feat: add custom my.cnf for MariaDB to kubezero-sql

2021-05-13 17:39:02 +02:00 · 2021-05-13 17:39:02 +02:00 · 2e72673c01
commit 2e72673c01
parent 567a7f94ff
7 changed files with 168 additions and 37 deletions
--- a/charts/kubezero-sql/Chart.yaml
+++ b/charts/kubezero-sql/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-sql
 description: KubeZero umbrella chart for SQL databases like MariaDB, PostgreSQL
 type: application
-version: 0.1.0
+version: 0.1.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -18,5 +18,5 @@ dependencies:
  - name: mariadb-galera
    version: 5.8.0
    repository: https://charts.bitnami.com/bitnami
-    condition: mariadb.enabled
+    condition: mariadb-galera.enabled
 kubeVersion: ">= 1.18.0"
--- a/charts/kubezero-sql/README.md
+++ b/charts/kubezero-sql/README.md
@ -1,8 +1,8 @@
-# kubezero-mq
+# kubezero-sql

-![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

-KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
+KubeZero umbrella chart for SQL databases like MariaDB, PostgreSQL

 **Homepage:** <https://kubezero.com>

@ -18,41 +18,33 @@ Kubernetes: `>= 1.18.0`

 | Repository | Name | Version |
 |------------|------|---------|
-|  | nats | 0.8.3 |
-| https://charts.bitnami.com/bitnami | rabbitmq | 8.13.1 |
+| https://charts.bitnami.com/bitnami | mariadb-galera | 5.8.0 |
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |

 ## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| nats.enabled | bool | `false` |  |
-| nats.exporter.serviceMonitor.enabled | bool | `false` |  |
-| nats.nats.advertise | bool | `false` |  |
-| nats.nats.image | string | `"nats:2.2.1-alpine3.13"` |  |
-| nats.nats.jetstream.enabled | bool | `true` |  |
-| nats.natsbox.enabled | bool | `false` |  |
-| rabbitmq.auth.erlangCookie | string | `"randomlongerlangcookie"` |  |
-| rabbitmq.auth.password | string | `"supersecret"` |  |
-| rabbitmq.auth.tls.enabled | bool | `false` |  |
-| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` |  |
-| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` |  |
-| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` |  |
-| rabbitmq.clustering.forceBoot | bool | `true` |  |
-| rabbitmq.enabled | bool | `false` |  |
-| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS |
-| rabbitmq.istio.enabled | bool | `false` |  |
-| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
-| rabbitmq.metrics.enabled | bool | `false` |  |
-| rabbitmq.metrics.serviceMonitor.enabled | bool | `false` |  |
-| rabbitmq.pdb.create | bool | `true` |  |
-| rabbitmq.podAntiAffinityPreset | string | `""` |  |
-| rabbitmq.replicaCount | int | `1` |  |
-| rabbitmq.resources.requests.cpu | string | `"100m"` |  |
-| rabbitmq.resources.requests.memory | string | `"256Mi"` |  |
-| rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n  topologyKey: topology.kubernetes.io/zone\n  whenUnsatisfiable: DoNotSchedule\n  labelSelector:\n    matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n  topologyKey: kubernetes.io/hostname\n  whenUnsatisfiable: DoNotSchedule\n  labelSelector:\n    matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` |  |
+| mariadb-galera.configurationConfigMap | string | `"{{ .Release.Name }}-mariadb-galera-configuration"` |  |
+| mariadb-galera.db.password | string | `"12345qwert"` |  |
+| mariadb-galera.db.user | string | `"mariadb"` |  |
+| mariadb-galera.enabled | bool | `true` |  |
+| mariadb-galera.galera.mariabackup.password | string | `"12345qwert"` |  |
+| mariadb-galera.istio.enabled | bool | `false` |  |
+| mariadb-galera.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
+| mariadb-galera.istio.url | string | `"mariadb.example.com"` |  |
+| mariadb-galera.metrics.enabled | bool | `false` |  |
+| mariadb-galera.metrics.prometheusRules.enabled | bool | `false` |  |
+| mariadb-galera.metrics.serviceMonitor.enabled | bool | `false` |  |
+| mariadb-galera.replicaCount | int | `2` |  |
+| mariadb-galera.rootUser.password | string | `"12345qwert"` |  |
+
+# Changes
+
+## MariaDB
+- custom my.cnf, source: https://github.com/bitnami/charts/blob/70d602fea38010145c20e1ca59be06e4cf32bf80/bitnami/mariadb-galera/values.yaml#L261

 ## Resources

-### NATS
- https://grafana.com/grafana/dashboards/13707
+### MariaDB
+
--- a/charts/kubezero-sql/README.md.gotmpl
+++ b/charts/kubezero-sql/README.md.gotmpl
@ -15,6 +15,13 @@

 {{ template "chart.valuesSection" . }}

+# Changes
+
+## MariaDB
+- custom my.cnf, source: https://github.com/bitnami/charts/blob/70d602fea38010145c20e1ca59be06e4cf32bf80/bitnami/mariadb-galera/values.yaml#L261
+
+
 ## Resources

 ### MariaDB
+
--- a/charts/kubezero-sql/example-mariadb-galera.yaml
+++ b/charts/kubezero-sql/example-mariadb-galera.yaml
@ -17,9 +17,6 @@ spec:
            enabled: true
            serviceMonitor:
              enabled: true
-          istio:
-            enabled: true
-            url: mariadb.dev.mayneinc.com

  destination:
    server: 'https://kubernetes.default.svc'
--- a/charts/kubezero-sql/files/mariadb/my.cnf
+++ b/charts/kubezero-sql/files/mariadb/my.cnf
@ -0,0 +1,124 @@
+[client]
+port=3306
+socket=/opt/bitnami/mariadb/tmp/mysql.sock
+plugin_dir=/opt/bitnami/mariadb/plugin
+
+[mysqld]
+default_storage_engine=InnoDB
+basedir=/opt/bitnami/mariadb
+datadir=/bitnami/mariadb/data
+plugin_dir=/opt/bitnami/mariadb/plugin
+tmpdir=/opt/bitnami/mariadb/tmp
+socket=/opt/bitnami/mariadb/tmp/mysql.sock
+pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
+bind_address=0.0.0.0
+
+## Character set
+##
+collation_server=utf8_unicode_ci
+init_connect='SET NAMES utf8'
+character_set_server=utf8
+
+## MyISAM
+##
+key_buffer_size=32M
+myisam_recover_options=FORCE,BACKUP
+
+## Safety
+##
+skip_host_cache
+skip_name_resolve
+max_allowed_packet=16M
+max_connect_errors=1000000
+sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
+sysdate_is_now=1
+
+## Binary Logging
+##
+log_bin=mysql-bin
+expire_logs_days=14
+# Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
+sync_binlog=0
+# Required for Galera
+binlog_format=row
+
+## Caches and Limits
+##
+tmp_table_size=32M
+max_heap_table_size=32M
+# Re-enabling as now works with Maria 10.1.2
+query_cache_type=1
+query_cache_limit=4M
+query_cache_size=256M
+max_connections=500
+thread_cache_size=50
+open_files_limit=65535
+table_definition_cache=4096
+table_open_cache=4096
+
+## InnoDB
+##
+innodb=FORCE
+innodb_strict_mode=1
+# Mandatory per https://github.com/codership/documentation/issues/25
+innodb_autoinc_lock_mode=2
+# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+innodb_doublewrite=1
+innodb_flush_method=O_DIRECT
+innodb_log_files_in_group=2
+innodb_log_file_size=128M
+innodb_flush_log_at_trx_commit=1
+innodb_file_per_table=1
+# 80% Memory is default reco.
+# Need to re-evaluate when DB size grows
+innodb_buffer_pool_size=2G
+innodb_file_format=Barracuda
+
+## Logging
+##
+log_error=/opt/bitnami/mariadb/logs/mysqld.log
+slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
+log_queries_not_using_indexes=0
+slow_query_log=1
+
+## SSL
+## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
+# ssl_ca=/certs/ca.pem
+# ssl_cert=/certs/server-cert.pem
+# ssl_key=/certs/server-key.pem
+
+[galera]
+wsrep_on=ON
+wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
+wsrep_sst_method=mariabackup
+wsrep_slave_threads=4
+wsrep_cluster_address=gcomm://
+wsrep_cluster_name=galera
+wsrep_sst_auth="root:"
+# Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
+innodb_flush_log_at_trx_commit=2
+# MYISAM REPLICATION SUPPORT #
+wsrep_replicate_myisam=ON
+
+[mariadb]
+plugin_load_add=auth_pam
+
+## Data-at-Rest Encryption
+## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
+# plugin_load_add=file_key_management
+# file_key_management_filename=/encryption/keyfile.enc
+# file_key_management_filekey=FILE:/encryption/keyfile.key
+# file_key_management_encryption_algorithm=AES_CTR
+# encrypt_binlog=ON
+# encrypt_tmp_files=ON
+
+## InnoDB/XtraDB Encryption
+# innodb_encrypt_tables=ON
+# innodb_encrypt_temporary_tables=ON
+# innodb_encrypt_log=ON
+# innodb_encryption_threads=4
+# innodb_encryption_rotate_key_age=1
+
+## Aria Encryption
+# aria_encrypt_tables=ON
+# encrypt_tmp_disk_tables=ON
--- a/charts/kubezero-sql/templates/mariadb/mycnf-cm.yaml
+++ b/charts/kubezero-sql/templates/mariadb/mycnf-cm.yaml
@ -0,0 +1,9 @@
+{{- if index .Values "mariadb-galera" "enabled" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-mariadb-galera-configuration
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+data:
+{{ (.Files.Glob "files/mariadb/my.cnf").AsConfig | indent 2 }}
+{{- end }}
--- a/charts/kubezero-sql/values.yaml
+++ b/charts/kubezero-sql/values.yaml
@ -25,3 +25,5 @@ mariadb-galera:
    enabled: false
    gateway: istio-ingress/private-ingressgateway
    url: mariadb.example.com
+
+  configurationConfigMap: "{{ .Release.Name }}-mariadb-galera-configuration"