# Copyright © 2018 Amdocs # Copyright © 2018,2021 Bell Canada # Copyright © 2019 Samsung Electronics # Copyright © 2020 Bitnami, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 persistence: mountPath: /dockerdata-nfs backup: mountPath: /dockerdata-nfs/backup clusterDomain: cluster.local metrics: {} mariadbGalera: # flag to enable the DB creation via mariadb-operator useOperator: true # if useOperator set to "true", set "enableServiceAccount to "false" # as the SA is created by the Operator enableServiceAccount: false nameOverride: mariadb-galera service: mariadb-galera ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: '{{ include "common.mariadb.secret.rootPassUID" . }}' type: password externalSecret: '{{ tpl (default "" .Values.rootUser.externalSecret) . }}' password: '{{ .Values.rootUser.password }}' - uid: '{{ include "common.mariadb.secret.userCredentialsUID" . }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.externalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' - uid: '{{ include "common.mariadb.secret.backupCredentialsUID" . }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.galera.mariabackup.externalSecret) . }}' login: '{{ .Values.galera.mariabackup.user }}' password: '{{ .Values.galera.mariabackup.password }}' mariadbOperator: image: mariadb appVersion: 11.2.2 persistence: #storageClassName: default size: 3Gi galera: enabled: true agentImage: mariadb-operator/mariadb-operator agentVersion: v0.0.28 initImage: mariadb-operator/mariadb-operator initVersion: v0.0.28 ## String to partially override common.names.fullname template (will maintain the release name) ## nameOverride: mariadb-galera ## Custom db configuration ## db: ## MariaDB username and password ## Password is ignored if externalSecret is specified. ## If not set, password will be "randomly" generated ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run ## user: my-user # password: # externalSecret: ## Database to create ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run ## # name: my_database ## Desired number of cluster nodes ## replicaCount: 3 ## Additional pod annotations for MariaDB Galera pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## -> here required to enable mariadb-galera in istio ## podAnnotations: # sidecar.istio.io/inject: "false" traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568" traffic.sidecar.istio.io/includeInboundPorts: '*' traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568,443" mariadbOpConfiguration: |- [mysqld] max_allowed_packet=256M lower_case_table_names = 1 ## Character set collation_server=utf8_unicode_ci init_connect='SET NAMES utf8' character_set_server=utf8 ## MyISAM key_buffer_size=32M myisam_recover_options=FORCE,BACKUP ## Safety skip_host_cache skip_name_resolve max_allowed_packet=16M max_connect_errors=1000000 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY sysdate_is_now=1 ## Caches and Limits tmp_table_size=32M max_heap_table_size=32M # Re-enabling as now works with Maria 10.1.2 query_cache_type=1 query_cache_limit=4M query_cache_size=256M max_connections=500 thread_cache_size=50 open_files_limit=65535 table_definition_cache=4096 table_open_cache=4096 ## InnoDB innodb=FORCE innodb_strict_mode=1 # Mandatory per https://github.com/codership/documentation/issues/25 innodb_autoinc_lock_mode=2 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ innodb_doublewrite=1 innodb_flush_method=O_DIRECT innodb_log_files_in_group=2 innodb_log_file_size=128M innodb_flush_log_at_trx_commit=1 innodb_file_per_table=1 # 80% Memory is default reco. # Need to re-evaluate when DB size grows innodb_buffer_pool_size=2G innodb_file_format=Barracuda ########################################################################################## # !!! the following configuration entries are ignored, when mariadbOperator is enabled !!! ########################################################################################## # bitnami image doesn't support well single quote in password passwordStrengthOverride: basic image: bitnami/mariadb-galera:10.5.8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: Always ## Set to true if you would like to see extra information on logs ## It turns BASH debugging in minideb-extras-base ## debug: true ## Sometimes, especially when a lot of pods are created at the same time, ## actions performed on the databases are tried to be done before actual start. init_sleep_time: 5 ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## podManagementPolicy: OrderedReady ## MariaDB Gallera K8s svc properties ## service: ## Kubernetes service type and port number ## type: ClusterIP headless: {} internalPort: &dbPort 3306 ports: - name: tcp-mysql port: *dbPort headlessPorts: - name: tcp-galera port: 4567 - name: tcp-ist port: 4568 - name: tcp-sst port: 4444 ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: nameOverride: mariadb-galera roles: - read ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: user_id: 10001 group_id: 10001 # Old Bitnami Chart does not work without Filesystem access containerSecurityContext: readOnlyFileSystem: false ## Database credentials for root (admin) user ## rootUser: ## MariaDB admin user user: root ## MariaDB admin password ## Password is ignored if externalSecret is specified. ## If not set, password will be "randomly" generated ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run ## # password: # externalSecret: ## Galera configuration ## galera: ## Galera cluster name ## name: galera ## Bootstraping options ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping bootstrap: ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node ## bootstrapFromNode: ## Force safe_to_bootstrap in grastate.date file. ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode. forceSafeToBootstrap: false ## Credentials to perform backups ## mariabackup: ## MariaBackup username and password ## Password is ignored if externalSecret is specified. ## If not set, password will be "randomly" generated ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster ## user: mariabackup # password: # externalSecret: ## The backup job will mount the mariadb data pvc in order to run mariabackup. ## For this reason the db data pvc needs to have accessMode: ReadWriteMany. backup: enabled: false # used in the mariadb-operator to override the backup name (default is DBName) # nameOverride: # defines the backup job execution period cron: "00 00 * * *" # used by mariadb-operator to set the max retention time maxRetention: 720h retentionPeriod: 3 # used by mariadb-operator to set the backup storage type (PVC, S3, volume) storageType: PVC # configuration used for PVC backup storage persistence: ## If true, use a Persistent Volume Claim, If false, use emptyDir ## enabled: true # Enable persistence using an existing PVC # existingClaim: ## selector can be used to match an existing PersistentVolume ## selector: ## matchLabels: ## app: my-app selector: {} ## Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" ## Persistent Volume Claim annotations ## annotations: ## Persistent Volume Access Mode ## accessMode: ReadWriteOnce ## Persistent Volume size ## size: 2Gi # requires mariadb-operator v0.24.0 # configuration used for S3 backup storage # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md s3: bucket: backups endpoint: minio.minio.svc.cluster.local:9000 #region: us-east-1 accessKeyIdSecretKeyRef: name: minio key: access-key-id secretAccessKeySecretKeyRef: name: minio key: secret-access-key tls: enabled: false caSecretKeyRef: name: minio-ca key: ca.crt # configuration used for kubernetes volumes as backup storage # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md volume: {} readinessCheck: wait_for: services: - '{{ include "common.servicename" . }}' ## TLS configuration ## tls: ## Enable TLS ## enabled: false ## Name of the secret that contains the certificates ## # certificatesSecret: ## Certificate filename ## # certFilename: ## Certificate Key filename ## # certKeyFilename: ## CA Certificate filename ## # certCAFilename: ## Configure MariaDB with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## Alternatively, you can put your my.cnf under the files/ directory ## mariadbConfiguration: |- [client] port=3306 socket=/opt/bitnami/mariadb/tmp/mysql.sock plugin_dir=/opt/bitnami/mariadb/plugin [mysqld] lower_case_table_names = 1 default_storage_engine=InnoDB basedir=/opt/bitnami/mariadb datadir=/bitnami/mariadb/data plugin_dir=/opt/bitnami/mariadb/plugin tmpdir=/opt/bitnami/mariadb/tmp socket=/opt/bitnami/mariadb/tmp/mysql.sock pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid bind_address=0.0.0.0 ## Character set collation_server=utf8_unicode_ci init_connect='SET NAMES utf8' character_set_server=utf8 ## MyISAM key_buffer_size=32M myisam_recover_options=FORCE,BACKUP ## Safety skip_host_cache skip_name_resolve max_allowed_packet=16M max_connect_errors=1000000 sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY sysdate_is_now=1 ## Binary Logging log_bin=mysql-bin expire_logs_days=14 # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql sync_binlog=0 # Required for Galera binlog_format=row ## Caches and Limits tmp_table_size=32M max_heap_table_size=32M # Re-enabling as now works with Maria 10.1.2 query_cache_type=1 query_cache_limit=4M query_cache_size=256M max_connections=500 thread_cache_size=50 open_files_limit=65535 table_definition_cache=4096 table_open_cache=4096 ## InnoDB innodb=FORCE innodb_strict_mode=1 # Mandatory per https://github.com/codership/documentation/issues/25 innodb_autoinc_lock_mode=2 # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ innodb_doublewrite=1 innodb_flush_method=O_DIRECT innodb_log_files_in_group=2 innodb_log_file_size=128M innodb_flush_log_at_trx_commit=1 innodb_file_per_table=1 # 80% Memory is default reco. # Need to re-evaluate when DB size grows innodb_buffer_pool_size=2G innodb_file_format=Barracuda ## Logging log_error=/opt/bitnami/mariadb/logs/mysqld.log slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log log_queries_not_using_indexes=1 slow_query_log=1 ## SSL ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem # ssl_ca=/certs/ca.pem # ssl_cert=/certs/server-cert.pem # ssl_key=/certs/server-key.pem [galera] wsrep_on=ON wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so wsrep_sst_method=mariabackup wsrep_slave_threads=4 wsrep_cluster_address=gcomm:// wsrep_cluster_name=galera wsrep_sst_auth="root:" # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit innodb_flush_log_at_trx_commit=2 # MYISAM REPLICATION SUPPORT # wsrep_replicate_myisam=ON binlog_format=row default_storage_engine=InnoDB innodb_autoinc_lock_mode=2 transaction-isolation=READ-COMMITTED wsrep_causal_reads=1 wsrep_sync_wait=7 [mariadb] plugin_load_add=auth_pam ## Data-at-Rest Encryption ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem # plugin_load_add=file_key_management # file_key_management_filename=/encryption/keyfile.enc # file_key_management_filekey=FILE:/encryption/keyfile.key # file_key_management_encryption_algorithm=AES_CTR # encrypt_binlog=ON # encrypt_tmp_files=ON ## InnoDB/XtraDB Encryption # innodb_encrypt_tables=ON # innodb_encrypt_temporary_tables=ON # innodb_encrypt_log=ON # innodb_encryption_threads=4 # innodb_encryption_rotate_key_age=1 ## Aria Encryption # aria_encrypt_tables=ON # encrypt_tmp_disk_tables=ON ## MariaDB additional command line flags ## Can be used to specify command line flags, for example: ## ## extraFlags: "--max-connect-errors=1000 --max_connections=155" ## updateStrategy for MariaDB Master StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: type: RollingUpdate ## Pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" ## Pod anti-affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## Allowed values: soft, hard ## nodeAffinityPreset: ## Node affinity type ## Allowed values: soft, hard type: "" ## Node label key to match ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## Node label values to match ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## Node labels for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## If true, use a Persistent Volume Claim, If false, use emptyDir ## enabled: true # Enable persistence using an existing PVC # existingClaim: mountPath: /dockerdata-nfs mountSubPath: "mariadb-galera/data" ## selector can be used to match an existing PersistentVolume ## selector: ## matchLabels: ## app: my-app selector: {} ## Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" ## Persistent Volume Claim annotations ## annotations: ## Persistent Volume Access Mode ## Use ReadWriteMany if backup is enabled, see backup section. ## accessMode: ReadWriteOnce ## Persistent Volume size ## size: 3Gi ## Additional pod labels ## # podLabels: # extraLabel: extraValue ## Priority Class Name # # priorityClassName: 'priorityClass' ## MariaDB Galera containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## flavor: small resources: small: limits: cpu: "1" memory: "4Gi" requests: cpu: "500m" memory: "2Gi" large: limits: cpu: "2" memory: "6Gi" requests: cpu: "1" memory: "3Gi" unlimited: {} volumes: bootSizeLimit: 50Mi tmpSizeLimit: 200Mi configSizeLimit: 50Mi tmpMariaDBSizeLimit: 100Mi ## MariaDB Galera containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 readinessProbe: enabled: true initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startupProbe: ## Initializing the database could take some time ## enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 180 successThreshold: 1 # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before # stating startup wasn't good (910s per default) failureThreshold: 90 ## Pod disruption budget configuration ## podDisruptionBudget: ## Specifies whether a Pod disruption budget should be created ## create: true minAvailable: 1 # maxUnavailable: 1 ## Prometheus exporter configuration ## metrics: ## Bitnami MySQL Prometheus exporter image ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ ## image: bitnami/mysqld-exporter:0.12.1-debian-10-r264 pullPolicy: Always ## MySQL exporter additional command line flags ## Can be used to specify command line flags ## E.g.: ## extraFlags: ## - --collect.binlog_size ## extraFlags: [] securityContext: readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: - ALL - CAP_NET_RAW runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 seccompProfile: type: RuntimeDefault ## MySQL Prometheus exporter containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: "0.5" memory: "200Mi" requests: cpu: "0.5" memory: "200Mi" ## MariaDB Galera metrics container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 ## MySQL Prometheus exporter service parameters ## service: type: ClusterIP port: 9104 annotations: prometheus.io/scrape: "true" prometheus.io/port: "9104" ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: enabled: false ## Namespace in which Prometheus is running ## # namespace: monitoring ## Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## # interval: 10s ## Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## # scrapeTimeout: 10s ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## # selector: # prometheus: kube-prometheus ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## relabelings: [] ## MetricRelabelConfigs to apply to samples before ingestion ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig ## Value is evalued as a template ## metricRelabelings: [] # - sourceLabels: # - "__name__" # targetLabel: "__name__" # action: replace # regex: '(.*)' # replacement: 'example_prefix_$1' ## Prometheus Operator PrometheusRule configuration ## prometheusRules: enabled: false ## Additional labels to add to the PrometheusRule so it is picked up by the operator. ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator' selector: app: prometheus-operator release: prometheus ## Rules as a map. rules: [] # - alert: MariaDB-Down # annotations: # message: 'MariaDB instance {{ $labels.instance }} is down' # summary: MariaDB instance is down # expr: absent(up{job="mariadb-galera"} == 1) # labels: # severity: warning # service: mariadb-galera # for: 5m