diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2023-08-16 17:18:49 +0200 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2023-09-29 13:42:29 +0200 |
commit | cfd8434fe9484b9219560159094b174421d6d6a2 (patch) | |
tree | 0825b2650bb861444f18444f0279479e4dcbf7c4 /kubernetes/common | |
parent | 533403925a6b60f4113c4d9e54cd99be36dc9cc5 (diff) |
[MARIADB][COMMON] Add support for mariadb-operator
Add template functions for the mariadb-operator resources
and update the mariadb-galera chart to support them
Change the flag to "useOperator" in cassandra to the global setup
and additional labels for cassandra resources
Changed Policy DB users to support the new mariadb User
and fixed db.sh script to wait for the DB user creation
Use the new readiness image 5.0.1 with the "app-name" option
Change the MariaDB-Galera Service to the "primary" to avoid Deadlocks
Fix previous SDNC patch (https://gerrit.onap.org/r/c/oom/+/135308) and
temporary disable MariaDB for SDNR, as it is not compatible to
MariaDB 11
Issue-ID: OOM-3236
Change-Id: Ie63fcc9c6d5fa802d38c592b449e7ff8553c2ab9
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common')
35 files changed, 523 insertions, 87 deletions
diff --git a/kubernetes/common/cassandra/Chart.yaml b/kubernetes/common/cassandra/Chart.yaml index c861b1a8c8..75e07a1373 100644 --- a/kubernetes/common/cassandra/Chart.yaml +++ b/kubernetes/common/cassandra/Chart.yaml @@ -30,3 +30,4 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: 'file://../serviceAccount' + condition: global.cassandra.enableServiceAccount
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/backup/configmap.yaml b/kubernetes/common/cassandra/templates/backup/configmap.yaml index b566b6107e..2c85a1a01f 100644 --- a/kubernetes/common/cassandra/templates/backup/configmap.yaml +++ b/kubernetes/common/cassandra/templates/backup/configmap.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} {{- if .Values.backup.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index e2f675a384..06bb7434c5 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{- if .Values.k8ssandraOperator.enabled }} +{{- if .Values.global.cassandra.useOperator }} {{ else }} apiVersion: batch/v1beta1 kind: CronJob @@ -39,7 +39,7 @@ spec: - command: - /app/ready.py args: - - --container-name + - --app-name - {{ include "common.name" . }} env: - name: NAMESPACE diff --git a/kubernetes/common/cassandra/templates/backup/pv.yaml b/kubernetes/common/cassandra/templates/backup/pv.yaml index 23e4551c10..e7218fae7d 100644 --- a/kubernetes/common/cassandra/templates/backup/pv.yaml +++ b/kubernetes/common/cassandra/templates/backup/pv.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{- if .Values.k8ssandraOperator.enabled }} +{{- if .Values.global.cassandra.useOperator }} {{ else }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} {{- if eq "True" (include "common.needPV" .) -}} diff --git a/kubernetes/common/cassandra/templates/backup/pvc.yaml b/kubernetes/common/cassandra/templates/backup/pvc.yaml index e60a1db510..56b3ba8b02 100644 --- a/kubernetes/common/cassandra/templates/backup/pvc.yaml +++ b/kubernetes/common/cassandra/templates/backup/pvc.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} {{- if .Values.backup.enabled }} -{{- if .Values.k8ssandraOperator.enabled }} +{{- if .Values.global.cassandra.useOperator }} {{ else }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} --- diff --git a/kubernetes/common/cassandra/templates/cassOp.yaml b/kubernetes/common/cassandra/templates/cassOp.yaml index cb6ce4adc5..9f463adf08 100644 --- a/kubernetes/common/cassandra/templates/cassOp.yaml +++ b/kubernetes/common/cassandra/templates/cassOp.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2023 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{- if .Values.k8ssandraOperator.enabled }} +{{- if .Values.global.cassandra.useOperator }} {{ include "common.k8ssandraCluster" . }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml index 8f2b39e1a1..5510986e54 100644 --- a/kubernetes/common/cassandra/templates/configmap.yaml +++ b/kubernetes/common/cassandra/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} {{- if .Values.configOverrides }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 8e2ad663c3..d18e51d2f4 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -13,6 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} {{ include "common.replicaPV" . }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/secrets.yaml b/kubernetes/common/cassandra/templates/secrets.yaml index b776caf6b6..5a611a9bef 100644 --- a/kubernetes/common/cassandra/templates/secrets.yaml +++ b/kubernetes/common/cassandra/templates/secrets.yaml @@ -16,6 +16,6 @@ # limitations under the License. */}} -{{- if .Values.k8ssandraOperator.enabled }} +{{- if .Values.global.cassandra.useOperator }} {{ include "common.secretFast" . }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 092c677812..8b2e534a5f 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} {{ include "common.headlessService" . }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml index 759586fcdb..078107393a 100644 --- a/kubernetes/common/cassandra/templates/servicemonitor.yaml +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index dff70820e9..4815d14594 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- if not .Values.k8ssandraOperator.enabled }} +{{- if not .Values.global.cassandra.useOperator }} apiVersion: apps/v1 kind: StatefulSet metadata: {{- include "common.resourceMetadata" . | nindent 2 }} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 2f24750072..930fe9b2d3 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -21,9 +21,14 @@ global: # global defaults mountPath: /dockerdata-nfs backup: mountPath: /dockerdata-nfs/backup + cassandra: + # flag to enable the DB creation via k8ssandra-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false k8ssandraOperator: - enabled: true cassandraVersion: 4.0.1 persistence: #storageClassName: default diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index e134fe8048..4025924f80 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.0.1 +version: 13.0.2 diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl index c360a0f626..d0f23877a4 100644 --- a/kubernetes/common/common/templates/_cassOp.tpl +++ b/kubernetes/common/common/templates/_cassOp.tpl @@ -1,3 +1,19 @@ +{{/* +# Copyright © 2022 Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{/* Cassandra Data Center. */}} {{- define "common.k8ssandraCluster" -}} {{- $global := .Values.global }} @@ -10,7 +26,6 @@ spec: reaper: containerImage: registry: {{ include "repositoryGenerator.dockerHubRepository" . }} - heapSize: 512Mi autoScheduling: enabled: true stargate: @@ -67,5 +82,8 @@ spec: pods: annotations: {{ toYaml .Values.podAnnotations | nindent 10 }} + commonLabels: + app: {{ .Values.k8ssandraOperator.config.clusterName }} + version: {{ .Values.k8ssandraOperator.cassandraVersion }} {{- end }} {{ end }} diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index 5021c500b0..7e127e2437 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -59,6 +59,17 @@ {{- end -}} {{/* + Choose the name of the mariadb app label to use. +*/}} +{{- define "common.mariadbAppName" -}} + {{- if .Values.global.mariadbGalera.localCluster -}} + {{- index .Values "mariadb-galera" "nameOverride" -}} + {{- else -}} + {{- .Values.global.mariadbGalera.nameOverride -}} + {{- end -}} +{{- end -}} + +{{/* Choose the name of the mariadb service to use. */}} {{- define "common.mariadbService" -}} @@ -97,3 +108,246 @@ {{- define "common.mariadbSecretParam" -}} {{ printf "password" -}} {{- end -}} + +{{/* + Create MariDB Database via mariadb-operator +*/}} +{{- define "common.mariadbOpDatabase" -}} +{{- $dot := default . .dot -}} +{{- $dbname := (required "'dbame' param, is required." .dbname) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: Database +metadata: + name: {{ $dbname }} +spec: + mariaDbRef: + name: {{ $dbinst }} + characterSet: utf8 + collate: utf8_general_ci +{{- end -}} + +{{/* + Create MariaDB User via mariadb-operator +*/}} +{{- define "common.mariadbOpUser" -}} +{{- $dot := default . .dot -}} +{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +{{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}} +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: User +metadata: + name: {{ $dbuser }} +spec: + # If you want the user to be created with a different name than the resource name + # name: user-custom + mariaDbRef: + name: {{ $dbinst }} + passwordSecretKeyRef: + name: {{ $dbsecret }} + key: password + # This field is immutable and defaults to 10 + maxUserConnections: 100 +{{- end -}} + +{{/* + Grant rights to a MariaDB User via mariadb-operator +*/}} +{{- define "common.mariadbOpGrants" -}} +{{- $dot := default . .dot -}} +{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}} +{{- $dbname := (required "'dbame' param, is required." .dbname) -}} +{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: Grant +metadata: + name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }} +spec: + mariaDbRef: + name: {{ $dbinst }} + privileges: + - "ALL" + database: {{ $dbname }} + table: "*" + username: {{ $dbuser }} + grantOption: true +{{- end -}} + +{{/* + MariaDB Backup via mariadb-operator +*/}} +{{- define "common.mariadbOpBackup" -}} +{{- $dot := default . .dot -}} +{{- $dbinst := include "common.name" $dot -}} +kind: Backup +metadata: + name: backup-scheduled +spec: + mariaDbRef: + name: {{ $dbinst }} + schedule: + cron: "*/1 * * * *" + suspend: false + maxRetentionDays: 30 + storage: + persistentVolumeClaim: + resources: + requests: + storage: 100Mi + {{- if .Values.mariadbOperator.storageClassName }} + storageClassName: {{ .Values.mariadbOperator.storageClassName }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 300m + memory: 512Mi +{{- end -}} + +{{/* + Create a MariaDB instance via mariadb-operator +*/}} +{{- define "common.mariadbOpInstance" -}} +{{- $dot := default . .dot -}} +{{- $global := $dot.Values.global -}} +{{- $dbinst := include "common.name" $dot -}} +{{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}} +{{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}} +--- +apiVersion: mariadb.mmontes.io/v1alpha1 +kind: MariaDB +metadata: + name: {{ $dbinst }} +spec: + podSecurityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + inheritMetadata: + {{ if .Values.podAnnotations -}} + annotations: {{ toYaml .Values.podAnnotations | nindent 6 }} + {{- end }} + labels: + app: {{ $dbinst }} + version: {{ .Values.mariadbOperator.appVersion }} + rootPasswordSecretKeyRef: + name: {{ $dbrootsecret }} + key: password + image: + repository: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }} + tag: {{ $dot.Values.mariadbOperator.appVersion }} + pullPolicy: IfNotPresent + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key + port: 3306 + replicas: {{ $dot.Values.replicaCount }} + galera: + {{- if eq (int $dot.Values.replicaCount) 1 }} + enabled: false + {{- else }} + enabled: {{ $dot.Values.mariadbOperator.galera.enabled }} + {{- end }} + sst: mariabackup + replicaThreads: 1 + agent: + image: + repository: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.mariadbOperator.galera.agentImage }} + tag: {{ $dot.Values.mariadbOperator.galera.agentVersion }} + pullPolicy: IfNotPresent + port: 5555 + kubernetesAuth: + enabled: true + authDelegatorRoleName: {{ $dbinst }}-auth + gracefulShutdownTimeout: 5s + recovery: + enabled: true + clusterHealthyTimeout: 5m + clusterBootstrapTimeout: 10m + podRecoveryTimeout: 5m + podSyncTimeout: 10m + initContainer: + image: + repository: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }} + tag: {{ $dot.Values.mariadbOperator.galera.initVersion }} + pullPolicy: IfNotPresent + volumeClaimTemplate: + resources: + requests: + storage: 50Mi + accessModes: + - ReadWriteOnce + livenessProbe: + exec: + command: + - bash + - '-c' + - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - bash + - '-c' + - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;" + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + tolerations: + - key: mariadb.mmontes.io/ha + operator: Exists + effect: NoSchedule + podDisruptionBudget: + maxUnavailable: 50% + updateStrategy: + type: RollingUpdate + #myCnf: | + # [mysqld] + # bind-address=0.0.0.0 + # default_storage_engine=InnoDB + # binlog_format=row + # innodb_autoinc_lock_mode=2 + # max_allowed_packet=256M + # lower_case_table_names = 1 + + # ## Character set + # collation_server=utf8_unicode_ci + # init_connect='SET NAMES utf8' + # character_set_server=utf8 + + myCnfConfigMapKeyRef: + key: my.cnf + name: {{ printf "%s-configuration" (include "common.fullname" $dot) }} + resources: {{ include "common.resources" . | nindent 4 }} + volumeClaimTemplate: + {{- if $dot.Values.mariadbOperator.storageClassName }} + storageClassName: {{ $dot.Values.k8ssandraOperator.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ $dot.Values.persistence.size | quote }} + accessModes: + - ReadWriteOnce +{{- if $dot.Values.db.user }} +{{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }} +{{- end }} +{{- if $dot.Values.db.name }} +{{ include "common.mariadbOpDatabase" (dict "dot" . "dbname" $dot.Values.db.name "dbinst" $dbinst) }} +{{- end }} +{{- if and $dot.Values.db.user $dot.Values.db.name }} +{{ include "common.mariadbOpGrants" (dict "dot" . "dbuser" $dot.Values.db.user "dbname" $dot.Values.db.name "dbinst" $dbinst) }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 92fc13d21a..84d6bc1d47 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -61,7 +61,7 @@ spec: - command: - /app/ready.py args: - - --container-name + - --app-name - {{ .Values.config.dbPodName }} env: - name: NAMESPACE diff --git a/kubernetes/common/mariadb-galera/Chart.yaml b/kubernetes/common/mariadb-galera/Chart.yaml index 92eac6f837..71ff421d7b 100644 --- a/kubernetes/common/mariadb-galera/Chart.yaml +++ b/kubernetes/common/mariadb-galera/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Chart for MariaDB Galera cluster name: mariadb-galera -version: 13.0.0 +version: 13.0.1 keywords: - mariadb - mysql @@ -39,4 +39,5 @@ dependencies: repository: 'file://../repositoryGenerator' - name: serviceAccount version: ~13.x-0 - repository: 'file://../serviceAccount'
\ No newline at end of file + repository: 'file://../serviceAccount' + condition: global.mariadbGalera.enableServiceAccount
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index e2a9ca64cf..4548626dd3 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -15,6 +15,9 @@ # limitations under the License. */}} +{{- if and .Values.backup.enabled .Values.global.mariadbGalera.useOperator }} +{{ include "common.mariadbOpBackup" . }} +{{ else }} {{- if and .Values.backup.enabled .Values.persistence.enabled }} apiVersion: batch/v1beta1 kind: CronJob @@ -180,3 +183,4 @@ spec: - name: tmp emptyDir: {} {{- end }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml index 30eb74b059..d5e26109e7 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml @@ -14,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + +{{- if not .Values.global.mariadbGalera.useOperator }} {{- if .Values.backup.enabled }} {{- if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim) -}} {{- if eq "True" (include "common.needPV" .) -}} @@ -41,3 +43,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index 5dd8a3f52f..4c2bfcd389 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -14,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + +{{- if not .Values.global.mariadbGalera.useOperator }} {{- if .Values.backup.enabled }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} --- @@ -45,3 +47,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index c95a234fb7..0aa0a63f0a 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -15,7 +15,20 @@ # limitations under the License. */}} -{{ if .Values.mariadbConfiguration }} +{{- if .Values.global.mariadbGalera.useOperator }} +{{ if .Values.mariadbOpConfiguration }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "common.fullname" .) }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: + my.cnf: | +{{ .Values.mariadbOpConfiguration | indent 4 }} +{{- end }} +{{- else }} +{{ if .Values.mariadbConfiguration }} apiVersion: v1 kind: ConfigMap metadata: @@ -25,4 +38,5 @@ metadata: data: my.cnf: | {{ .Values.mariadbConfiguration | indent 4 }} +{{- end }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/mariadb.yaml b/kubernetes/common/mariadb-galera/templates/mariadb.yaml new file mode 100644 index 0000000000..ce09c9ff06 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/mariadb.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2023 Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.mariadbGalera.useOperator }} +{{ include "common.mariadbOpInstance" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml index 841aab3e17..d37aeb1751 100644 --- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -14,7 +14,9 @@ # limitations under the License. */}} -{{- if default false .Values.global.metrics.enabled }} +{{- if not .Values.global.mariadbGalera.useOperator }} +{{- if default false .Values.global.metrics.enabled }} +--- apiVersion: v1 kind: Service metadata: @@ -31,4 +33,5 @@ spec: port: {{ .Values.metrics.service.port }} targetPort: tcp-metrics selector: {{- include "common.matchLabels" . | nindent 4 }} -{{- end }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml index 1d9d4141ab..734f03f237 100644 --- a/kubernetes/common/mariadb-galera/templates/pdb.yaml +++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml @@ -14,17 +14,19 @@ # limitations under the License. */}} -{{- if .Values.podDisruptionBudget.create }} +{{- if not .Values.global.mariadbGalera.useOperator }} +{{- if .Values.podDisruptionBudget.create }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: -{{- if .Values.podDisruptionBudget.minAvailable }} +{{- if .Values.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} -{{- end }} -{{- if .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} -{{- end }} +{{- end }} selector: matchLabels: {{- include "common.matchLabels" . | nindent 6 }} -{{- end }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 54a02cf2db..129b5b26c7 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -15,4 +15,6 @@ # limitations under the License. */}} +{{- if not .Values.global.mariadbGalera.useOperator }} {{ include "common.replicaPV" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 6af9135367..4cabde1e4d 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -15,11 +15,13 @@ # limitations under the License. */}} +{{- if not .Values.global.mariadbGalera.useOperator }} {{ include "common.service" . }} --- {{ include "common.headlessService" . }} +{{- end }} {{- if (include "common.onServiceMesh" .) }} -{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} --- apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication @@ -29,9 +31,9 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: {{ include "common.servicename" . }} + app: {{ include "common.servicename" . }} portLevelMtls: '{{ .Values.service.internalPort }}': mode: DISABLE -{{- end}} -{{- end}} +{{- end }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml index 6d1ed40e13..4cbf7b394f 100644 --- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml +++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} -{{- if .Values.metrics.serviceMonitor.enabled }} +{{- if not .Values.global.mariadbGalera.useOperator }} +{{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} -{{- end }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index c95b572465..2f5b33fd97 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -18,6 +18,7 @@ # limitations under the License. */}} +{{- if not .Values.global.mariadbGalera.useOperator }} apiVersion: apps/v1 kind: StatefulSet metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -266,3 +267,4 @@ spec: volumeClaimTemplates: - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} {{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index e9fe577233..a749c0959c 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -15,6 +15,25 @@ # See the License for the specific language governing permissions and # limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + clusterDomain: cluster.local + metrics: {} + mariadbGalera: + # flag to enable the DB creation via mariadb-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false + nameOverride: mariadb-galera + service: mariadb-galera ################################################################# # Secrets metaconfig @@ -35,21 +54,108 @@ secrets: login: '{{ .Values.galera.mariabackup.user }}' password: '{{ .Values.galera.mariabackup.password }}' +mariadbOperator: + image: mariadb + appVersion: 11.1.2 + galera: + enabled: true + agentImage: mariadb-operator/agent + agentVersion: v0.0.2 + initImage: mariadb-operator/init + initVersion: v0.0.5 + +## String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: mariadb-galera + +## Custom db configuration +## +db: + ## MariaDB username and password + ## Password is ignored if externalSecret is specified. + ## If not set, password will be "randomly" generated + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run + ## + user: my-user + # password: + # externalSecret: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run + ## + # name: my_database + +## Desired number of cluster nodes +## +replicaCount: 3 + +## Additional pod annotations for MariaDB Galera pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## -> here required to enable mariadb-galera in istio +## +podAnnotations: + # sidecar.istio.io/inject: "false" + traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568" + traffic.sidecar.istio.io/includeInboundPorts: '*' + traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568" + +mariadbOpConfiguration: |- + [mysqld] + max_allowed_packet=256M + lower_case_table_names = 1 + + ## Character set + collation_server=utf8_unicode_ci + init_connect='SET NAMES utf8' + character_set_server=utf8 + + ## MyISAM + key_buffer_size=32M + myisam_recover_options=FORCE,BACKUP + + ## Safety + skip_host_cache + skip_name_resolve + max_allowed_packet=16M + max_connect_errors=1000000 + sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate_is_now=1 + + ## Caches and Limits + tmp_table_size=32M + max_heap_table_size=32M + # Re-enabling as now works with Maria 10.1.2 + query_cache_type=1 + query_cache_limit=4M + query_cache_size=256M + max_connections=500 + thread_cache_size=50 + open_files_limit=65535 + table_definition_cache=4096 + table_open_cache=4096 + + ## InnoDB + innodb=FORCE + innodb_strict_mode=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb_autoinc_lock_mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb_doublewrite=1 + innodb_flush_method=O_DIRECT + innodb_log_files_in_group=2 + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=1 + innodb_file_per_table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb_buffer_pool_size=2G + innodb_file_format=Barracuda + +########################################################################################## +# !!! the following configuration entries are ignored, when mariadbOperator is enabled !!! +########################################################################################## # bitnami image doesn't support well single quote in password passwordStrengthOverride: basic -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: - mountPath: /dockerdata-nfs - backup: - mountPath: /dockerdata-nfs/backup - clusterDomain: cluster.local - metrics: {} - image: bitnami/mariadb-galera:10.5.8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -66,10 +172,6 @@ debug: true ## actions performed on the databases are tried to be done before actual start. init_sleep_time: 5 -## String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: mariadb-galera - ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -129,22 +231,6 @@ rootUser: # password: # externalSecret: -## Custom db configuration -## -db: - ## MariaDB username and password - ## Password is ignored if externalSecret is specified. - ## If not set, password will be "randomly" generated - ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run - ## - user: my-user - # password: - # externalSecret: - ## Database to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run - ## - # name: my_database - ## Galera configuration ## galera: @@ -212,7 +298,8 @@ backup: readinessCheck: wait_for: - - '{{ include "common.name" . }}' + apps: + - '{{ include "common.name" . }}' ## TLS configuration ## @@ -368,26 +455,12 @@ mariadbConfiguration: |- ## ## extraFlags: "--max-connect-errors=1000 --max_connections=155" -## Desired number of cluster nodes -## -replicaCount: 3 - ## updateStrategy for MariaDB Master StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: type: RollingUpdate -## Additional pod annotations for MariaDB Galera pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -> here required to enable mariadb-galera in istio -## -podAnnotations: - # sidecar.istio.io/inject: "false" - traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568" - traffic.sidecar.istio.io/includeInboundPorts: '*' - traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568" - ## Pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index a899d93a28..f41f5232a9 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -41,7 +41,7 @@ spec: command: - /app/ready.py args: - - --container-name + - --app-name - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index b170c8fea6..1eed35c0c5 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: - /app/ready.py args: {{- if .Values.global.mariadbGalera.localCluster }} - - --container-name + - --app-name - {{ index .Values "mariadb-galera" "nameOverride" }} {{- else }} - --job-name diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 5858e84389..adfa468d6e 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -30,7 +30,7 @@ global: #as the dependency check will not work otherwise (Chart.yaml) localCluster: false globalCluster: true - service: mariadb-galera + service: mariadb-galera-primary internalPort: 3306 nameOverride: mariadb-galera @@ -63,6 +63,10 @@ mariadb-galera: name: nengdb portName: nengdbport replicaCount: 1 + mariadbOperator: + galera: + enabled: false + persistence: enabled: true mountSubPath: network-name-gen/data diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 90c278e4c5..879be1288f 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -35,6 +35,20 @@ - aaf-cm - aaf-service + the powerful one allows also to wait for pod names with this + (has to start with the given pod name): + wait_for: + name: myname + pods: + - test-pod + + the powerful one allows also to wait for pods with the + given "app" label: + wait_for: + name: myname + apps: + - mariadb-galera + the powerful one allows also to wait for jobs with this: wait_for: name: myname @@ -48,7 +62,7 @@ - .dot : environment (.) - .initRoot : the root dictionary of readinessCheck submodule (default to .Values.readinessCheck) - - .wait_for : list of containers / jobs to wait for (default to + - .wait_for : list of containers / pods /apps / jobs to wait for (default to .Values.wait_for) Example calls: @@ -62,6 +76,8 @@ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{- $wait_for := default $initRoot.wait_for .wait_for -}} {{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}} +{{- $pods := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "pods" -}} +{{- $apps := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "apps" -}} {{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}} {{- $jobs := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "jobs" -}} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness @@ -77,6 +93,14 @@ - --container-name - {{ tpl $container $dot }} {{- end }} + {{- range $pod := default (list) $pods }} + - --pod-name + - {{ tpl $pod $dot }} + {{- end }} + {{- range $app := default (list) $apps }} + - --app-name + - {{ tpl $app $dot }} + {{- end }} {{- range $job := $jobs }} - --job-name - {{ tpl $job $dot }} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 66ab4e239e..03ffddafd1 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -39,10 +39,10 @@ global: mariadbImage: bitnami/mariadb:10.5.8 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:5.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15 - quitQuitImage: onap/oom/readiness:4.1.0 + quitQuitImage: onap/oom/readiness:5.0.1 # Default credentials # they're optional. If the target repository doesn't need them, comment them |