diff --git a/charts/kubezero-sql/Chart.yaml b/charts/kubezero-sql/Chart.yaml index dc73439..cdf130e 100644 --- a/charts/kubezero-sql/Chart.yaml +++ b/charts/kubezero-sql/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-sql description: KubeZero umbrella chart for SQL databases like MariaDB, PostgreSQL type: application -version: 0.1.0 +version: 0.1.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -18,5 +18,5 @@ dependencies: - name: mariadb-galera version: 5.8.0 repository: https://charts.bitnami.com/bitnami - condition: mariadb.enabled + condition: mariadb-galera.enabled kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-sql/README.md b/charts/kubezero-sql/README.md index a28e836..f47dde6 100644 --- a/charts/kubezero-sql/README.md +++ b/charts/kubezero-sql/README.md @@ -1,8 +1,8 @@ -# kubezero-mq +# kubezero-sql -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -KubeZero umbrella chart for MQ systems like NATS, RabbitMQ +KubeZero umbrella chart for SQL databases like MariaDB, PostgreSQL **Homepage:** @@ -18,41 +18,33 @@ Kubernetes: `>= 1.18.0` | Repository | Name | Version | |------------|------|---------| -| | nats | 0.8.3 | -| https://charts.bitnami.com/bitnami | rabbitmq | 8.13.1 | +| https://charts.bitnami.com/bitnami | mariadb-galera | 5.8.0 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| nats.enabled | bool | `false` | | -| nats.exporter.serviceMonitor.enabled | bool | `false` | | -| nats.nats.advertise | bool | `false` | | -| nats.nats.image | string | `"nats:2.2.1-alpine3.13"` | | -| nats.nats.jetstream.enabled | bool | `true` | | -| nats.natsbox.enabled | bool | `false` | | -| rabbitmq.auth.erlangCookie | string | `"randomlongerlangcookie"` | | -| rabbitmq.auth.password | string | `"supersecret"` | | -| rabbitmq.auth.tls.enabled | bool | `false` | | -| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | | -| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | | -| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | | -| rabbitmq.clustering.forceBoot | bool | `true` | | -| rabbitmq.enabled | bool | `false` | | -| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS | -| rabbitmq.istio.enabled | bool | `false` | | -| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | -| rabbitmq.metrics.enabled | bool | `false` | | -| rabbitmq.metrics.serviceMonitor.enabled | bool | `false` | | -| rabbitmq.pdb.create | bool | `true` | | -| rabbitmq.podAntiAffinityPreset | string | `""` | | -| rabbitmq.replicaCount | int | `1` | | -| rabbitmq.resources.requests.cpu | string | `"100m"` | | -| rabbitmq.resources.requests.memory | string | `"256Mi"` | | -| rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n topologyKey: topology.kubernetes.io/zone\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n topologyKey: kubernetes.io/hostname\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` | | +| mariadb-galera.configurationConfigMap | string | `"{{ .Release.Name }}-mariadb-galera-configuration"` | | +| mariadb-galera.db.password | string | `"12345qwert"` | | +| mariadb-galera.db.user | string | `"mariadb"` | | +| mariadb-galera.enabled | bool | `true` | | +| mariadb-galera.galera.mariabackup.password | string | `"12345qwert"` | | +| mariadb-galera.istio.enabled | bool | `false` | | +| mariadb-galera.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | +| mariadb-galera.istio.url | string | `"mariadb.example.com"` | | +| mariadb-galera.metrics.enabled | bool | `false` | | +| mariadb-galera.metrics.prometheusRules.enabled | bool | `false` | | +| mariadb-galera.metrics.serviceMonitor.enabled | bool | `false` | | +| mariadb-galera.replicaCount | int | `2` | | +| mariadb-galera.rootUser.password | string | `"12345qwert"` | | + +# Changes + +## MariaDB +- custom my.cnf, source: https://github.com/bitnami/charts/blob/70d602fea38010145c20e1ca59be06e4cf32bf80/bitnami/mariadb-galera/values.yaml#L261 ## Resources -### NATS -- https://grafana.com/grafana/dashboards/13707 +### MariaDB + diff --git a/charts/kubezero-sql/README.md.gotmpl b/charts/kubezero-sql/README.md.gotmpl index 07df9ab..4f8a04b 100644 --- a/charts/kubezero-sql/README.md.gotmpl +++ b/charts/kubezero-sql/README.md.gotmpl @@ -15,6 +15,13 @@ {{ template "chart.valuesSection" . }} +# Changes + +## MariaDB +- custom my.cnf, source: https://github.com/bitnami/charts/blob/70d602fea38010145c20e1ca59be06e4cf32bf80/bitnami/mariadb-galera/values.yaml#L261 + + ## Resources ### MariaDB + diff --git a/charts/kubezero-sql/example-mariadb-galera.yaml b/charts/kubezero-sql/example-mariadb-galera.yaml index bb199be..4c1f882 100644 --- a/charts/kubezero-sql/example-mariadb-galera.yaml +++ b/charts/kubezero-sql/example-mariadb-galera.yaml @@ -17,9 +17,6 @@ spec: enabled: true serviceMonitor: enabled: true - istio: - enabled: true - url: mariadb.dev.mayneinc.com destination: server: 'https://kubernetes.default.svc' diff --git a/charts/kubezero-sql/files/mariadb/my.cnf b/charts/kubezero-sql/files/mariadb/my.cnf new file mode 100644 index 0000000..34c89a0 --- /dev/null +++ b/charts/kubezero-sql/files/mariadb/my.cnf @@ -0,0 +1,124 @@ +[client] +port=3306 +socket=/opt/bitnami/mariadb/tmp/mysql.sock +plugin_dir=/opt/bitnami/mariadb/plugin + +[mysqld] +default_storage_engine=InnoDB +basedir=/opt/bitnami/mariadb +datadir=/bitnami/mariadb/data +plugin_dir=/opt/bitnami/mariadb/plugin +tmpdir=/opt/bitnami/mariadb/tmp +socket=/opt/bitnami/mariadb/tmp/mysql.sock +pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid +bind_address=0.0.0.0 + +## Character set +## +collation_server=utf8_unicode_ci +init_connect='SET NAMES utf8' +character_set_server=utf8 + +## MyISAM +## +key_buffer_size=32M +myisam_recover_options=FORCE,BACKUP + +## Safety +## +skip_host_cache +skip_name_resolve +max_allowed_packet=16M +max_connect_errors=1000000 +sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY +sysdate_is_now=1 + +## Binary Logging +## +log_bin=mysql-bin +expire_logs_days=14 +# Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql +sync_binlog=0 +# Required for Galera +binlog_format=row + +## Caches and Limits +## +tmp_table_size=32M +max_heap_table_size=32M +# Re-enabling as now works with Maria 10.1.2 +query_cache_type=1 +query_cache_limit=4M +query_cache_size=256M +max_connections=500 +thread_cache_size=50 +open_files_limit=65535 +table_definition_cache=4096 +table_open_cache=4096 + +## InnoDB +## +innodb=FORCE +innodb_strict_mode=1 +# Mandatory per https://github.com/codership/documentation/issues/25 +innodb_autoinc_lock_mode=2 +# Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ +innodb_doublewrite=1 +innodb_flush_method=O_DIRECT +innodb_log_files_in_group=2 +innodb_log_file_size=128M +innodb_flush_log_at_trx_commit=1 +innodb_file_per_table=1 +# 80% Memory is default reco. +# Need to re-evaluate when DB size grows +innodb_buffer_pool_size=2G +innodb_file_format=Barracuda + +## Logging +## +log_error=/opt/bitnami/mariadb/logs/mysqld.log +slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log +log_queries_not_using_indexes=0 +slow_query_log=1 + +## SSL +## Use extraVolumes and extraVolumeMounts to mount /certs filesystem +# ssl_ca=/certs/ca.pem +# ssl_cert=/certs/server-cert.pem +# ssl_key=/certs/server-key.pem + +[galera] +wsrep_on=ON +wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so +wsrep_sst_method=mariabackup +wsrep_slave_threads=4 +wsrep_cluster_address=gcomm:// +wsrep_cluster_name=galera +wsrep_sst_auth="root:" +# Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit +innodb_flush_log_at_trx_commit=2 +# MYISAM REPLICATION SUPPORT # +wsrep_replicate_myisam=ON + +[mariadb] +plugin_load_add=auth_pam + +## Data-at-Rest Encryption +## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem +# plugin_load_add=file_key_management +# file_key_management_filename=/encryption/keyfile.enc +# file_key_management_filekey=FILE:/encryption/keyfile.key +# file_key_management_encryption_algorithm=AES_CTR +# encrypt_binlog=ON +# encrypt_tmp_files=ON + +## InnoDB/XtraDB Encryption +# innodb_encrypt_tables=ON +# innodb_encrypt_temporary_tables=ON +# innodb_encrypt_log=ON +# innodb_encryption_threads=4 +# innodb_encryption_rotate_key_age=1 + +## Aria Encryption +# aria_encrypt_tables=ON +# encrypt_tmp_disk_tables=ON diff --git a/charts/kubezero-sql/templates/mariadb/mycnf-cm.yaml b/charts/kubezero-sql/templates/mariadb/mycnf-cm.yaml new file mode 100644 index 0000000..fa326b2 --- /dev/null +++ b/charts/kubezero-sql/templates/mariadb/mycnf-cm.yaml @@ -0,0 +1,9 @@ +{{- if index .Values "mariadb-galera" "enabled" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-mariadb-galera-configuration + labels: {{- include "common.labels.standard" . | nindent 4 }} +data: +{{ (.Files.Glob "files/mariadb/my.cnf").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/kubezero-sql/values.yaml b/charts/kubezero-sql/values.yaml index 7d449c3..7a7ba60 100644 --- a/charts/kubezero-sql/values.yaml +++ b/charts/kubezero-sql/values.yaml @@ -25,3 +25,5 @@ mariadb-galera: enabled: false gateway: istio-ingress/private-ingressgateway url: mariadb.example.com + + configurationConfigMap: "{{ .Release.Name }}-mariadb-galera-configuration"