade/post-upgrade-script.sh"] - volumeMounts: - - name: config-mariadb-upgrade - mountPath: /upgrade - volumes: - - name: config-mariadb-upgrade - configMap: - name: {{ include "common.fullname" . }}-post-upgrade-deployment - defaultMode: 0777 - restartPolicy: OnFailure ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-delete - annotations: - "helm.sh/hook": "post-delete" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - containers: - - name: mariadb-job-post-delete - image: {{ include "repositoryGenerator.image.kubectl" . }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash", "-c", "--"] - args: - - for ((index=0;index<{{ $.Values.replicaCount }};index+=1)); - do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"; - done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment; - restartPolicy: OnFailure diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml new file mode 100644 index 0000000000..e71351e9cb --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -0,0 +1,34 @@ +{{/* +# Copyright © 2020 Bitnami, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if default false .Values.global.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.fullname" .) }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} + {{- if .Values.metrics.service.annotations }} + annotations: {{- include "common.tplValue" (dict "value" .Values.metrics.service.annotations "context" .) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + selector: {{- include "common.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml new file mode 100644 index 0000000000..4697934879 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2020 Bitnami, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.podDisruptionBudget.create }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: {{- include "common.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml new file mode 100644 index 0000000000..cf0ab566a4 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2020 Bitnami, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} + {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }} +spec: + groups: + - name: {{ template "common.fullname" . }} + rules: + {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} +{{- end }} + diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 579b3475d1..54a02cf2db 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -1,5 +1,6 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019-2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,33 +15,4 @@ # limitations under the License. */}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" . }} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 27c9a3aaee..527f41266d 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics +# Copyright © 2019-2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +16,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }} +{{ include "common.secretFast" . }} \ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 69d8999f67..75aff985e5 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,23 +15,6 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -# name: {{ include "common.servicename" . }} - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -spec: - ports: - - name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort }} - clusterIP: None - selector: - app: {{ include "common.fullname" . }} +{{ include "common.service" . }} +--- +{{ include "common.headlessService" . }} diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml new file mode 100644 index 0000000000..6c3b41f5a5 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{/* +# Copyright © 2020 Bitnami, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ include "common.namespace" . }} + {{- end }} + labels: {{- include "common.labels" . | nindent 4 }} + {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.matchLabels" . | nindent 6 }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index eb21fe3182..0dcb8e3e1c 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,5 +1,8 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# Copyright © 2019-2020 Orange +# Copyright © 2020 Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,128 +19,223 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - serviceName: {{ .Values.service.name }} + podManagementPolicy: {{ .Values.podManagementPolicy }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.fullname" . }} + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }}-headless + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} template: - metadata: - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - annotations: - pod.alpha.kubernetes.io/initialized: "true" + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - volumes: - {{- if .Values.externalConfig }} - - name: config - configMap: - name: {{ include "common.fullname" . }}-external-config - {{- end}} - - name: init-script - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0755 - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /bootstrap/ + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /tmp/ + {{- if .Values.mariadbConfiguration }} + cp /config/my.cnf /actual/my.cnf + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /actual + {{- end }} + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: previous-boot + mountPath: /bootstrap + - name: mariadb-tmp-folder + mountPath: /tmp + - name: {{ include "common.fullname" . }} + mountPath: /data + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-starting-config + mountPath: /config/my.cnf + subPath: my.cnf + - name: mariadb-galera-actual-config + mountPath: /actual + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} + command: + - bash + - -ec + - | + {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}} + {{- $fullname := include "common.names.fullname" . }} + {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }} + # Bootstrap from the indicated node + NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}" + if [[ "$NODE_ID" -eq "{{ $bootstrapFromNode }}" ]]; then + export MARIADB_GALERA_CLUSTER_BOOTSTRAP=yes + export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP={{ ternary "yes" "no" .Values.galera.bootstrap.forceSafeToBootstrap }} + fi + {{- end }} + exec /opt/bitnami/scripts/mariadb-galera/entrypoint.sh /opt/bitnami/scripts/mariadb-galera/run.sh env: - - name: POD_NAMESPACE + - name: MY_POD_NAME valueFrom: fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} - - name: MYSQL_DATABASE - value: {{ default "" .Values.config.mysqlDatabase | quote }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.sstPort }} - name: {{ .Values.service.sstPortName }} - - containerPort: {{ .Values.service.replicationPort }} - name: {{ .Values.service.replicationName }} - - containerPort: {{ .Values.service.istPort }} - name: {{ .Values.service.istPortName }} + fieldPath: metadata.name + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.debug | quote }} + - name: DB_INIT_SLEEP_TIME + value: {{ .Values.init_sleep_time | quote }} + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ template "common.name" . }}-headless.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterDomain }}" + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14 }} + - name: MARIADB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14 }} + - name: MARIADB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14 }} + - name: MARIADB_DATABASE + value: {{ .Values.db.name | quote }} + - name: MARIADB_GALERA_MARIABACKUP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.backupCredentialsUID" .) "key" "login") | indent 14 }} + - name: MARIADB_GALERA_MARIABACKUP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.backupCredentialsUID" .) "key" "password") | indent 14 }} + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - bash + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: exec: command: - - /usr/share/container-scripts/mysql/readiness-probe.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - {{- if eq .Values.liveness.enabled true }} + - bash + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - name: previous-boot + mountPath: /opt/bitnami/mariadb/.bootstrap + - name: {{ include "common.fullname" . }} + mountPath: /bitnami/mariadb + - name: mariadb-tmp-folder + mountPath: /opt/bitnami/mariadb/tmp + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + mountPath: /opt/bitnami/mariadb/conf + {{- end }} + {{- if default false .Values.global.metrics.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + env: + - name: MARIADB_METRICS_EXTRA_FLAGS + value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }} + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + command: + - sh + - -c + - | + DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS + ports: + - name: metrics + containerPort: 9104 livenessProbe: - exec: - command: ["mysqladmin", "ping"] - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} {{- end }} - resources: -{{ include "common.resources" . | indent 12 }} - volumeMounts: - {{- if .Values.externalConfig }} - - mountPath: /etc/config - name: config - {{- end}} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh - subPath: configure-mysql.sh - name: init-script -{{- if .Values.persistence.enabled }} - - mountPath: /var/lib/mysql - name: {{ include "common.fullname" . }}-data - initContainers: - - name: {{ include "common.name" . }}-prepare - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} - command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mysql + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + volumes: + - name: previous-boot + emptyDir: {} + - name: mariadb-tmp-folder + emptyDir: {} + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + emptyDir: {} + - name: mariadb-galera-starting-config + configMap: + name: {{ printf "%s-configuration" (include "common.fullname" .) }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: {{ include "common.fullname" . }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }} + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/tests/pv_test.yaml b/kubernetes/common/mariadb-galera/tests/pv_test.yaml deleted file mode 100644 index cd4007960b..0000000000 --- a/kubernetes/common/mariadb-galera/tests/pv_test.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -suite: test pv behavior -templates: - - pv.yaml -tests: - - it: 'should render "" (global case))' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "-" - asserts: - - isEmpty: - - - it: 'should "" (override case)' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "global" - persistence.storageClassOverride: "-" - asserts: - - isEmpty: - - - it: 'should "" (local case)' - values: - - ./values/persistence.yaml - set: - persistence.storageClass: "-" - asserts: - - isEmpty: - - - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' - asserts: - - equal: - path: spec.storageClassName - value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml b/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml deleted file mode 100644 index 9b7bdcb550..0000000000 --- a/kubernetes/common/mariadb-galera/tests/storage_class_test.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -suite: test storage class behavior -templates: - - statefulset.yaml -tests: - - it: 'should render "" as storageClassname (global case)' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "-" - asserts: - - isEmpty: - path: spec.volumeClaimTemplates[0].spec.storageClassName - - - it: 'should "" as storageClassname (override case)' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "global" - persistence.storageClassOverride: "-" - asserts: - - isEmpty: - path: spec.volumeClaimTemplates[0].spec.storageClassName - - - it: 'should "" as storageClassname (local case)' - values: - - ./values/persistence.yaml - set: - persistence.storageClass: "-" - asserts: - - isEmpty: - path: spec.volumeClaimTemplates[0].spec.storageClassName - - - it: 'should render "global" as storageClassname' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "global" - asserts: - - equal: - path: spec.volumeClaimTemplates[0].spec.storageClassName - value: "global" - - - it: 'should render "local" as storageClassname' - values: - - ./values/persistence.yaml - asserts: - - equal: - path: spec.volumeClaimTemplates[0].spec.storageClassName - value: "local" - - - it: 'should render "override" as storageClassname' - values: - - ./values/persistence.yaml - set: - global.persistence.storageClass: "global" - persistence.storageClassOverride: "override" - asserts: - - equal: - path: spec.volumeClaimTemplates[0].spec.storageClassName - value: "override" - - - it: 'should render "RELEASE-NAME-mariadb-galera-data" as storageClassname' - asserts: - - equal: - path: spec.volumeClaimTemplates[0].spec.storageClassName - value: "RELEASE-NAME-mariadb-galera-data" diff --git a/kubernetes/common/mariadb-galera/tests/values/persistence.yaml b/kubernetes/common/mariadb-galera/tests/values/persistence.yaml deleted file mode 100644 index a282f74318..0000000000 --- a/kubernetes/common/mariadb-galera/tests/values/persistence.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -persistence: - enabled: true - existingClaim: false - size: 10Gb - storageClass: "local" diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 6b1676fba7..12d2d75e38 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics +# Copyright © 2020 Bitnami, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,20 +14,28 @@ # See the License for the specific language governing permissions and # limitations under the License. + ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: '{{ include "common.mariadb.secret.rootPassUID" . }}' type: password - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' - password: '{{ .Values.config.mariadbRootPassword }}' + externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}' + password: '{{ .Values.rootUser.password }}' - uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.userName }}' - password: '{{ .Values.config.userPassword }}' + externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + - uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}' + login: '{{ .Values.galera.mariabackup.user }}' + password: '{{ .Values.galera.mariabackup.password }}' +# bitnami image doesn't support well single quote in password +passwordStrengthOverride: basic ################################################################# # Global configuration defaults. @@ -37,56 +46,399 @@ global: mountPath: /dockerdata-nfs backup: mountPath: /dockerdata-nfs/backup + clusterDomain: cluster.local + metrics: {} -################################################################# -# Application configuration defaults. -################################################################# +image: bitnami/mariadb-galera:10.5.8 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: Always + +## Set to true if you would like to see extra information on logs +## It turns BASH debugging in minideb-extras-base +## +debug: true + +## Sometimes, especially when a lot of pods are created at the same time, +## actions performed on the databases are tried to be done before actual start. +init_sleep_time: 5 + +## String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: mariadb-galera + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel +## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy +## +podManagementPolicy: OrderedReady + +## MariaDB Gallera K8s svc properties +## +service: + ## Kubernetes service type and port number + ## + type: ClusterIP + headless: {} + ports: + - name: mysql + port: 3306 + headlessPorts: + - name: galera + port: 4567 + - name: ist + port: 4568 + - name: sst + port: 4444 + + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + nameOverride: mariadb-galera + roles: + - read + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + user_id: 10001 + group_id: 10001 + +## Database credentials for root (admin) user +## +rootUser: + ## MariaDB admin user + user: root + ## MariaDB admin password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run + ## + # password: + # externalSecret: + +## Custom db configuration +## +db: + ## MariaDB username and password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run + ## + user: my-user + # password: + # externalSecret: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run + ## + # name: my_database + +## Galera configuration +## +galera: + ## Galera cluster name + ## + name: galera + + ## Bootstraping options + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping + bootstrap: + ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node + ## + bootstrapFromNode: + ## Force safe_to_bootstrap in grastate.date file. + ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. + forceSafeToBootstrap: false + + ## Credentials to perform backups + ## + mariabackup: + ## MariaBackup username and password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster + ## + user: mariabackup + # password: + # externalSecret: + +backup: + enabled: false + cron: "00 00 * * *" + retentionPeriod: 3 + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC + # existingClaim: + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 2Gi + + +readinessCheck: + wait_for: + - '{{ include "common.name" . }}' + +## TLS configuration +## +tls: + ## Enable TLS + ## + enabled: false + ## Name of the secret that contains the certificates + ## + # certificatesSecret: + ## Certificate filename + ## + # certFilename: + ## Certificate Key filename + ## + # certKeyFilename: + ## CA Certificate filename + ## + # certCAFilename: + +## Configure MariaDB with a custom my.cnf file +## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file +## Alternatively, you can put your my.cnf under the files/ directory +## +mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + plugin_dir=/opt/bitnami/mariadb/plugin + + [mysqld] + lower_case_table_names = 1 + default_storage_engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + plugin_dir=/opt/bitnami/mariadb/plugin + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind_address=0.0.0.0 + + ## Character set + collation_server=utf8_unicode_ci + init_connect='SET NAMES utf8' + character_set_server=utf8 + + ## MyISAM + key_buffer_size=32M + myisam_recover_options=FORCE,BACKUP + + ## Safety + skip_host_cache + skip_name_resolve + max_allowed_packet=16M + max_connect_errors=1000000 + sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate_is_now=1 + + ## Binary Logging + log_bin=mysql-bin + expire_logs_days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync_binlog=0 + # Required for Galera + binlog_format=row + + ## Caches and Limits + tmp_table_size=32M + max_heap_table_size=32M + # Re-enabling as now works with Maria 10.1.2 + query_cache_type=1 + query_cache_limit=4M + query_cache_size=256M + max_connections=500 + thread_cache_size=50 + open_files_limit=65535 + table_definition_cache=4096 + table_open_cache=4096 + + ## InnoDB + innodb=FORCE + innodb_strict_mode=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb_autoinc_lock_mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb_doublewrite=1 + innodb_flush_method=O_DIRECT + innodb_log_files_in_group=2 + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=1 + innodb_file_per_table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb_buffer_pool_size=2G + innodb_file_format=Barracuda + + ## Logging + log_error=/opt/bitnami/mariadb/logs/mysqld.log + slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log + log_queries_not_using_indexes=1 + slow_query_log=1 + + ## SSL + ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem + # ssl_ca=/certs/ca.pem + # ssl_cert=/certs/server-cert.pem + # ssl_key=/certs/server-key.pem + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit + innodb_flush_log_at_trx_commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + + ## Data-at-Rest Encryption + ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem + # plugin_load_add=file_key_management + # file_key_management_filename=/encryption/keyfile.enc + # file_key_management_filekey=FILE:/encryption/keyfile.key + # file_key_management_encryption_algorithm=AES_CTR + # encrypt_binlog=ON + # encrypt_tmp_files=ON + + ## InnoDB/XtraDB Encryption + # innodb_encrypt_tables=ON + # innodb_encrypt_temporary_tables=ON + # innodb_encrypt_log=ON + # innodb_encryption_threads=4 + # innodb_encryption_rotate_key_age=1 -#repository: mysql -image: adfinissygroup/k8s-mariadb-galera-centos:v002 -pullPolicy: IfNotPresent + ## Aria Encryption + # aria_encrypt_tables=ON + # encrypt_tmp_disk_tables=ON -# application configuration -config: - # .mariadbRootPasswordExternalSecret: 'some-external-secret' - # mariadbRootPassword: secretpassword - # .userCredentialsExternalSecret: 'some-external-secret' - userName: my-user - # userPassword: my-password - # mysqlDatabase: my-database +## MariaDB additional command line flags +## Can be used to specify command line flags, for example: +## +## extraFlags: "--max-connect-errors=1000 --max_connections=155" -# default number of instances in the StatefulSet +## Desired number of cluster nodes +## replicaCount: 3 -nodeSelector: {} +## updateStrategy for MariaDB Master StatefulSet +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## Additional pod annotations for MariaDB Galera pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## affinity: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} -readiness: - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] -## Persist data to a persitent volume +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + # Enable persistence using an existing PVC # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class + mountPath: /dockerdata-nfs + mountSubPath: "mariadb-galera/data" + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + ## Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is @@ -94,53 +446,34 @@ persistence: ## GKE, AWS & OpenStack) ## # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: + ## Persistent Volume Access Mode + ## accessMode: ReadWriteOnce + ## Persistent Volume size + ## size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: "mariadb-galera/data" - mysqlPath: /var/lib/mysql - backup: - mountPath: /dockerdata-nfs/backup{{- if or (or .Values.storageClassOverride .Values.persistence.storageClass) .Values.global.persistence.storageClass -}} -service: - internalPort: 3306 - name: mariadb-galera - portName: mariadb-galera - sstPort: 4444 - sstPortName: sst - replicationPort: 4567 - replicationName: replication - istPort: 4568 - istPortName: ist - -ingress: - enabled: false +## Additional pod labels +## +# podLabels: +# extraLabel: extraValue +## Priority Class Name +# +# priorityClassName: 'priorityClass' -## Configure MariaDB-Galera with a custom my.cnf file -## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file -## -#externalConfig: "" -externalConfig: |- - [mysqld] - lower_case_table_names = 1 - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory +## MariaDB Galera containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +flavor: small resources: small: limits: cpu: 500m - memory: 1.5Gi + memory: 2.5Gi requests: cpu: 100m memory: 750Mi @@ -153,13 +486,134 @@ resources: memory: 2Gi unlimited: {} -# Name for mariadb-galera cluster - should be unique accross all projects or other clusters -nameOverride: mariadb-galera +## MariaDB Galera containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 150 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 -# DNS name for mariadb-galera cluster - should be unique accross all projects other clusters -#dnsnameOverride: mariadb-galera +## Pod disruption budget configuration +## +podDisruptionBudget: + ## Specifies whether a Pod disruption budget should be created + ## + create: true + minAvailable: 1 + # maxUnavailable: 1 -backup: - enabled: false - cron: "00 00 * * *" - retentionPeriod: 3 +## Prometheus exporter configuration +## +metrics: + ## Bitnami MySQL Prometheus exporter image + ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ + ## + image: bitnami/mysqld-exporter:0.12.1-debian-10-r264 + pullPolicy: Always + ## MySQL exporter additional command line flags + ## Can be used to specify command line flags + ## E.g.: + ## extraFlags: + ## - --collect.binlog_size + ## + extraFlags: [] + ## MySQL Prometheus exporter containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 0.5 + memory: 256Mi + requests: + cpu: 0.5 + memory: 256Mi + ## MySQL Prometheus exporter service parameters + ## + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 10s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + prometheus: kube-prometheus + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRules: + enabled: false + + ## Additional labels to add to the PrometheusRule so it is picked up by the operator. + ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' + selector: + app: prometheus-operator + release: prometheus + + ## Rules as a map. + rules: {} + # - alert: MariaDB-Down + # annotations: + # message: 'MariaDB instance {{ $labels.instance }} is down' + # summary: MariaDB instance is down + # expr: absent(up{job="mariadb-galera"} == 1) + # labels: + # severity: warning + # service: mariadb-galera + # for: 5m diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 16d93c6ed3..8ca5374bbd 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: - name: NENG_DB_PASS {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL - value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }} - name: POL_CLIENT_AUTH value: "{{ .Values.config.polClientAuth }}" - name: POL_BASIC_AUTH_USER diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index d38d6e25cd..d32c04511b 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -36,9 +36,9 @@ global: ################################################################# secrets: - uid: neng-db-secret - name: '{{ include "common.release" . }}-neng-db-secret' + name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' - uid: pol-basic-auth-secret @@ -50,9 +50,11 @@ secrets: # sub-chart config mariadb-galera: - config: &mariadbConfig - userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret' - mysqlDatabase: nengdb + db: + user: sdnctl + # password: + externalSecret: *dbUserSecretName + name: &mysqlDbName nengdb nameOverride: nengdb service: name: nengdb @@ -63,7 +65,9 @@ mariadb-galera: mountSubPath: network-name-gen/data mariadb-init: - config: *mariadbConfig + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: *mysqlDbName nameOverride: nengdb-init ################################################################# diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 1ec3a35bd9..003782ded1 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -27,7 +27,7 @@ global: htpasswdImage: xmartlabs/htpasswd:latest kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 - mariadbImage: mariadb:10.1.48 + mariadbImage: bitnami/mariadb:10.5.8 nginxImage: bitnami/nginx:1.18-debian-10 postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index c26bfe2fbb..69d993e9a4 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -58,12 +58,10 @@ ejbca: pullPolicy: Always mariadb-galera: - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. - config: &mariadbConfig - userCredentialsExternalSecret: *ejbca-db-secret - mysqlDatabase: *dbName - nameOverride: ejbca-galera + db: + externalSecret: *ejbca-db-secret + name: *dbName + nameOverride: &ejbca-galera ejbca-galera service: name: ejbca-galera portName: ejbca-galera @@ -72,9 +70,13 @@ mariadb-galera: persistence: enabled: true mountSubPath: ejbca/maria/data + serviceAccount: + nameOverride: *ejbca-galera mariadb-init: - config: *mariadbConfig + config: + userCredentialsExternalSecret: *ejbca-db-secret + mysqlDatabase: *dbName nameOverride: ejbca-config nodeSelector: {} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index d0c3afb9a9..a7472383e2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -42,7 +42,7 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false # Database access org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver -org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}} +org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}} org.onap.dmaap.datarouter.db.login = ${DB_USERNAME} org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 3d4febcde1..1e8084a758 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -94,28 +94,29 @@ config: # dr-prov db configuration dmaapDrDb: - mariadbServiceName: dmaap-dr-db-svc + mariadbServiceName: dmaap-dr-db mariadbServicePort: 3306 - mariadbContName: dmaap-dr-db + mariadbContName: &dmaap-dr-db dmaap-dr-db userName: datarouter # userPassword: password # userCredentialsExternalSecret: some secret # mariadb-galera configuration mariadb: - name: dmaap-dr-db - nameOverride: dmaap-dr-db - replicaCount: 2 - config: - userCredentialsExternalSecret: *dbSecretName - mysqlDatabase: datarouter + name: *dmaap-dr-db + nameOverride: *dmaap-dr-db + replicaCount: 3 + db: + externalSecret: *dbSecretName + name: datarouter service: - name: dmaap-dr-db-svc - portName: dmaap-dr-db-svc + name: dmaap-dr-db nfsprovisionerPrefix: dmaap-dr-db persistence: size: 1Gi mountSubPath: data-router/dr-db-data + serviceAccount: + nameOverride: *dmaap-dr-db ################################################################# # AAF part diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 6c1cae2687..7fb611b348 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -51,22 +51,25 @@ secrets: ################################################################# mariadb-galera: - config: &mariadbConfig - userCredentialsExternalSecret: *dbSecretName - mysqlDatabase: etsicatalog - nameOverride: modeling-db + db: + externalSecret: *dbSecretName + name: &mysqlDbName etsicatalog + nameOverride: &modeling-db modeling-db service: - name: modeling-db - portName: modeling-db + name: *modeling-db internalPort: 3306 nfsprovisionerPrefix: modeling persistence: mountSubPath: modeling/data enabled: true disableNfsProvisioner: true + serviceAccount: + nameOverride: *modeling-db mariadb-init: - config: *mariadbConfig + config: + userCredentialsExternalSecret: *dbSecretName + mysqlDatabase: *mysqlDbName # nameOverride should be the same with common.name nameOverride: modeling-etsicatalog diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 4be444ad1b..d5f209e94a 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -83,7 +83,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }} - name: SPRING_DATASOURCE_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} - name: SPRING_DATASOURCE_PASSWORD diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 61d7680824..53260cb21c 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -55,7 +55,7 @@ aafConfig: ################################################################# secrets: - uid: nbi-db-secret - name: '{{ include "common.release" . }}-nbi-db-secret' + name: &dbUserSecretName '{{ include "common.release" . }}-nbi-db-secret' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' @@ -89,23 +89,21 @@ config: # userCredentialsExternalSecret: some-secret mariadb-galera: - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. - config: &mariadbConfig - userCredentialsExternalSecret: '{{ include "common.release" . }}-nbi-db-secret' - mysqlDatabase: nbi - nameOverride: nbi-galera - service: - name: nbi-galera - portName: nbi-galera - internalPort: 3306 + db: + externalSecret: *dbUserSecretName + name: &mysqlDbName nbi + nameOverride: &nbi-galera nbi-galera replicaCount: 1 persistence: enabled: true mountSubPath: nbi/maria/data + serviceAccount: + nameOverride: *nbi-galera mariadb-init: - config: *mariadbConfig + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: *mysqlDbName nameOverride: nbi-config mongo: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5b29afc194..ac6f84c4e2 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -47,7 +47,7 @@ global: dockerHubRepository: &dockerHubRepository docker.io elasticRepository: &elasticRepository docker.elastic.co googleK8sRepository: k8s.gcr.io - + #/!\ DEPRECATED /!\ # Legacy repositories which will be removed at the end of migration. @@ -97,7 +97,7 @@ global: loggingImage: beats/filebeat:5.5.0 # mariadb client image - mariadbImage: mariadb:10.1.48 + mariadbImage: bitnami/mariadb:10.5.8 # nginx server image nginxImage: bitnami/nginx:1.18-debian-10 @@ -141,7 +141,7 @@ global: # to the desired value # logLevel: DEBUG - #Global ingress configuration + # Global ingress configuration ingress: enabled: false virtualhost: @@ -154,6 +154,16 @@ global: enabled: false tls: true + # metrics part + # If enabled, exporters (for prometheus) will be deployed + # if custom resources set to yes, CRD from prometheus operartor will be + # created + # Not all components have it enabled. + # + metrics: + enabled: true + custom_resources: false + # Disabling AAF # POC Mode, only for use in development environment # Keep it enabled in production @@ -342,11 +352,6 @@ so: # server: # monitoring: # password: demo123456! - - # configure embedded mariadb - mariadb: - config: - mariadbRootPassword: password uui: enabled: false vfc: diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml index 7405c487c4..c574a86136 100644 --- a/kubernetes/oof/components/oof-cmso/values.yaml +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -39,24 +39,17 @@ secrets: mariadb-galera: replicaCount: 1 - nameOverride: &containerName cmso-db - service: - type: ClusterIP - name: &serviceName oof-cmso-dbhost - portName: cmso-dbhost + nameOverride: &dbName cmso-db nfsprovisionerPrefix: cmso sdnctlPrefix: cmso persistence: mountSubPath: cmso/data enabled: true disableNfsProvisioner: true - config: - mariadbRootPasswordExternalSecret: *rootPassword - # userCredentialsExternalSecret: *dbCreds - # mysqlDatabase: cmso - externalConfig: | - [mysqld] - lower_case_table_names = 1 + rootUser: + externalSecret: *rootPassword + serviceAccount: + nameOverride: *dbName global: commonConfigPrefix: "oof-cmso" @@ -67,8 +60,8 @@ global: mariadb-init: mariadbGalera: - containerName: *containerName - serviceName: *serviceName + containerName: *dbName + serviceName: *dbName servicePort: 3306 userRootSecret: *rootPassword config: @@ -119,8 +112,8 @@ oof-cmso-service: config: db: userCredentialsExternalSecret: *serviceDbCreds - host: oof-cmso-dbhost - container: cmso-db + host: *dbName + container: *dbName mysqlDatabase: cmso oof-cmso-optimizer: @@ -132,8 +125,8 @@ oof-cmso-optimizer: enabled: true db: userCredentialsExternalSecret: *optimizerDbCreds - host: oof-cmso-dbhost - container: cmso-db + host: *dbName + container: *dbName mysqlDatabase: optimizer oof-cmso-topology: diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index a623c352fb..d09895484c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -24,8 +24,7 @@ global: config: &mariadbConfig mysqlDatabase: policyadmin service: &mariadbService - name: policy-mariadb - portName: mysql-policy + name: &policy-mariadb policy-mariadb internalPort: 3306 ################################################################# @@ -35,15 +34,15 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' policy: generate - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' passwordPolicy: generate db: &dbSecretsHook @@ -107,21 +106,22 @@ readiness: mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: - <<: *mariadbConfig - userName: policy_user - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - userCredentialsExternalSecret: *dbSecretName - nameOverride: policy-mariadb + db: + user: policy_user + # password: + externalSecret: *dbSecretName + name: &mysqlDbName policyadmin + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: *policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService replicaCount: 1 persistence: enabled: true mountSubPath: policy/maria/data - externalConfig: |- - [mysqld] - lower_case_table_names = 1 + serviceAccount: + nameOverride: *policy-mariadb # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 2f2d7fb579..57c165c4c0 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -38,7 +38,7 @@ dependencies: - name: mariadb-galera version: ~7.x-0 repository: '@local' - condition: .global.mariadbGalera.localCluster + condition: global.mariadbGalera.localCluster - name: elasticsearch version: ~7.x-0 repository: '@local' diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 7282f305c5..f4f09107bb 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -29,6 +29,7 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + service: mariadb-galera # Enabling CMPv2 cmpv2Enabled: true platform: @@ -60,25 +61,33 @@ global: ################################################################# secrets: - uid: db-root-password - name: '{{ include "common.release" . }}-sdnc-db-root-password' + name: &rootDbSecret '{{ include "common.release" . }}-sdnc-db-root-password' type: password + # If we're using shared mariadb, we need to use the secret name (second + # part). + # If not, we do the same trick than for user db secret hat allows you + # override this secret using external one with the same field that is used + # to pass this to subchart. externalSecret: '{{ .Values.global.mariadbGalera.localCluster | - ternary (default (include "common.mariadb.secret.rootPassSecretName" - (dict "dot" . "chartName" - (index .Values "mariadb-galera" "nameOverride"))) - (index .Values "mariadb-galera" "config" - "mariadbRootPasswordExternalSecret")) - (include "common.mariadb.secret.rootPassSecretName" - (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' - password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | + ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)) + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . + "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' - uid: db-secret name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' type: basicAuth # This is a nasty trick that allows you override this secret using external one # with the same field that is used to pass this to subchart - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + externalSecret: '{{ (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "db" "externalSecret")) | + ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) }}' + login: '{{ index .Values "mariadb-galera" "db" "user" }}' + password: '{{ index .Values "mariadb-galera" "db" "password" }}' - uid: odl-creds name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' type: basicAuth @@ -244,19 +253,25 @@ certInitializer: network-name-gen: enabled: true mariadb-galera: &mariadbGalera - nameOverride: sdnc-db + nameOverride: &sdnc-db sdnc-db config: &mariadbGaleraConfig - rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' - userName: sdnctl + rootPasswordExternalSecret: *rootDbSecret + userName: &dbUser sdnctl userCredentialsExternalSecret: *dbSecretName + rootUser: + externalSecret: *rootDbSecret + db: + user: *dbUser + externalSecret: *dbSecretName service: name: sdnc-dbhost - internalPort: 3306 sdnctlPrefix: sdnc persistence: mountSubPath: sdnc/mariadb-galera enabled: true replicaCount: 1 + serviceAccount: + nameOverride: *sdnc-db cds: enabled: false @@ -311,7 +326,11 @@ dgbuilder: config: db: dbName: *sdncDbName - rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}' + rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary + (printf "%s-sdnc-db-root-password" (include "common.release" .)) + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" "mariadb-galera")) }}' userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 358b104367..5258e81e2b 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -77,7 +77,11 @@ secrets: - uid: db-root-pass name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass' type: password - externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}' + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary + .Values.global.mariadbGalera.rootPasswordExternalSecret + (default (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) + .Values.global.mariadbGalera.rootPasswordExternalSecret) }}' password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}' - uid: db-backup-creds name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds' @@ -253,15 +257,15 @@ config: # --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \ # --set so.global.mariadbGalera.serviceName=so-mariadb-galera mariadb-galera: - config: - mariadbRootPasswordExternalSecret: *dbRootPassSecretName - nameOverride: so-mariadb-galera + rootUser: + externalSecret: *dbRootPassSecretName + nameOverride: &so-mariadb so-mariadb-galera replicaCount: 1 - service: - name: so-mariadb-galera persistence: mountSubPath: so/mariadb-galera/data enabled: true + serviceAccount: + nameOverride: *so-mariadb ingress: enabled: false diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 28cee56904..19197c7f76 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -45,17 +45,16 @@ config: logstashPort: 5044 mariadb-galera: - config: - mariadbRootPasswordExternalSecret: *dbRootPassSecret - nameOverride: vfc-mariadb - service: - name: vfc-mariadb - portName: vfc-mariadb + rootUser: + externalSecret: *dbRootPassSecret + nameOverride: &vfc-mariadb vfc-mariadb nfsprovisionerPrefix: vfc persistence: mountSubPath: vfc/data enabled: true disableNfsProvisioner: true + serviceAccount: + nameOverride: *vfc-mariadb db: &dbConfig mariadbService: vfc-mariadb diff --git a/kubernetes/vid/resources/config/db_cmd.sh b/kubernetes/vid/resources/config/db_cmd.sh index efd92b223f..daa1f8b6ea 100755 --- a/kubernetes/vid/resources/config/db_cmd.sh +++ b/kubernetes/vid/resources/config/db_cmd.sh @@ -16,13 +16,13 @@ # limitations under the License. */}} -DB={{index .Values "mariadb-galera" "config" "mysqlDatabase" | upper }} +DB={{index .Values "mariadb-galera" "db" "name" | upper }} eval "MYSQL_USER=\$MYSQL_USER_${DB}" eval "MYSQL_PASSWORD=\$MYSQL_PASSWORD_${DB}" #echo "Going to run mysql ${DB} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} ..." mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} <<'EOD' -CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "config" "mysqlDatabase" }}`.`schema_info` ( +CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "db" "name" }}`.`schema_info` ( `SCHEMA_ID` VARCHAR(25) NOT NULL, `SCHEMA_DESC` VARCHAR(75) NOT NULL, `DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL, diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 856a853960..2e74daa730 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -109,7 +109,7 @@ spec: - name: VID_MYSQL_PORT value: "{{ include "common.mariadbPort" . }}" - name: VID_MYSQL_DBNAME - value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} + value: {{ index .Values "mariadb-galera" "db" "name" }} - name: VID_MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} - name: VID_MYSQL_PASS diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 47cd73aff2..8e8a17ae84 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -30,7 +30,7 @@ global: ################################################################# secrets: - uid: vid-db-user-secret - name: '{{ include "common.release" . }}-vid-db-user-secret' + name: &dbUserSecretName '{{ include "common.release" . }}-vid-db-user-secret' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' @@ -66,16 +66,12 @@ config: roleaccesscentralized: remote mariadb-galera: - # '&mariadbConfig' means we "store" the values for later use in the file - # with '*mariadbConfig' pointer. - config: &mariadbConfig - userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' - mysqlDatabase: vid_openecomp_epsdk - nameOverride: vid-galera - service: - name: vid-galera - portName: mysql-vid - internalPort: "3306" + db: + user: sdnctl + # password: + externalSecret: *dbUserSecretName + name: &mysqlDbName vid_openecomp_epsdk + nameOverride: &vid-galera vid-galera replicaCount: 3 persistence: enabled: true @@ -83,9 +79,13 @@ mariadb-galera: externalConfig: |- [mysqld] lower_case_table_names = 1 + serviceAccount: + nameOverride: *vid-galera mariadb-init: - config: *mariadbConfig + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: *mysqlDbName nameOverride: vid-mariadb-init # A configMap of same name is created. It points to file that will be run after # The DB has been created. -- 2.16.6