2018-09-04 10:51:13 -05:00
|
|
|
{{/*
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/}}
|
|
|
|
|
2019-10-04 10:22:44 -05:00
|
|
|
{{- define "mariadbReadinessProbe" }}
|
|
|
|
exec:
|
|
|
|
command:
|
|
|
|
- /tmp/readiness.sh
|
|
|
|
{{- end }}
|
|
|
|
|
|
|
|
|
2018-09-04 10:51:13 -05:00
|
|
|
{{- if .Values.manifests.statefulset }}
|
|
|
|
{{- $envAll := . }}
|
|
|
|
|
2018-09-22 12:18:16 -05:00
|
|
|
{{- $serviceAccountName := printf "%s-%s" .Release.Name "mariadb" }}
|
2018-09-04 10:51:13 -05:00
|
|
|
{{ tuple $envAll "mariadb" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
|
|
---
|
2019-12-16 23:21:57 -06:00
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
2018-09-22 12:18:16 -05:00
|
|
|
kind: Role
|
|
|
|
metadata:
|
|
|
|
name: {{ $serviceAccountName }}
|
|
|
|
namespace: {{ $envAll.Release.Namespace }}
|
|
|
|
rules:
|
|
|
|
- apiGroups:
|
|
|
|
- ""
|
|
|
|
resources:
|
|
|
|
- configmaps
|
|
|
|
verbs:
|
|
|
|
- create
|
|
|
|
- apiGroups:
|
|
|
|
- ""
|
|
|
|
resourceNames:
|
|
|
|
- {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }}
|
|
|
|
resources:
|
|
|
|
- configmaps
|
|
|
|
verbs:
|
|
|
|
- get
|
|
|
|
- patch
|
|
|
|
- apiGroups:
|
|
|
|
- ""
|
|
|
|
resourceNames:
|
|
|
|
- {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
|
|
resources:
|
|
|
|
- endpoints
|
|
|
|
verbs:
|
|
|
|
- get
|
|
|
|
---
|
2019-12-16 23:21:57 -06:00
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
2018-09-22 12:18:16 -05:00
|
|
|
kind: RoleBinding
|
|
|
|
metadata:
|
|
|
|
name: {{ $serviceAccountName }}
|
|
|
|
namespace: {{ $envAll.Release.Namespace }}
|
|
|
|
roleRef:
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
kind: Role
|
|
|
|
name: {{ $serviceAccountName }}
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: {{ $serviceAccountName }}
|
|
|
|
namespace: {{ $envAll.Release.Namespace }}
|
|
|
|
---
|
2018-09-04 10:51:13 -05:00
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: StatefulSet
|
|
|
|
metadata:
|
|
|
|
# NOTE(portdirect): the statefulset name must match the POD_NAME_PREFIX env var for discovery to work
|
|
|
|
name: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
2018-09-12 08:07:19 -06:00
|
|
|
annotations:
|
|
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
2018-09-22 12:18:16 -05:00
|
|
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
|
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
2019-03-12 11:37:37 -05:00
|
|
|
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
2019-03-29 11:43:54 -05:00
|
|
|
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
2018-09-04 10:51:13 -05:00
|
|
|
labels:
|
|
|
|
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
|
|
spec:
|
|
|
|
serviceName: "{{ tuple "oslo_db" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}"
|
|
|
|
podManagementPolicy: "Parallel"
|
|
|
|
replicas: {{ .Values.pod.replicas.server }}
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
2018-09-22 12:18:16 -05:00
|
|
|
annotations:
|
2019-02-12 11:00:14 -06:00
|
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
2018-09-22 12:18:16 -05:00
|
|
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
|
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
2019-03-29 11:43:54 -05:00
|
|
|
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
|
|
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
2020-05-12 11:37:24 -05:00
|
|
|
{{ dict "envAll" $envAll "podName" "mariadb-server" "containerNames" (list "init" "mariadb-perms" "mariadb") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
2018-09-04 10:51:13 -05:00
|
|
|
spec:
|
2018-12-08 16:16:11 -06:00
|
|
|
shareProcessNamespace: true
|
2018-09-04 10:51:13 -05:00
|
|
|
serviceAccountName: {{ $serviceAccountName }}
|
2019-04-03 16:09:47 -05:00
|
|
|
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
2018-09-04 10:51:13 -05:00
|
|
|
affinity:
|
|
|
|
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
|
|
nodeSelector:
|
|
|
|
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
|
|
|
|
initContainers:
|
|
|
|
{{ tuple $envAll "mariadb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
|
|
{{- if .Values.volume.chown_on_start }}
|
|
|
|
- name: mariadb-perms
|
|
|
|
{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.image" | indent 10 }}
|
2019-04-03 16:09:47 -05:00
|
|
|
{{ dict "envAll" $envAll "application" "server" "container" "perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
2018-09-04 10:51:13 -05:00
|
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
|
|
command:
|
|
|
|
- chown
|
|
|
|
- -R
|
|
|
|
- "mysql:mysql"
|
|
|
|
- /var/lib/mysql
|
|
|
|
volumeMounts:
|
2019-04-20 07:58:42 -05:00
|
|
|
- name: pod-tmp
|
|
|
|
mountPath: /tmp
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mysql-data
|
|
|
|
mountPath: /var/lib/mysql
|
|
|
|
{{- end }}
|
|
|
|
containers:
|
|
|
|
- name: mariadb
|
|
|
|
{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.image" | indent 10 }}
|
2019-04-03 16:09:47 -05:00
|
|
|
{{ dict "envAll" $envAll "application" "server" "container" "mariadb" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
2018-09-04 10:51:13 -05:00
|
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
|
|
env:
|
2018-09-22 12:18:16 -05:00
|
|
|
- name: POD_NAMESPACE
|
2018-09-04 10:51:13 -05:00
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
2018-09-22 12:18:16 -05:00
|
|
|
fieldPath: metadata.namespace
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: MARIADB_REPLICAS
|
|
|
|
value: {{ .Values.pod.replicas.server | quote }}
|
|
|
|
- name: POD_NAME_PREFIX
|
|
|
|
value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
2018-09-22 12:18:16 -05:00
|
|
|
- name: DISCOVERY_DOMAIN
|
|
|
|
value: {{ tuple "oslo_db" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
|
|
|
- name: DIRECT_SVC_NAME
|
|
|
|
value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
|
|
- name: WSREP_PORT
|
|
|
|
value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
|
|
|
|
- name: STATE_CONFIGMAP
|
|
|
|
value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }}
|
2018-10-29 16:55:31 +00:00
|
|
|
- name: MYSQL_DBADMIN_USERNAME
|
|
|
|
value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
|
|
|
|
- name: MYSQL_DBADMIN_PASSWORD
|
2018-09-04 10:51:13 -05:00
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
2018-10-29 16:55:31 +00:00
|
|
|
name: mariadb-dbadmin-password
|
|
|
|
key: MYSQL_DBADMIN_PASSWORD
|
2019-03-29 11:43:54 -05:00
|
|
|
- name: MYSQL_DBSST_USERNAME
|
|
|
|
value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
|
|
|
|
- name: MYSQL_DBSST_PASSWORD
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: mariadb-dbsst-password
|
|
|
|
key: MYSQL_DBSST_PASSWORD
|
2020-01-28 17:04:58 +00:00
|
|
|
{{- if .Values.manifests.secret_dbaudit_password }}
|
2020-01-17 22:29:27 +00:00
|
|
|
- name: MYSQL_DBAUDIT_USERNAME
|
|
|
|
value: {{ .Values.endpoints.oslo_db.auth.audit.username }}
|
|
|
|
- name: MYSQL_DBAUDIT_PASSWORD
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: mariadb-dbaudit-password
|
|
|
|
key: MYSQL_DBAUDIT_PASSWORD
|
|
|
|
{{- end }}
|
2018-09-04 10:51:13 -05:00
|
|
|
ports:
|
|
|
|
- name: mysql
|
|
|
|
protocol: TCP
|
|
|
|
containerPort: {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
|
|
- name: wsrep
|
|
|
|
protocol: TCP
|
|
|
|
containerPort: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
|
|
command:
|
2018-09-22 12:18:16 -05:00
|
|
|
- /tmp/start.py
|
2018-09-04 10:51:13 -05:00
|
|
|
lifecycle:
|
|
|
|
preStop:
|
|
|
|
exec:
|
|
|
|
command:
|
|
|
|
- /tmp/stop.sh
|
2020-05-13 07:23:25 -05:00
|
|
|
{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
|
2018-09-04 10:51:13 -05:00
|
|
|
volumeMounts:
|
2019-04-20 07:58:42 -05:00
|
|
|
- name: pod-tmp
|
2019-04-03 16:09:47 -05:00
|
|
|
mountPath: /tmp
|
|
|
|
- name: var-run
|
|
|
|
mountPath: /var/run/mysqld
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mycnfd
|
|
|
|
mountPath: /etc/mysql/conf.d
|
|
|
|
- name: mariadb-bin
|
2018-09-22 12:18:16 -05:00
|
|
|
mountPath: /tmp/start.py
|
|
|
|
subPath: start.py
|
2018-09-04 10:51:13 -05:00
|
|
|
readOnly: true
|
|
|
|
- name: mariadb-bin
|
|
|
|
mountPath: /tmp/stop.sh
|
|
|
|
subPath: stop.sh
|
|
|
|
readOnly: true
|
|
|
|
- name: mariadb-bin
|
|
|
|
mountPath: /tmp/readiness.sh
|
|
|
|
subPath: readiness.sh
|
|
|
|
readOnly: true
|
|
|
|
- name: mariadb-etc
|
|
|
|
mountPath: /etc/mysql/my.cnf
|
|
|
|
subPath: my.cnf
|
|
|
|
readOnly: true
|
|
|
|
- name: mariadb-etc
|
|
|
|
mountPath: /etc/mysql/conf.d/00-base.cnf
|
|
|
|
subPath: 00-base.cnf
|
|
|
|
readOnly: true
|
2019-08-21 09:59:54 -05:00
|
|
|
{{- if .Values.conf.database.config_override }}
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mariadb-etc
|
|
|
|
mountPath: /etc/mysql/conf.d/20-override.cnf
|
|
|
|
subPath: 20-override.cnf
|
|
|
|
readOnly: true
|
2019-08-21 09:59:54 -05:00
|
|
|
{{- end }}
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mariadb-etc
|
|
|
|
mountPath: /etc/mysql/conf.d/99-force.cnf
|
|
|
|
subPath: 99-force.cnf
|
|
|
|
readOnly: true
|
|
|
|
- name: mariadb-secrets
|
|
|
|
mountPath: /etc/mysql/admin_user.cnf
|
|
|
|
subPath: admin_user.cnf
|
|
|
|
readOnly: true
|
|
|
|
- name: mysql-data
|
|
|
|
mountPath: /var/lib/mysql
|
|
|
|
volumes:
|
2019-04-20 07:58:42 -05:00
|
|
|
- name: pod-tmp
|
2018-09-04 10:51:13 -05:00
|
|
|
emptyDir: {}
|
2019-04-20 07:58:42 -05:00
|
|
|
- name: mycnfd
|
2019-04-03 16:09:47 -05:00
|
|
|
emptyDir: {}
|
|
|
|
- name: var-run
|
|
|
|
emptyDir: {}
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mariadb-bin
|
|
|
|
configMap:
|
|
|
|
name: mariadb-bin
|
2020-06-16 20:42:10 -05:00
|
|
|
defaultMode: 365
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mariadb-etc
|
|
|
|
configMap:
|
|
|
|
name: mariadb-etc
|
2020-06-16 20:42:10 -05:00
|
|
|
defaultMode: 292
|
2018-09-04 10:51:13 -05:00
|
|
|
- name: mariadb-secrets
|
|
|
|
secret:
|
|
|
|
secretName: mariadb-secrets
|
2020-06-16 20:42:10 -05:00
|
|
|
defaultMode: 292
|
2018-09-04 10:51:13 -05:00
|
|
|
{{- if not .Values.volume.enabled }}
|
|
|
|
- name: mysql-data
|
mysql: set hostpath for mysql-data
There is currently an issue with deploying single
pod mysql clusters in which restarting or killing
the pod will result in a crashloopbackoff.
The mysql data is indeed lost and the start script
(thinking the cluster was alive before
due to the grastate configmap) tries to restore
the cluster instead of bootstrapping it.
Due to this, if the mysql pod is killed or restarted
in the CI, we will lose all the mysql data, will not
recover, and this results in a broken environment.
When volume.use_local_path_for_single_pod.enabled value
is set to true, which we will apply on single node/single
pod testing, this patch will deploy a local volume
for mysql at the location specified under
volume.use_local_path_for_single_pod.host_path
The data will be kept intact in case
there is a pod restart, as it can read the data again,
and recover itself.
When it is false, which is the default for non-CI,
nothing changes, and an empty dir is used. This
data WILL be lost upon restart, so it is advised
to use volumes instead for production purposes,
by setting Values.volume.enabled to true.
task: 28729
Change-Id: I6ec0bd1087eb06b92ced7dc56ff5b6a156aad433
2019-05-17 14:51:15 +02:00
|
|
|
{{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }}
|
2019-05-29 14:06:21 +02:00
|
|
|
hostPath:
|
|
|
|
path: {{ .Values.volume.use_local_path_for_single_pod_cluster.host_path }}
|
|
|
|
type: DirectoryOrCreate
|
mysql: set hostpath for mysql-data
There is currently an issue with deploying single
pod mysql clusters in which restarting or killing
the pod will result in a crashloopbackoff.
The mysql data is indeed lost and the start script
(thinking the cluster was alive before
due to the grastate configmap) tries to restore
the cluster instead of bootstrapping it.
Due to this, if the mysql pod is killed or restarted
in the CI, we will lose all the mysql data, will not
recover, and this results in a broken environment.
When volume.use_local_path_for_single_pod.enabled value
is set to true, which we will apply on single node/single
pod testing, this patch will deploy a local volume
for mysql at the location specified under
volume.use_local_path_for_single_pod.host_path
The data will be kept intact in case
there is a pod restart, as it can read the data again,
and recover itself.
When it is false, which is the default for non-CI,
nothing changes, and an empty dir is used. This
data WILL be lost upon restart, so it is advised
to use volumes instead for production purposes,
by setting Values.volume.enabled to true.
task: 28729
Change-Id: I6ec0bd1087eb06b92ced7dc56ff5b6a156aad433
2019-05-17 14:51:15 +02:00
|
|
|
{{- else }}
|
2018-09-04 10:51:13 -05:00
|
|
|
emptyDir: {}
|
|
|
|
{{- end }}
|
mysql: set hostpath for mysql-data
There is currently an issue with deploying single
pod mysql clusters in which restarting or killing
the pod will result in a crashloopbackoff.
The mysql data is indeed lost and the start script
(thinking the cluster was alive before
due to the grastate configmap) tries to restore
the cluster instead of bootstrapping it.
Due to this, if the mysql pod is killed or restarted
in the CI, we will lose all the mysql data, will not
recover, and this results in a broken environment.
When volume.use_local_path_for_single_pod.enabled value
is set to true, which we will apply on single node/single
pod testing, this patch will deploy a local volume
for mysql at the location specified under
volume.use_local_path_for_single_pod.host_path
The data will be kept intact in case
there is a pod restart, as it can read the data again,
and recover itself.
When it is false, which is the default for non-CI,
nothing changes, and an empty dir is used. This
data WILL be lost upon restart, so it is advised
to use volumes instead for production purposes,
by setting Values.volume.enabled to true.
task: 28729
Change-Id: I6ec0bd1087eb06b92ced7dc56ff5b6a156aad433
2019-05-17 14:51:15 +02:00
|
|
|
{{- end }}
|
2018-09-04 10:51:13 -05:00
|
|
|
{{- if .Values.volume.enabled }}
|
|
|
|
volumeClaimTemplates:
|
|
|
|
- metadata:
|
|
|
|
name: mysql-data
|
|
|
|
spec:
|
2020-06-16 19:55:47 -05:00
|
|
|
accessModes: ["ReadWriteOnce"]
|
2018-09-04 10:51:13 -05:00
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
storage: {{ .Values.volume.size }}
|
|
|
|
storageClassName: {{ .Values.volume.class_name }}
|
|
|
|
{{- end }}
|
|
|
|
{{- end }}
|