diff options
Diffstat (limited to 'kubernetes/common')
4 files changed, 67 insertions, 13 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 7fee67a7a4..f2741079c7 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -13,11 +13,18 @@ http: paths: - backend: - serviceName: {{ .name }} - servicePort: {{ .port }} + service: + name: {{ .name }} + port: + {{- if kindIs "string" .port }} + name: {{ .port }} + {{- else }} + number: {{ .port }} + {{- end }} {{- if .path }} path: {{ .path }} {{- end }} + pathType: ImplementationSpecific {{- end }} {{- end -}} @@ -69,7 +76,7 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} {{- if $ingressEnabled }} -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "common.fullname" . }}-ingress diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl index eb6c047c2f..81d7a74578 100644 --- a/kubernetes/common/common/templates/_serviceMonitor.tpl +++ b/kubernetes/common/common/templates/_serviceMonitor.tpl @@ -110,8 +110,12 @@ namespace: {{ $dot.Values.metrics.serviceMonitor.namespace }} {{- else }} namespace: {{ include "common.namespace" $dot }} {{- end }} +{{- if $dot.Values.metrics.serviceMonitor.labels }} +labels: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.labels "context" $dot) | nindent 2 }} +{{- else }} labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} {{- end -}} +{{- end -}} {{/* Create service monitor template @@ -133,14 +137,31 @@ spec: {{- else }} port: metrics {{- end }} + {{- if $dot.Values.metrics.serviceMonitor.isHttps }} + scheme: https + {{- if $dot.Values.metrics.serviceMonitor.tlsConfig }} + tlsConfig: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.tlsConfig "context" $dot) | nindent 6 }} + {{- else }} + tlsConfig: + insecureSkipVerify: true + {{- end }} + {{- end }} {{- if $dot.Values.metrics.serviceMonitor.basicAuth.enabled }} basicAuth: username: key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretUserKey }} + {{- if $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }} + name: {{ include "common.release" . }}-{{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }} + {{- else }} name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }} + {{- end }} password: key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretPasswordKey }} + {{- if $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }} + name: {{ include "common.release" . }}-{{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretNameSuffix }} + {{- else }} name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }} + {{- end }} {{- end }} {{- if $dot.Values.metrics.serviceMonitor.interval }} interval: {{ $dot.Values.metrics.serviceMonitor.interval }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 210fbd02ba..4248cfe85c 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -15,7 +15,7 @@ # limitations under the License. */}} -{{- if .Values.backup.enabled }} +{{- if and .Values.backup.enabled .Values.persistence.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -37,7 +37,10 @@ spec: - name: mariadb-galera-backup-init image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 14 | trim }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false command: - /bin/bash - -c @@ -52,7 +55,7 @@ spec: target_dir=/backup/backup-`date +%s` mkdir -p $target_dir - mysqlhost={{ include "common.servicename" . }}.{{ include "common.namespace" . }} + mysqlhost={{ include "common.fullname" . }}-0.{{ include "common.servicename" . }}-headless.{{ include "common.namespace" . }} mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost @@ -78,13 +81,18 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup + - name: data + mountPath: /bitnami/mariadb containers: - name: mariadb-backup-validate image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 14 | trim }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false env: - - name: MYSQL_ROOT_PASSWORD + - name: MARIADB_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 18 }} command: - /bin/bash @@ -105,17 +113,17 @@ spec: fi target_dir=$(ls -td -- /backup/backup-* | head -n 1) - cp -Ra $target_dir/* /var/lib/mysql/ + cp -Ra $target_dir/* /bitnami/mariadb/data - if [ ! "$(ls -A /var/lib/mysql)" ]; then + if [ ! "$(ls -A /bitnami/mariadb/data)" ]; then remove_dir $target_dir exit 0 fi - /docker-entrypoint.sh mysqld & + /opt/bitnami/scripts/mariadb/entrypoint.sh /opt/bitnami/scripts/mariadb/run.sh & count=0 - until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1"; + until mysql --user=root --password=$MARIADB_ROOT_PASSWORD -e "SELECT 1"; do sleep 3; count=`expr $count + 1`; if [ $count -ge 30 ]; then @@ -124,7 +132,7 @@ spec: fi; done - mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log + mysqlcheck -A --user=root --password=$MARIADB_ROOT_PASSWORD > /tmp/output.log error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l` cat /tmp/output.log @@ -142,6 +150,10 @@ spec: fi resources: {{ include "common.resources" . | nindent 12 }} volumeMounts: + - mountPath: /bitnami/mariadb/data + name: tmp-data + - mountPath: /opt/bitnami/mariadb/tmp + name: tmp - mountPath: /etc/localtime name: localtime readOnly: true @@ -153,7 +165,18 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: data + persistentVolumeClaim: + {{- if .Values.persistence.existingClaim }} + claimName: {{ .Values.persistence.existingClaim }} + {{- else }} + claimName: {{ include "common.fullname" . }}-{{ include "common.fullname" . }}-0 + {{- end }} - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data + - name: tmp-data + emptyDir: {} + - name: tmp + emptyDir: {} {{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 9f7c882134..d65c4f7943 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -174,6 +174,8 @@ galera: # password: # externalSecret: +## The backup job will mount the mariadb data pvc in order to run mariabackup. +## For this reason the db data pvc needs to have accessMode: ReadWriteMany. backup: enabled: false cron: "00 00 * * *" @@ -458,6 +460,7 @@ persistence: ## annotations: ## Persistent Volume Access Mode + ## Use ReadWriteMany if backup is enabled, see backup section. ## accessMode: ReadWriteOnce ## Persistent Volume size |