diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-27 11:07:42 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-14 17:28:07 +0100 |
commit | 93a5b49185695a7960ada82f5899265b5bc2e504 (patch) | |
tree | aa6e43614e023008d8ca24f16468d69ca765319d /kubernetes/common/mariadb-galera/templates/statefulset.yaml | |
parent | 92abd28e06b8221e8ff3f0785c9702376010ad94 (diff) |
[COMMON][MARIADB] Upgrade Mariadb DB galera version
Mariadb DB Galera containers version is outdated and unmaintained. We
need them to move to a new image provider.
As new image provider is not compatible with our old templates, we
also update the templates (by reworking bitnami mariadb-galera chart).
An update of global mariadb image is also done in order to match mariadb
galera version.
Issue-ID: OOM-1720
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
Diffstat (limited to 'kubernetes/common/mariadb-galera/templates/statefulset.yaml')
-rw-r--r-- | kubernetes/common/mariadb-galera/templates/statefulset.yaml | 314 |
1 files changed, 206 insertions, 108 deletions
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index eb21fe3182..0dcb8e3e1c 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,5 +1,8 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# Copyright © 2019-2020 Orange +# Copyright © 2020 Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,128 +19,223 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - serviceName: {{ .Values.service.name }} + podManagementPolicy: {{ .Values.podManagementPolicy }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.fullname" . }} + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }}-headless + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} template: - metadata: - labels: - app: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - annotations: - pod.alpha.kubernetes.io/initialized: "true" + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - volumes: - {{- if .Values.externalConfig }} - - name: config - configMap: - name: {{ include "common.fullname" . }}-external-config - {{- end}} - - name: init-script - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0755 - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /bootstrap/ + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /tmp/ + {{- if .Values.mariadbConfiguration }} + cp /config/my.cnf /actual/my.cnf + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /actual + {{- end }} + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: previous-boot + mountPath: /bootstrap + - name: mariadb-tmp-folder + mountPath: /tmp + - name: {{ include "common.fullname" . }} + mountPath: /data + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-starting-config + mountPath: /config/my.cnf + subPath: my.cnf + - name: mariadb-galera-actual-config + mountPath: /actual + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} + command: + - bash + - -ec + - | + {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}} + {{- $fullname := include "common.names.fullname" . }} + {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }} + # Bootstrap from the indicated node + NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}" + if [[ "$NODE_ID" -eq "{{ $bootstrapFromNode }}" ]]; then + export MARIADB_GALERA_CLUSTER_BOOTSTRAP=yes + export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP={{ ternary "yes" "no" .Values.galera.bootstrap.forceSafeToBootstrap }} + fi + {{- end }} + exec /opt/bitnami/scripts/mariadb-galera/entrypoint.sh /opt/bitnami/scripts/mariadb-galera/run.sh env: - - name: POD_NAMESPACE + - name: MY_POD_NAME valueFrom: fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} - - name: MYSQL_DATABASE - value: {{ default "" .Values.config.mysqlDatabase | quote }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.sstPort }} - name: {{ .Values.service.sstPortName }} - - containerPort: {{ .Values.service.replicationPort }} - name: {{ .Values.service.replicationName }} - - containerPort: {{ .Values.service.istPort }} - name: {{ .Values.service.istPortName }} + fieldPath: metadata.name + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.debug | quote }} + - name: DB_INIT_SLEEP_TIME + value: {{ .Values.init_sleep_time | quote }} + - name: MARIADB_GALERA_CLUSTER_NAME + value: {{ .Values.galera.name | quote }} + - name: MARIADB_GALERA_CLUSTER_ADDRESS + value: "gcomm://{{ template "common.name" . }}-headless.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterDomain }}" + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14 }} + - name: MARIADB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14 }} + - name: MARIADB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14 }} + - name: MARIADB_DATABASE + value: {{ .Values.db.name | quote }} + - name: MARIADB_GALERA_MARIABACKUP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.backupCredentialsUID" .) "key" "login") | indent 14 }} + - name: MARIADB_GALERA_MARIABACKUP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.backupCredentialsUID" .) "key" "password") | indent 14 }} + {{- if .Values.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: {{ .Values.extraFlags | quote }} + {{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - bash + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: exec: command: - - /usr/share/container-scripts/mysql/readiness-probe.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - {{- if eq .Values.liveness.enabled true }} + - bash + - -ec + - | + exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - name: previous-boot + mountPath: /opt/bitnami/mariadb/.bootstrap + - name: {{ include "common.fullname" . }} + mountPath: /bitnami/mariadb + - name: mariadb-tmp-folder + mountPath: /opt/bitnami/mariadb/tmp + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + mountPath: /opt/bitnami/mariadb/conf + {{- end }} + {{- if default false .Values.global.metrics.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + env: + - name: MARIADB_METRICS_EXTRA_FLAGS + value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }} + - name: MARIADB_ROOT_USER + value: {{ .Values.rootUser.user | quote }} + - name: MARIADB_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + command: + - sh + - -c + - | + DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS + ports: + - name: metrics + containerPort: 9104 livenessProbe: - exec: - command: ["mysqladmin", "ping"] - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} {{- end }} - resources: -{{ include "common.resources" . | indent 12 }} - volumeMounts: - {{- if .Values.externalConfig }} - - mountPath: /etc/config - name: config - {{- end}} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh - subPath: configure-mysql.sh - name: init-script -{{- if .Values.persistence.enabled }} - - mountPath: /var/lib/mysql - name: {{ include "common.fullname" . }}-data - initContainers: - - name: {{ include "common.name" . }}-prepare - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} - command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mysql + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + volumes: + - name: previous-boot + emptyDir: {} + - name: mariadb-tmp-folder + emptyDir: {} + {{- if .Values.mariadbConfiguration }} + - name: mariadb-galera-actual-config + emptyDir: {} + - name: mariadb-galera-starting-config + configMap: + name: {{ printf "%s-configuration" (include "common.fullname" .) }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: {{ include "common.fullname" . }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }} + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} {{- end }} |