Skip to content

C
charts
Commit d55e781e by Guangbo Chen Committed by Guangbo
Options

Bump mysql to v1.3.1

parent ae742dfe
Showing with 612 additions and 28 deletions
charts/mysql/v1.3.1/.helmignore
.git .git
OWNERS
\ No newline at end of file
charts/mysql/v1.3.1/Chart.yaml
apiVersion: v1
name: mysql name: mysql
version: 0.3.8 version: 1.3.1
appVersion: 5.7.14 appVersion: 5.7.14
description: Fast, reliable, scalable, and easy to use open-source relational database description: Fast, reliable, scalable, and easy to use open-source relational database
system. system.
...@@ -8,7 +9,7 @@ keywords: ...@@ -8,7 +9,7 @@ keywords:
- database - database
- sql - sql
home: https://www.mysql.com/ home: https://www.mysql.com/
icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png icon: file://../logo-mysql.png
sources: sources:
- https://github.com/kubernetes/charts - https://github.com/kubernetes/charts
- https://github.com/docker-library/mysql - https://github.com/docker-library/mysql
......
charts/mysql/v1.3.1/README.md
...@@ -19,12 +19,23 @@ You can retrieve your root password by running the following command. Make sure ...@@ -19,12 +19,23 @@ You can retrieve your root password by running the following command. Make sure
The following table lists the configurable parameters of the MySQL chart and their default values. The following table lists the configurable parameters of the MySQL chart and their default values.
| Parameter | Description | Default | | Parameter | Description | Default |
| ------------------------------------ | ----------------------------------------- | ---------------------------------------------------- | | -------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
| `imageTag` | `mysql` image tag. | Most recent release | | `args` | Additional arguments to pass to the MySQL container. | `[]` |
| `initContainer.resources` | initContainer resource requests/limits | Memory: `10Mi`, CPU: `10m` |
| `image` | `mysql` image repository. | `mysql` |
| `imageTag` | `mysql` image tag. | `5.7.14` |
| `busybox.image` | `busybox` image repository. | `busybox` |
| `busybox.tag` | `busybox` image tag. | `1.29.3` |
| `testFramework.image` | `test-framework` image repository. | `dduportal/bats` |
| `testFramework.tag` | `test-framework` image tag. | `0.4.0` |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` | | `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `mysqlRootPassword` | Password for the `root` user. | `nil` | | `existingSecret` | Use Existing secret for Password details | `nil` |
| `extraVolumes` | Additional volumes as a string to be passed to the `tpl` function | |
| `extraVolumeMounts` | Additional volumeMounts as a string to be passed to the `tpl` function | |
| `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | |
| `mysqlRootPassword` | Password for the `root` user. Ignored if existing secret is provided | Random 10 characters |
| `mysqlUser` | Username of new user to create. | `nil` | | `mysqlUser` | Username of new user to create. | `nil` |
| `mysqlPassword` | Password for the new user. | `nil` | | `mysqlPassword` | Password for the new user. Ignored if existing secret is provided | Random 10 characters |
| `mysqlDatabase` | Name for new database to create. | `nil` | | `mysqlDatabase` | Name for new database to create. | `nil` |
| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | | `livenessProbe.periodSeconds` | How often to perform the probe | 10 |
...@@ -36,15 +47,50 @@ The following table lists the configurable parameters of the MySQL chart and the ...@@ -36,15 +47,50 @@ The following table lists the configurable parameters of the MySQL chart and the
| `readinessProbe.timeoutSeconds` | When the probe times out | 1 | | `readinessProbe.timeoutSeconds` | When the probe times out | 1 |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | | `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 | | `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `persistence.enabled` | Create a volume to store data | true | | `persistence.enabled` | Create a volume to store data | true |
| `persistence.size` | Size of persistent volume claim | 8Gi RW | | `persistence.size` | Size of persistent volume claim | 8Gi RW |
| `nodeSelector` | Node labels for pod assignment | {} | | `persistence.storageClass` | Type of persistent volume claim | nil |
| `persistence.storageClass` | Type of persistent volume claim | nil (uses alpha storage class annotation) |
| `persistence.accessMode` | ReadWriteOnce or ReadOnly | ReadWriteOnce | | `persistence.accessMode` | ReadWriteOnce or ReadOnly | ReadWriteOnce |
| `persistence.existingClaim` | Name of existing persistent volume | `nil` | | `persistence.existingClaim` | Name of existing persistent volume | `nil` |
| `persistence.subPath` | Subdirectory of the volume to mount | `nil` | | `persistence.subPath` | Subdirectory of the volume to mount | `nil` |
| `persistence.annotations` | Persistent Volume annotations | {} |
| `nodeSelector` | Node labels for pod assignment | {} |
| `tolerations` | Pod taint tolerations for deployment | {} |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image` | Exporter image | `prom/mysqld-exporter` |
| `metrics.imageTag` | Exporter image | `v0.10.0` |
| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.resources` | Exporter resource requests/limit | `nil` |
| `metrics.livenessProbe.initialDelaySeconds` | Delay before metrics liveness probe is initiated | 15 |
| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 |
| `metrics.readinessProbe.initialDelaySeconds` | Delay before metrics readiness probe is initiated | 5 |
| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 1 |
| `metrics.flags` | Additional flags for the mysql exporter to use | `[]` |
| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` | | `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` |
| `configurationFiles` | List of mysql configuration files | `nil` | | `configurationFiles` | List of mysql configuration files | `nil` |
| `configurationFilesPath` | Path of mysql configuration files | `/etc/mysql/conf.d/` |
| `securityContext.enabled` | Enable security context (mysql pod) | `false` |
| `securityContext.fsGroup` | Group ID for the container (mysql pod) | 999 |
| `securityContext.runAsUser` | User ID for the container (mysql pod) | 999 |
| `service.annotations` | Kubernetes annotations for mysql | {} |
| `service.type` | Kubernetes service type | ClusterIP |
| `service.loadBalancerIP` | LoadBalancer service IP | `""` |
| `ssl.enabled` | Setup and use SSL for MySQL connections | `false` |
| `ssl.secret` | Name of the secret containing the SSL certificates | mysql-ssl-certs |
| `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | `nil` |
| `ssl.certificates[0].ca` | CA certificate | `nil` |
| `ssl.certificates[0].cert` | Server certificate (public key) | `nil` |
| `ssl.certificates[0].key` | Server key (private key) | `nil` |
| `imagePullSecrets` | Name of Secret resource containing private registry credentials | `nil` |
| `initializationFiles` | List of SQL files which are run after the container started | `nil` |
| `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) |
| `podAnnotations` | Map of annotations to add to the pods | `{}` |
| `podLabels` | Map of labels to add to the pods | `{}` |
| `priorityClassName` | Set pod priorityClassName | `{}` |
| `deploymentAnnotations` | Map of annotations for deployment | `{}` |
Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/). Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/).
...@@ -75,6 +121,8 @@ you can change the values.yaml to disable persistence and use an emptyDir instea ...@@ -75,6 +121,8 @@ you can change the values.yaml to disable persistence and use an emptyDir instea
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
**Notice**: You may need to increase the value of `livenessProbe.initialDelaySeconds` when enabling persistence by using PersistentVolumeClaim from PersistentVolume with varying properties. Since its IO performance has impact on the database initialization performance. The default limit for database initialization is `60` seconds (`livenessProbe.initialDelaySeconds` + `livenessProbe.periodSeconds` * `livenessProbe.failureThreshold`). Once such initialization process takes more time than this limit, kubelet will restart the database container, which will interrupt database initialization then causing persisent data in an unusable state.
## Custom MySQL configuration files ## Custom MySQL configuration files
The [MySQL](https://hub.docker.com/_/mysql/) image accepts custom configuration files at the path `/etc/mysql/conf.d`. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the `configurationFiles` attribute. Note that according to the MySQL documentation only files ending with `.cnf` are loaded. The [MySQL](https://hub.docker.com/_/mysql/) image accepts custom configuration files at the path `/etc/mysql/conf.d`. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the `configurationFiles` attribute. Note that according to the MySQL documentation only files ending with `.cnf` are loaded.
...@@ -89,3 +137,75 @@ configurationFiles: ...@@ -89,3 +137,75 @@ configurationFiles:
mysql_custom.cnf: |- mysql_custom.cnf: |-
[mysqld] [mysqld]
``` ```
## MySQL initialization files
The [MySQL](https://hub.docker.com/_/mysql/) image accepts *.sh, *.sql and *.sql.gz files at the path `/docker-entrypoint-initdb.d`.
These files are being run exactly once for container initialization and ignored on following container restarts.
If you want to use initialization scripts, you can create initialization files by passing the file contents on the `initializationFiles` attribute.
```yaml
initializationFiles:
first-db.sql: |-
CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
second-db.sql: |-
CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
```
## SSL
This chart supports configuring MySQL to use [encrypted connections](https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html) with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases:
* Manage certificate secrets with helm
* Manage certificate secrets outside of helm
## Manage certificate secrets with helm
Include your certificate data in the `ssl.certificates` section. For example:
```
ssl:
enabled: false
secret: mysql-ssl-certs
certificates:
- name: mysql-ssl-certs
ca: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |-
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
```
> **Note**: Make sure your certificate data has the correct formatting in the values file.
## Manage certificate secrets outside of helm
1. Ensure the certificate secret exist before installation of this chart.
2. Set the name of the certificate secret in `ssl.secret`.
3. Make sure there are no entries underneath `ssl.certificates`.
To manually create the certificate secret from local files you can execute:
```
kubectl create secret generic mysql-ssl-certs \
--from-file=ca.pem=./ssl/certificate-authority.pem \
--from-file=server-cert.pem=./ssl/server-public-key.pem \
--from-file=server-key.pem=./ssl/server-private-key.pem
```
> **Note**: `ca.pem`, `server-cert.pem`, and `server-key.pem` **must** be used as the key names in this generic secret.
If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld]
```
[mysqld]
ssl-ca=/ssl/ca.pem
ssl-cert=/ssl/server-cert.pem
ssl-key=/ssl/server-key.pem
```
charts/mysql/v1.3.1/questions.yml
labels:
io.cattle.role: project # options are cluster/project
categories: categories:
- Database - Database
- MySQL - MySQL
questions: questions:
- variable: defaultImage - variable: defaultImage
default: "true" default: true
description: "Use default Docker images" description: "Use default Docker images"
label: Use Default Images label: Use Default Images
type: boolean type: boolean
...@@ -11,15 +13,25 @@ questions: ...@@ -11,15 +13,25 @@ questions:
group: "Container Images" group: "Container Images"
subquestions: subquestions:
- variable: image - variable: image
default: "mysql" default: "ranchercharts/mysql"
description: "Docker image name" description: "MySQL image name"
type: string type: string
label: Image Name label: Image Name
- variable: imageTag - variable: imageTag
default: "5.7.14" default: "5.7.14"
description: "Docker image tag" description: "MySQL image tag"
type: string type: string
label: Image Tag label: Image Tag
- variable: busybox.image
default: "ranchercharts/busybox"
description: "Busybox image name"
type: string
label: Image Image Name
- variable: busybox.tag
default: "1.29.3"
description: "Busybox image tag"
type: string
label: Busybox Image Tag
- variable: mysqlDatabase - variable: mysqlDatabase
default: "admin" default: "admin"
description: "Name of database to create" description: "Name of database to create"
...@@ -60,6 +72,11 @@ questions: ...@@ -60,6 +72,11 @@ questions:
description: "If undefined or null, uses the default StorageClass. Defaults to null." description: "If undefined or null, uses the default StorageClass. Defaults to null."
type: storageclass type: storageclass
label: Default storageClass label: Default storageClass
- variable: persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for mysql
- variable: service.port - variable: service.port
default: "3306" default: "3306"
description: "Service port for access to MySQL" description: "Service port for access to MySQL"
...@@ -86,3 +103,16 @@ questions: ...@@ -86,3 +103,16 @@ questions:
min: 30000 min: 30000
max: 32767 max: 32767
label: Service NodePort number label: Service NodePort number
- variable: metrics.enabled
default: false
description: "Enable mysql prometheus metrics exporter"
label: Enable MySQL Metrics
type: boolean
show_subquestion_if: true
group: "Metrics"
subquestions:
- variable: metrics.serviceMonitor.enabled
default: false
description: "Set this to `true` to create ServiceMonitor for Prometheus operator"
type: boolean
label: Create MySQL ServiceMonitor for Prometheus Operator
charts/mysql/v1.3.1/templates/NOTES.txt
MySQL can be accessed via port 3306 on the following DNS name from within your cluster: MySQL can be accessed via port 3306 on the following DNS name from within your cluster:
{{ template "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local {{ template "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- if .Values.existingSecret }}
If you have not already created the mysql password secret:
kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./mysql-root-password --from-file=./mysql-password
{{ else }}
To get your root password run: To get your root password run:
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo) MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
{{- end }}
To connect to your database: To connect to your database:
...@@ -25,11 +32,10 @@ To connect to your database directly from outside the K8s cluster: ...@@ -25,11 +32,10 @@ To connect to your database directly from outside the K8s cluster:
{{- else if contains "ClusterIP" .Values.service.type }} {{- else if contains "ClusterIP" .Values.service.type }}
MYSQL_HOST=127.0.0.1 MYSQL_HOST=127.0.0.1
MYSQL_PORT={{ default "3306" .Values.service.port }} MYSQL_PORT={{ .Values.service.port }}
# Execute the following commands to route the connection: # Execute the following command to route the connection:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "mysql.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward svc/{{ template "mysql.fullname" . }} {{ .Values.service.port }}
kubectl port-forward $POD_NAME {{ default "3306" .Values.service.port }}:{{ default "3306" .Values.service.port }}
{{- end }} {{- end }}
......
charts/mysql/v1.3.1/templates/_helpers.tpl
...@@ -9,8 +9,24 @@ Expand the name of the chart. ...@@ -9,8 +9,24 @@ Expand the name of the chart.
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "mysql.fullname" -}} {{- define "mysql.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}} {{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{- end -}}
{{- end -}}
{{/*
Generate chart secret name
*/}}
{{- define "mysql.secretName" -}}
{{ default (include "mysql.fullname" .) .Values.existingSecret }}
{{- end -}}
\ No newline at end of file
charts/mysql/v1.3.1/templates/configmap.yaml charts/mysql/v1.3.1/templates/configurationFiles-configmap.yaml
...@@ -2,7 +2,8 @@ ...@@ -2,7 +2,8 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}-configuration
namespace: {{ .Release.Namespace }}
data: data:
{{- range $key, $val := .Values.configurationFiles }} {{- range $key, $val := .Values.configurationFiles }}
{{ $key }}: |- {{ $key }}: |-
......
charts/mysql/v1.3.1/templates/deployment.yaml
apiVersion: apps/v1beta1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
{{- with .Values.deploymentAnnotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec: spec:
selector:
matchLabels:
app: {{ template "mysql.fullname" . }}
template: template:
metadata: metadata:
labels: labels:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec: spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
initContainers: initContainers:
- name: "remove-lost-found" - name: "remove-lost-found"
image: "busybox:1.25.0" image: "{{ .Values.busybox.image}}:{{ .Values.busybox.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
resources:
{{ toYaml .Values.initContainer.resources | indent 10 }}
command: ["rm", "-fr", "/var/lib/mysql/lost+found"] command: ["rm", "-fr", "/var/lib/mysql/lost+found"]
volumeMounts: volumeMounts:
- name: data - name: data
...@@ -24,40 +57,59 @@ spec: ...@@ -24,40 +57,59 @@ spec:
{{- if .Values.persistence.subPath }} {{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }}
{{- end }} {{- end }}
{{- if .Values.extraInitContainers }}
{{ tpl .Values.extraInitContainers . | indent 6 }}
{{- end }}
{{- if .Values.nodeSelector }} {{- if .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }} {{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }} {{- end }}
{{- with .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
{{ toYaml . | indent 8 }} {{ toYaml .Values.tolerations | indent 8 }}
{{- end }} {{- end }}
containers: containers:
- name: {{ template "mysql.fullname" . }} - name: {{ template "mysql.fullname" . }}
image: "{{ .Values.image }}:{{ .Values.imageTag }}" image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
{{- with .Values.args }}
args:
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
env: env:
{{- if .Values.mysqlAllowEmptyPassword }} {{- if .Values.mysqlAllowEmptyPassword }}
- name: MYSQL_ALLOW_EMPTY_PASSWORD - name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "true" value: "true"
{{- else }} {{- end }}
- name: MYSQL_ROOT_PASSWORD - name: MYSQL_ROOT_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.secretName" . }}
key: mysql-root-password key: mysql-root-password
{{- if .Values.mysqlAllowEmptyPassword }}
optional: true
{{- end }}
- name: MYSQL_PASSWORD - name: MYSQL_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.secretName" . }}
key: mysql-password key: mysql-password
{{- if or .Values.mysqlAllowEmptyPassword (empty .Values.mysqlUser) }}
optional: true
{{- end }} {{- end }}
- name: MYSQL_USER - name: MYSQL_USER
value: {{ default "" .Values.mysqlUser | quote }} value: {{ default "" .Values.mysqlUser | quote }}
- name: MYSQL_DATABASE - name: MYSQL_DATABASE
value: {{ default "" .Values.mysqlDatabase | quote }} value: {{ default "" .Values.mysqlDatabase | quote }}
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone }}
{{- end }}
ports: ports:
- name: mysql - name: mysql
containerPort: 3306 containerPort: 3306
...@@ -100,14 +152,80 @@ spec: ...@@ -100,14 +152,80 @@ spec:
subPath: {{ .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }}
{{- end }} {{- end }}
{{- if .Values.configurationFiles }} {{- if .Values.configurationFiles }}
{{- range $key, $val := .Values.configurationFiles }}
- name: configurations - name: configurations
mountPath: /etc/mysql/conf.d mountPath: {{ $.Values.configurationFilesPath }}{{ $key }}
subPath: {{ $key }}
{{- end -}}
{{- end }}
{{- if .Values.initializationFiles }}
- name: migrations
mountPath: /docker-entrypoint-initdb.d
{{- end }}
{{- if .Values.ssl.enabled }}
- name: certificates
mountPath: /ssl
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ tpl .Values.extraVolumeMounts . | indent 8 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
imagePullPolicy: {{ .Values.metrics.imagePullPolicy | quote }}
{{- if .Values.mysqlAllowEmptyPassword }}
command:
- 'sh'
- '-c'
- 'DATA_SOURCE_NAME="root@(localhost:3306)/" /bin/mysqld_exporter'
{{- else }}
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mysql.secretName" . }}
key: mysql-root-password
command:
- 'sh'
- '-c'
- 'DATA_SOURCE_NAME="root:$MYSQL_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter'
{{- end }}
{{- range $f := .Values.metrics.flags }}
- {{ $f | quote }}
{{- end }}
ports:
- name: metrics
containerPort: 9104
livenessProbe:
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
readinessProbe:
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.metrics.resources | indent 10 }}
{{- end }} {{- end }}
volumes: volumes:
{{- if .Values.configurationFiles }} {{- if .Values.configurationFiles }}
- name: configurations - name: configurations
configMap: configMap:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}-configuration
{{- end }}
{{- if .Values.initializationFiles }}
- name: migrations
configMap:
name: {{ template "mysql.fullname" . }}-initialization
{{- end }}
{{- if .Values.ssl.enabled }}
- name: certificates
secret:
secretName: {{ .Values.ssl.secret }}
{{- end }} {{- end }}
- name: data - name: data
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
...@@ -116,3 +234,6 @@ spec: ...@@ -116,3 +234,6 @@ spec:
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end -}} {{- end -}}
{{- if .Values.extraVolumes }}
{{ tpl .Values.extraVolumes . | indent 6 }}
{{- end }}
charts/mysql/v1.3.1/templates/initializationFiles-configmap.yaml 0 → 100644
{{- if .Values.initializationFiles }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "mysql.fullname" . }}-initialization
namespace: {{ .Release.Namespace }}
data:
{{- range $key, $val := .Values.initializationFiles }}
{{ $key }}: |-
{{ $val | indent 4}}
{{- end }}
{{- end -}}
\ No newline at end of file
charts/mysql/v1.3.1/templates/pvc.yaml
...@@ -3,6 +3,11 @@ kind: PersistentVolumeClaim ...@@ -3,6 +3,11 @@ kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels: labels:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
......
charts/mysql/v1.3.1/templates/secrets.yaml
{{- if not .Values.existingSecret }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
...@@ -19,3 +21,25 @@ data: ...@@ -19,3 +21,25 @@ data:
{{ else }} {{ else }}
mysql-password: {{ randAlphaNum 10 | b64enc | quote }} mysql-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }} {{ end }}
{{- if .Values.ssl.enabled }}
{{ if .Values.ssl.certificates }}
{{- range .Values.ssl.certificates }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
labels:
app: {{ template "mysql.fullname" $ }}
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}"
type: Opaque
data:
ca.pem: {{ .ca | b64enc }}
server-cert.pem: {{ .cert | b64enc }}
server-key.pem: {{ .key | b64enc }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
charts/mysql/v1.3.1/templates/servicemonitor.yaml 0 → 100644
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "mysql.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ include "mysql.fullname" . }}
release: {{ .Release.Name }}
{{- end }}
charts/mysql/v1.3.1/templates/svc.yaml
...@@ -2,13 +2,24 @@ apiVersion: v1 ...@@ -2,13 +2,24 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "mysql.fullname" . }} name: {{ template "mysql.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
annotations:
{{- if .Values.service.annotations }}
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
{{- if and (.Values.metrics.enabled) (.Values.metrics.annotations) }}
{{ toYaml .Values.metrics.annotations | indent 4 }}
{{- end }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports: ports:
- name: mysql - name: mysql
port: {{ .Values.service.port }} port: {{ .Values.service.port }}
...@@ -16,5 +27,10 @@ spec: ...@@ -16,5 +27,10 @@ spec:
{{- if .Values.service.nodePort }} {{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }} nodePort: {{ .Values.service.nodePort }}
{{- end }} {{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
port: 9104
targetPort: metrics
{{- end }}
selector: selector:
app: {{ template "mysql.fullname" . }} app: {{ template "mysql.fullname" . }}
charts/mysql/v1.3.1/templates/tests/test-configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "mysql.fullname" . }}-test
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
data:
run.sh: |-
{{- if .Values.ssl.enabled | and .Values.mysqlRootPassword }}
@test "Testing SSL MySQL Connection" {
mysql --host={{ template "mysql.fullname" . }} --port={{ .Values.service.port | default "3306" }} --ssl-cert=/ssl/server-cert.pem --ssl-key=ssl/server-key.pem -u root -p{{ .Values.mysqlRootPassword }}
}
{{- else if .Values.mysqlRootPassword }}
@test "Testing MySQL Connection" {
mysql --host={{ template "mysql.fullname" . }} --port={{ .Values.service.port | default "3306" }} -u root -p{{ .Values.mysqlRootPassword }}
}
{{- end }}
charts/mysql/v1.3.1/templates/tests/test.yaml 0 → 100644
apiVersion: v1
kind: Pod
metadata:
name: {{ template "mysql.fullname" . }}-test
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "mysql.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
annotations:
"helm.sh/hook": test-success
spec:
initContainers:
- name: test-framework
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: {{ .Release.Name }}-test
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
{{- if .Values.ssl.enabled }}
- name: certificates
mountPath: /ssl
{{- end }}
volumes:
- name: tests
configMap:
name: {{ template "mysql.fullname" . }}-test
- name: tools
emptyDir: {}
{{- if .Values.ssl.enabled }}
- name: certificates
secret:
secretName: {{ .Values.ssl.secret }}
{{- end }}
restartPolicy: Never
charts/mysql/v1.3.1/values.yaml
## mysql image version ## mysql image version
## ref: https://hub.docker.com/r/library/mysql/tags/ ## ref: https://hub.docker.com/r/library/mysql/tags/
## ##
image: "mysql" image: "ranchercharts/mysql"
imageTag: "5.7.14" imageTag: "5.7.14"
busybox:
image: "ranchercharts/busybox"
tag: "1.29.3"
testFramework:
image: "ranchercharts/dduportal-bats"
tag: "0.4.0"
## Specify password for root user ## Specify password for root user
## ##
## Default: random 10 character string ## Default: random 10 character string
...@@ -12,6 +20,7 @@ imageTag: "5.7.14" ...@@ -12,6 +20,7 @@ imageTag: "5.7.14"
## Create a database user ## Create a database user
## ##
# mysqlUser: # mysqlUser:
## Default: random 10 character string
# mysqlPassword: # mysqlPassword:
## Allow unauthenticated access, uncomment to enable ## Allow unauthenticated access, uncomment to enable
...@@ -28,9 +37,38 @@ imageTag: "5.7.14" ...@@ -28,9 +37,38 @@ imageTag: "5.7.14"
## ##
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
## Additionnal arguments that are passed to the MySQL container.
## For example use --default-authentication-plugin=mysql_native_password if older clients need to
## connect to a MySQL 8 instance.
args: []
extraVolumes: |
# - name: extras
# emptyDir: {}
extraVolumeMounts: |
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
extraInitContainers: |
# - name: do-something
# image: busybox
# command: ['do', 'something']
# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# imagePullSecrets:
# - name: myRegistryKeySecretName
## Node selector ## Node selector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {} nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: [] tolerations: []
livenessProbe: livenessProbe:
...@@ -60,6 +98,18 @@ persistence: ...@@ -60,6 +98,18 @@ persistence:
# storageClass: "-" # storageClass: "-"
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 8Gi size: 8Gi
annotations: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Security context
securityContext:
enabled: false
runAsUser: 999
fsGroup: 999
## Configure resource requests and limits ## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
...@@ -69,18 +119,95 @@ resources: ...@@ -69,18 +119,95 @@ resources:
memory: 256Mi memory: 256Mi
cpu: 100m cpu: 100m
# Custom mysql configuration files path
configurationFilesPath: /etc/mysql/conf.d/
# Custom mysql configuration files used to override default mysql settings # Custom mysql configuration files used to override default mysql settings
configurationFiles: configurationFiles: {}
# mysql.cnf: |- # mysql.cnf: |-
# [mysqld] # [mysqld]
# skip-name-resolve # skip-name-resolve
# ssl-ca=/ssl/ca.pem
# ssl-cert=/ssl/server-cert.pem
# ssl-key=/ssl/server-key.pem
# Custom mysql init SQL files used to initialize the database
initializationFiles: {}
# first-db.sql: |-
# CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
# second-db.sql: |-
# CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
metrics:
enabled: false
image: ranchercharts/prom-mysqld-exporter
imageTag: v0.10.0
imagePullPolicy: IfNotPresent
resources: {}
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "9104"
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
readinessProbe:
initialDelaySeconds: 5
timeoutSeconds: 1
flags: []
serviceMonitor:
enabled: false
additionalLabels: {}
## Configure the service ## Configure the service
## ref: http://kubernetes.io/docs/user-guide/services/ ## ref: http://kubernetes.io/docs/user-guide/services/
service: service:
annotations: {}
## Specify a service type ## Specify a service type
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types
type: ClusterIP type: ClusterIP
port: 3306 port: 3306
# nodePort: 32000 # nodePort: 32000
# loadBalancerIP:
ssl:
enabled: false
secret: mysql-ssl-certs
certificates:
# - name: mysql-ssl-certs
# ca: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# cert: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# key: |-
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
## Populates the 'TZ' system timezone environment variable
## ref: https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html
##
## Default: nil (mysql will use image's default timezone, normally UTC)
## Example: 'Australia/Sydney'
# timezone:
# Deployment Annotations
deploymentAnnotations: {}
# To be added to the database server pod(s)
podAnnotations: {}
podLabels: {}
## Set pod priorityClassName
# priorityClassName: {}
## Init container resources defaults
initContainer:
resources:
requests:
memory: 10Mi
cpu: 10m
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment