github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 10:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[mariadb-operator] Update mariadb-operator v0.38.1 (#1188)

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->

## What this PR does


### Release note

<!--  Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->

```release-note
[mariadb-operator] Update mariadb-operator v0.38.1
```
This commit is contained in:
Andrei Kvapil
2025-07-16 15:40:13 +02:00
committed by GitHub
parent a862d41aa4 999faa7f66
commit bccf6113cc
37 changed files with 13009 additions and 48133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/system/mariadb-operator/charts/mariadb-operator/.helmignore
View File

@@ -20,4 +20,4 @@
.project
.idea/
*.tmproj
.vscode/
.vscode/

6
packages/system/mariadb-operator/charts/mariadb-operator/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: mariadb-operator-crds
repository: file://../mariadb-operator-crds
version: 0.38.1
digest: sha256:0f2ff90b83955a060f581b7db4a0c746338ae3a50d9766877c346c7f61d74cde
generated: "2025-04-15T16:54:07.813989419Z"

11
packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
View File

@@ -1,5 +1,10 @@
apiVersion: v2
appVersion: v0.0.30
appVersion: 0.38.1
dependencies:
- condition: crds.enabled
name: mariadb-operator-crds
repository: file://../mariadb-operator-crds
version: 0.38.1
description: Run and operate MariaDB in a cloud native way
home: https://github.com/mariadb-operator/mariadb-operator
icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
@@ -12,8 +17,8 @@ keywords:
- maxscale
kubeVersion: '>=1.26.0-0'
maintainers:
- email: mariadb-operator@proton.me
- email: martin.montes@mariadb.com
name: mmontes11
name: mariadb-operator
type: application
version: 0.30.0
version: 0.38.1

69
packages/system/mariadb-operator/charts/mariadb-operator/README.md
View File

@@ -2,33 +2,30 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
<p align="center">
<img src="https://mariadb-operator.github.io/mariadb-operator/assets/mariadb-operator_centered_whitebg.svg" alt="mariadb" width="100%"/>
</p>
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.30.0](https://img.shields.io/badge/Version-0.30.0-informational?style=flat-square) ![AppVersion: v0.0.30](https://img.shields.io/badge/AppVersion-v0.0.30-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.38.1](https://img.shields.io/badge/Version-0.38.1-informational?style=flat-square) ![AppVersion: 0.38.1](https://img.shields.io/badge/AppVersion-0.38.1-informational?style=flat-square)
Run and operate MariaDB in a cloud native way
## Installing
You can easily deploy the operator to your cluster by installing the `mariadb-operator-crds` and `mariadb-operator` Helm charts:
```bash
helm repo add mariadb-operator https://helm.mariadb.com/mariadb-operator
helm install mariadb-operator-crds mariadb-operator/mariadb-operator-crds
helm install mariadb-operator mariadb-operator/mariadb-operator
```
## Uninstalling
```bash
helm uninstall mariadb-operator
```
Refer to the [helm documentation](https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/HELM.md) for further detail.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity to add to controller Pod |
| certController.affinity | object | `{}` | Affinity to add to controller Pod |
| certController.caValidity | string | `"35064h"` | CA certificate validity. It must be greater than certValidity. |
| certController.certValidity | string | `"8766h"` | Certificate validity. |
| certController.affinity | object | `{}` | Affinity to add to cert-controller container |
| certController.caLifetime | string | `"26280h"` | CA certificate lifetime. It must be greater than certLifetime. |
| certController.certLifetime | string | `"2160h"` | Certificate lifetime. |
| certController.enabled | bool | `true` | Specifies whether the cert-controller should be created. |
| certController.extrArgs | list | `[]` | Extra arguments to be passed to the cert-controller entrypoint |
| certController.extraVolumeMounts | list | `[]` | Extra volumes to mount to cert-controller container |
@@ -39,13 +36,16 @@ helm uninstall mariadb-operator
| certController.image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` | |
| certController.image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
| certController.imagePullSecrets | list | `[]` | |
| certController.lookaheadValidity | string | `"2160h"` | Duration used to verify whether a certificate is valid or not. |
| certController.nodeSelector | object | `{}` | Node selectors to add to controller Pod |
| certController.nodeSelector | object | `{}` | Node selectors to add to cert-controller container |
| certController.pdb.enabled | bool | `false` | Enable PodDisruptionBudget for the cert-controller. |
| certController.pdb.maxUnavailable | int | `1` | Maximum number of unavailable Pods. You may also give a percentage, like `50%` |
| certController.podAnnotations | object | `{}` | Annotations to add to cert-controller Pod |
| certController.podSecurityContext | object | `{}` | Security context to add to cert-controller Pod |
| certController.priorityClassName | string | `""` | priorityClassName to add to cert-controller container |
| certController.renewBeforePercentage | int | `33` | How long before the certificate expiration should the renewal process be triggered. For example, if a certificate is valid for 60 minutes, and renewBeforePercentage=25, cert-controller will begin to attempt to renew the certificate 45 minutes after it was issued (i.e. when there are 15 minutes (25%) remaining until the certificate is no longer valid). |
| certController.requeueDuration | string | `"5m"` | Requeue duration to ensure that certificate gets renewed. |
| certController.resources | object | `{}` | Resources to add to cert-controller container |
| certController.securityContext | object | `{}` | Security context to add to cert-controller container |
| certController.securityContext | object | `{}` | Security context to add to cert-controller Pod |
| certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| certController.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the Pod |
| certController.serviceAccount.enabled | bool | `true` | Specifies whether a service account should be created |
@@ -54,16 +54,29 @@ helm uninstall mariadb-operator
| certController.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the cert-controller ServiceMonitor |
| certController.serviceMonitor.enabled | bool | `true` | Enable cert-controller ServiceMonitor. Metrics must be enabled |
| certController.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
| certController.serviceMonitor.metricRelabelings | list | `[]` | |
| certController.serviceMonitor.relabelings | list | `[]` | |
| certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| certController.tolerations | list | `[]` | Tolerations to add to controller Pod |
| certController.tolerations | list | `[]` | Tolerations to add to cert-controller container |
| certController.topologySpreadConstraints | list | `[]` | topologySpreadConstraints to add to cert-controller container |
| clusterName | string | `"cluster.local"` | Cluster DNS name |
| config | object | `{"exporterImage":"prom/mysqld-exporter:v0.15.1","exporterMaxscaleImage":"docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1","galeraLibPath":"/usr/lib/galera/libgalera_smm.so","mariadbDefaultVersion":"11.4","mariadbImage":"docker-registry1.mariadb.com/library/mariadb:11.4.5","maxscaleImage":"docker-registry2.mariadb.com/mariadb/maxscale:23.08.5"}` | Operator configuration |
| config.exporterImage | string | `"prom/mysqld-exporter:v0.15.1"` | Default MariaDB exporter image |
| config.exporterMaxscaleImage | string | `"docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1"` | Default MaxScale exporter image |
| config.galeraLibPath | string | `"/usr/lib/galera/libgalera_smm.so"` | Galera library path to be used with MariaDB Galera |
| config.mariadbDefaultVersion | string | `"11.4"` | Default MariaDB version to be used when unable to infer it via image tag |
| config.mariadbImage | string | `"docker-registry1.mariadb.com/library/mariadb:11.4.5"` | Default MariaDB image |
| config.maxscaleImage | string | `"docker-registry2.mariadb.com/mariadb/maxscale:23.08.5"` | Default MaxScale image |
| crds | object | `{"enabled":false}` | - CRDs |
| crds.enabled | bool | `false` | Whether the helm chart should create and update the CRDs. It is false by default, which implies that the CRDs must be managed independently with the mariadb-operator-crds helm chart. **WARNING** This should only be set to true during the initial deployment. If this chart manages the CRDs and is later uninstalled, all MariaDB instances will be DELETED. |
| currentNamespaceOnly | bool | `false` | Whether the operator should watch CRDs only in its own namespace or not. |
| extrArgs | list | `[]` | Extra arguments to be passed to the controller entrypoint |
| extraEnv | list | `[]` | Extra environment variables to be passed to the controller |
| extraEnvFrom | list | `[]` | Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom |
| extraVolumeMounts | list | `[]` | Extra volumes to mount to the container. |
| extraVolumes | list | `[]` | Extra volumes to pass to pod. |
| fullnameOverride | string | `""` | |
| ha.enabled | bool | `false` | Enable high availability |
| ha.enabled | bool | `false` | Enable high availability of the controller. If you enable it we recommend to set `affinity` and `pdb` |
| ha.replicas | int | `3` | Number of replicas |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` | |
@@ -74,11 +87,18 @@ helm uninstall mariadb-operator
| metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the controller ServiceMonitor |
| metrics.serviceMonitor.enabled | bool | `true` | Enable controller ServiceMonitor |
| metrics.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
| metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| metrics.serviceMonitor.relabelings | list | `[]` | |
| metrics.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | Node selectors to add to controller Pod |
| pdb.enabled | bool | `false` | Enable PodDisruptionBudget for the controller. |
| pdb.maxUnavailable | int | `1` | Maximum number of unavailable Pods. You may also give a percentage, like `50%` |
| podAnnotations | object | `{}` | Annotations to add to controller Pod |
| podSecurityContext | object | `{}` | Security context to add to controller Pod |
| pprof.enabled | bool | `false` | Enable the pprof HTTP server. |
| pprof.port | int | `6060` | The port where the pprof HTTP server listens. |
| priorityClassName | string | `""` | priorityClassName to add to controller Pod |
| rbac.aggregation.enabled | bool | `true` | Specifies whether the cluster roles aggrate to view and edit predefinied roles |
| rbac.enabled | bool | `true` | Specifies whether RBAC resources should be created |
| resources | object | `{}` | Resources to add to controller container |
@@ -89,7 +109,8 @@ helm uninstall mariadb-operator
| serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and enabled is true, a name is generated using the fullname template |
| tolerations | list | `[]` | Tolerations to add to controller Pod |
| webhook.affinity | object | `{}` | Affinity to add to controller Pod |
| topologySpreadConstraints | list | `[]` | topologySpreadConstraints to add to controller Pod |
| webhook.affinity | object | `{}` | Affinity to add to webhook Pod |
| webhook.annotations | object | `{}` | Annotations for webhook configurations. |
| webhook.cert.ca.key | string | `""` | File under 'ca.path' that contains the full CA trust chain. |
| webhook.cert.ca.path | string | `""` | Path that contains the full CA trust chain. |
@@ -101,6 +122,7 @@ helm uninstall mariadb-operator
| webhook.cert.path | string | `"/tmp/k8s-webhook-server/serving-certs"` | Path where the certificate will be mounted. 'tls.crt' and 'tls.key' certificates files should be under this path. |
| webhook.cert.secretAnnotations | object | `{}` | Annotatioms to be added to webhook TLS secret. |
| webhook.cert.secretLabels | object | `{}` | Labels to be added to webhook TLS secret. |
| webhook.enabled | bool | `true` | Specifies whether the webhook should be created. |
| webhook.extrArgs | list | `[]` | Extra arguments to be passed to the webhook entrypoint |
| webhook.extraVolumeMounts | list | `[]` | Extra volumes to mount to webhook container |
| webhook.extraVolumes | list | `[]` | Extra volumes to pass to webhook Pod |
@@ -111,10 +133,13 @@ helm uninstall mariadb-operator
| webhook.image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` | |
| webhook.image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
| webhook.imagePullSecrets | list | `[]` | |
| webhook.nodeSelector | object | `{}` | Node selectors to add to controller Pod |
| webhook.nodeSelector | object | `{}` | Node selectors to add to webhook Pod |
| webhook.pdb.enabled | bool | `false` | Enable PodDisruptionBudget for the webhook. |
| webhook.pdb.maxUnavailable | int | `1` | Maximum number of unavailable Pods. You may also give a percentage, like `50%` |
| webhook.podAnnotations | object | `{}` | Annotations to add to webhook Pod |
| webhook.podSecurityContext | object | `{}` | Security context to add to webhook Pod |
| webhook.port | int | `9443` | Port to be used by the webhook server |
| webhook.priorityClassName | string | `""` | priorityClassName to add to webhook Pod |
| webhook.resources | object | `{}` | Resources to add to webhook container |
| webhook.securityContext | object | `{}` | Security context to add to webhook container |
| webhook.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
@@ -125,6 +150,8 @@ helm uninstall mariadb-operator
| webhook.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the webhook ServiceMonitor |
| webhook.serviceMonitor.enabled | bool | `true` | Enable webhook ServiceMonitor. Metrics must be enabled |
| webhook.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
| webhook.serviceMonitor.metricRelabelings | list | `[]` | |
| webhook.serviceMonitor.relabelings | list | `[]` | |
| webhook.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| webhook.tolerations | list | `[]` | Tolerations to add to controller Pod |
| webhook.tolerations | list | `[]` | Tolerations to add to webhook Pod |
| webhook.topologySpreadConstraints | list | `[]` | topologySpreadConstraints to add to webhook Pod |

18
packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
View File

@@ -3,24 +3,20 @@
{{ $release := "mariadb-operator" }}
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
<p align="center">
<img src="https://mariadb-operator.github.io/mariadb-operator/assets/mariadb-operator_centered_whitebg.svg" alt="mariadb" width="100%"/>
</p>
{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
## Installing
You can easily deploy the operator to your cluster by installing the `mariadb-operator-crds` and `mariadb-operator` Helm charts:
```bash
helm repo add {{ $org }} {{ $chartRepo }}
helm install {{ $release }} {{ $org }}/{{ template "chart.name" . }}
helm repo add mariadb-operator https://helm.mariadb.com/mariadb-operator
helm install mariadb-operator-crds mariadb-operator/mariadb-operator-crds
helm install mariadb-operator mariadb-operator/mariadb-operator
```
## Uninstalling
```bash
helm uninstall {{ $release }}
```
Refer to the [helm documentation](https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/HELM.md) for further detail.
{{ template "chart.valuesSection" . }}

23
packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

19
packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v2
appVersion: 0.0.0
description: mariadb-operator CRDs
home: https://github.com/mariadb-operator/mariadb-operator
icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
keywords:
- mariadb
- mysql
- operator
- mariadb-operator
- database
- maxscale
kubeVersion: '>=1.26.0-0'
maintainers:
- email: martin.montes@mariadb.com
name: mmontes11
name: mariadb-operator-crds
type: application
version: 0.38.1

5
packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,5 @@
mariadb-operator CRDs have been successfully installed! 🦭
To complete the mariadb-operator installation, please now proceed to install the
mariadb-operator chart:
https://github.com/mariadb-operator/mariadb-operator?tab=readme-ov-file#helm-installation

12301
packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

0
packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/values.yaml Normal file
View File

47920
packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
View File

File diff suppressed because it is too large Load Diff

2
packages/system/mariadb-operator/charts/mariadb-operator/templates/NOTES.txt
View File

@@ -1,4 +1,4 @@
mariadb-operator has been successfully deployed! 🦭
Not sure what to do next? 😅 Check out:
https://github.com/mariadb-operator/mariadb-operator#quickstart
https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/QUICKSTART.md

26
packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
View File

@@ -56,9 +56,9 @@ Webhook common labels
{{- define "mariadb-operator-webhook.labels" -}}
helm.sh/chart: {{ include "mariadb-operator.chart" . }}
{{ include "mariadb-operator-webhook.selectorLabels" . }}
{{ if .Chart.AppVersion }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{ end }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
@@ -104,9 +104,9 @@ Cert-controller common labels
{{- define "mariadb-operator-cert-controller.labels" -}}
helm.sh/chart: {{ include "mariadb-operator.chart" . }}
{{ include "mariadb-operator-cert-controller.selectorLabels" . }}
{{ if .Chart.AppVersion }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{ end }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
@@ -149,4 +149,22 @@ Create the name of the cert-controller service account to use
{{- else }}
{{- default "default" .Values.certController.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Util function for generating the image URL based on the provided options.
*/}}
{{- define "image" -}}
{{- $defaultTag := index . 1 -}}
{{- with index . 0 -}}
{{- $repository := .repository | default "" -}}
{{- $digest := .digest -}}
{{- $tag := default $defaultTag .tag -}}
{{- printf "%s" $repository }}
{{- if $digest -}}
{{ printf "@%s" $digest }}
{{- else -}}
{{ printf ":%s" $tag }}
{{- end -}}
{{- end }}
{{- end }}

49
packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-deployment.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/deployment.yaml
View File

@@ -1,25 +1,25 @@
{{- if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
{{- if and (not .Values.currentNamespaceOnly) .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mariadb-operator.fullname" . }}-cert-controller
labels:
{{ include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
{{- include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
spec:
{{ if .Values.certController.ha.enabled }}
{{- if .Values.certController.ha.enabled }}
replicas: {{ .Values.certController.ha.replicas}}
{{ end }}
{{- end }}
selector:
matchLabels:
{{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 6 }}
{{- include "mariadb-operator-cert-controller.selectorLabels" . | nindent 6 }}
template:
metadata:
{{ with .Values.certController.podAnnotations }}
{{- with .Values.certController.podAnnotations }}
annotations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
labels:
{{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 8 }}
{{- include "mariadb-operator-cert-controller.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.certController.imagePullSecrets }}
imagePullSecrets:
@@ -27,35 +27,42 @@ spec:
{{- end }}
serviceAccountName: {{ include "mariadb-operator-cert-controller.serviceAccountName" . }}-cert-controller
automountServiceAccountToken: {{ .Values.certController.serviceAccount.automount }}
{{ with .Values.certController.nodeSelector }}
{{- with .Values.certController.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.certController.tolerations }}
{{- end }}
{{- with .Values.certController.tolerations }}
tolerations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.certController.affinity }}
{{- end }}
{{- with .Values.certController.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.certController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.certController.affinity }}
affinity:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.certController.podSecurityContext }}
{{- end }}
{{- with .Values.certController.podSecurityContext }}
securityContext:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
containers:
- image: "{{ .Values.certController.image.repository }}:{{ .Values.certController.image.tag | default .Chart.AppVersion }}"
- image: "{{ template "image" (tuple .Values.certController.image $.Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.certController.image.pullPolicy }}
name: cert-controller
args:
- cert-controller
- --ca-secret-name={{ include "mariadb-operator.fullname" . }}-webhook-ca
- --ca-secret-namespace={{ .Release.Namespace }}
- --ca-validity={{ .Values.certController.caValidity }}
- --ca-lifetime={{ .Values.certController.caLifetime }}
- --cert-secret-name={{ include "mariadb-operator.fullname" . }}-webhook-cert
- --cert-secret-namespace={{ .Release.Namespace }}
- --cert-validity={{ .Values.certController.certValidity }}
- --lookahead-validity={{ .Values.certController.lookaheadValidity }}
- --cert-lifetime={{ .Values.certController.certLifetime }}
- --renew-before-percentage={{ .Values.certController.renewBeforePercentage }}
- --service-name={{ include "mariadb-operator.fullname" . }}-webhook
- --service-namespace={{ .Release.Namespace }}
- --requeue-duration={{ .Values.certController.requeueDuration }}
@@ -100,4 +107,4 @@ spec:
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/pdb.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and (not .Values.currentNamespaceOnly) .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) .Values.certController.pdb.enabled -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mariadb-operator.fullname" . }}-cert-controller
labels:
{{ include "mariadb-operator-cert-controller.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.certController.pdb.maxUnavailable }}
selector:
matchLabels:
{{ include "mariadb-operator-cert-controller.selectorLabels" . | nindent 6 }}
{{- end }}

2
packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-rbac.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/rbac.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.rbac.enabled .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
{{- if and (not .Values.currentNamespaceOnly) .Values.rbac.enabled .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

2
packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-serviceaccount.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/serviceaccount.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
{{- if and (not .Values.currentNamespaceOnly) .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) -}}
apiVersion: v1
kind: ServiceAccount
metadata:

12
packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller-servicemonitor.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/servicemonitor.yaml
View File

@@ -1,4 +1,4 @@
{{ if and .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) .Values.metrics.enabled .Values.certController.serviceMonitor.enabled }}
{{ if and (not .Values.currentNamespaceOnly) .Values.certController.enabled (not .Values.webhook.cert.certManager.enabled) .Values.metrics.enabled .Values.certController.serviceMonitor.enabled }}
apiVersion: v1
kind: Service
metadata:
@@ -33,4 +33,12 @@ spec:
- port: metrics
interval: {{ .Values.certController.serviceMonitor.interval }}
scrapeTimeout: {{ .Values.certController.serviceMonitor.scrapeTimeout }}
{{ end }}
{{- if .Values.certController.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.certController.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- if .Values.certController.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.certController.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{ end }}

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
data:
MARIADB_ENTRYPOINT_VERSION: "11.4"
MARIADB_GALERA_LIB_PATH: /usr/lib/galera/libgalera_smm.so
MARIADB_OPERATOR_IMAGE: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:v0.0.30
RELATED_IMAGE_EXPORTER: prom/mysqld-exporter:v0.15.1
RELATED_IMAGE_EXPORTER_MAXSCALE: docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1
RELATED_IMAGE_MARIADB: docker-registry1.mariadb.com/library/mariadb:11.4.3
RELATED_IMAGE_MAXSCALE: docker-registry2.mariadb.com/mariadb/maxscale:23.08.5
kind: ConfigMap
metadata:
creationTimestamp: null
name: mariadb-operator-env

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/configmap.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
data:
MARIADB_OPERATOR_IMAGE: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}"
MARIADB_GALERA_LIB_PATH: "{{ .Values.config.galeraLibPath }}"
MARIADB_DEFAULT_VERSION: "{{ .Values.config.mariadbDefaultVersion }}"
RELATED_IMAGE_MARIADB: "{{ .Values.config.mariadbImage }}"
RELATED_IMAGE_MAXSCALE: "{{ .Values.config.maxscaleImage }}"
RELATED_IMAGE_EXPORTER: "{{ .Values.config.exporterImage }}"
RELATED_IMAGE_EXPORTER_MAXSCALE: "{{ .Values.config.exporterMaxscaleImage }}"
kind: ConfigMap
metadata:
creationTimestamp: null
name: mariadb-operator-env

52
packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/deployment.yaml
View File

@@ -3,22 +3,22 @@ kind: Deployment
metadata:
name: {{ include "mariadb-operator.fullname" . }}
labels:
{{ include "mariadb-operator.labels" . | nindent 4 }}
{{- include "mariadb-operator.labels" . | nindent 4 }}
spec:
{{ if .Values.ha.enabled }}
{{- if .Values.ha.enabled }}
replicas: {{ .Values.ha.replicas}}
{{ end }}
{{- end }}
selector:
matchLabels:
{{ include "mariadb-operator.selectorLabels" . | nindent 6 }}
{{- include "mariadb-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{ with .Values.podAnnotations }}
{{- with .Values.podAnnotations }}
annotations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
labels:
{{ include "mariadb-operator.selectorLabels" . | nindent 8 }}
{{- include "mariadb-operator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -27,24 +27,31 @@ spec:
serviceAccountName: {{ include "mariadb-operator.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
terminationGracePeriodSeconds: 10
{{ with .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.tolerations }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.affinity }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.podSecurityContext }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
containers:
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
- image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: controller
args:
@@ -53,6 +60,10 @@ spec:
{{- if .Values.ha.enabled }}
- --leader-elect
{{- end }}
{{- if .Values.pprof.enabled }}
- --pprof
- --pprof-addr=:{{ .Values.pprof.port | int }}
{{- end }}
{{- range .Values.extraArgs }}
- {{ . }}
{{- end }}
@@ -60,6 +71,11 @@ spec:
- containerPort: 8080
protocol: TCP
name: metrics
{{- if .Values.pprof.enabled }}
- containerPort: {{ .Values.pprof.port }}
protocol: TCP
name: pprof
{{- end }}
envFrom:
- configMapRef:
name: mariadb-operator-env
@@ -69,6 +85,10 @@ spec:
env:
- name: CLUSTER_NAME
value: {{ .Values.clusterName }}
{{- if .Values.currentNamespaceOnly }}
- name: WATCH_NAMESPACE
value: {{ .Release.Namespace }}
{{- end }}
- name: MARIADB_OPERATOR_NAME
valueFrom:
fieldRef:

10
packages/system/mariadb-operator/charts/mariadb-operator/templates/metrics-servicemonitor.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/metrics-servicemonitor.yaml
View File

@@ -33,4 +33,12 @@ spec:
- port: metrics
interval: {{ .Values.metrics.serviceMonitor.interval }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{ end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{ end }}

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/pdb.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mariadb-operator.fullname" . }}
labels:
{{ include "mariadb-operator.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
selector:
matchLabels:
{{ include "mariadb-operator.selectorLabels" . | nindent 6 }}
{{- end }}

236
packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/rbac-namespace.yaml Normal file
View File

@@ -0,0 +1,236 @@
{{- if and .Values.currentNamespaceOnly .Values.rbac.enabled -}}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $fullName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- endpoints
- endpoints/restricted
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
- secrets
- serviceaccounts
- services
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- deletecollection
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- list
- patch
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- list
- patch
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- list
- patch
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- list
- patch
- watch
- apiGroups:
- k8s.mariadb.com
resources:
- backups
- connections
- databases
- grants
- mariadbs
- maxscales
- restores
- sqljobs
- users
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.mariadb.com
resources:
- backups/finalizers
- connections/finalizers
- databases/finalizers
- grants/finalizers
- mariadbs/finalizers
- maxscales/finalizers
- restores/finalizers
- sqljobs/finalizers
- users/finalizers
verbs:
- update
- apiGroups:
- k8s.mariadb.com
resources:
- backups/status
- connections/status
- databases/status
- grants/status
- mariadbs/status
- maxscales/status
- restores/status
- sqljobs/status
- users/status
verbs:
- get
- patch
- update
- apiGroups:
- k8s.mariadb.com
resources:
- maxscale
verbs:
- create
- list
- patch
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- list
- patch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $fullName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $fullName }}
subjects:
- kind: ServiceAccount
name: {{ include "mariadb-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

2
packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac-user.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/rbac-user.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.rbac.enabled -}}
{{- if and (not .Values.currentNamespaceOnly) .Values.rbac.enabled -}}
{{ $fullName := include "mariadb-operator.fullname" . }}
# the mariadb-view ClusterRole allows viewing all k8s.mariadb.com resources
apiVersion: rbac.authorization.k8s.io/v1

12
packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/rbac.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.rbac.enabled -}}
{{- if and (not .Values.currentNamespaceOnly) .Values.rbac.enabled -}}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -95,6 +95,7 @@ rules:
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
@@ -152,6 +153,15 @@ rules:
- list
- patch
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- list
- patch
- watch
- apiGroups:
- k8s.mariadb.com
resources:

0
packages/system/mariadb-operator/charts/mariadb-operator/templates/serviceaccount.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/serviceaccount.yaml
View File

25
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-secret.yaml
View File

@@ -1,25 +0,0 @@
{{- if not .Values.webhook.cert.certManager.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mariadb-operator.fullname" . }}-webhook-ca
labels:
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
mariadb-operator.io/component: webhook
{{- with .Values.webhook.cert.secretAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mariadb-operator.fullname" . }}-webhook-cert
labels:
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
mariadb-operator.io/component: webhook
{{- with .Values.webhook.cert.secretAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-service.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "mariadb-operator.fullname" . }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
ports:
- port: 443
protocol: TCP
targetPort: {{ .Values.webhook.port }}
selector:
{{ include "mariadb-operator-webhook.selectorLabels" . | nindent 4 }}

4
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/certificate.yaml
View File

@@ -1,4 +1,4 @@
{{ if .Values.webhook.cert.certManager.enabled }}
{{ if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled .Values.webhook.cert.certManager.enabled }}
{{ if not .Values.webhook.cert.certManager.issuerRef }}
apiVersion: cert-manager.io/v1
kind: Issuer
@@ -51,4 +51,4 @@ spec:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{ end }}
{{- end }}

36
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-config.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/config.yaml
View File

@@ -1,19 +1,20 @@
{{ if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled }}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ $fullName }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
annotations:
{{- if .Values.webhook.cert.certManager.enabled }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "mariadb-operator.fullname" . }}-webhook-cert
{{- else }}
k8s.mariadb.com/webhook: ""
{{- end }}
{{ with .Values.webhook.annotations }}
{{- with .Values.webhook.annotations }}
{{ toYaml . | indent 4 }}
{{ end }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
@@ -23,7 +24,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /mutate-k8s-mariadb-com-v1alpha1-mariadb
failurePolicy: Fail
name: mmariadb.kb.io
name: mmariadb-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -41,16 +42,16 @@ kind: ValidatingWebhookConfiguration
metadata:
name: {{ $fullName }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
annotations:
{{- if .Values.webhook.cert.certManager.enabled }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "mariadb-operator.fullname" . }}-webhook-cert
{{- else }}
k8s.mariadb.com/webhook: ""
{{- end }}
{{ with .Values.webhook.annotations }}
{{- with .Values.webhook.annotations }}
{{ toYaml . | indent 4 }}
{{ end }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
@@ -60,7 +61,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-backup
failurePolicy: Fail
name: vbackup.kb.io
name: vbackup-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -80,7 +81,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-connection
failurePolicy: Fail
name: vconnection.kb.io
name: vconnection-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -100,7 +101,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-database
failurePolicy: Fail
name: vdatabase.kb.io
name: vdatabase-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -120,7 +121,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-grant
failurePolicy: Fail
name: vgrant.kb.io
name: vgrant-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -140,7 +141,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-mariadb
failurePolicy: Fail
name: vmariadb.kb.io
name: vmariadb-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -160,7 +161,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-maxscale
failurePolicy: Fail
name: vmaxscale.kb.io
name: vmaxscale-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -180,7 +181,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-restore
failurePolicy: Fail
name: vrestore.kb.io
name: vrestore-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -200,7 +201,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-sqljob
failurePolicy: Fail
name: vsqljob.kb.io
name: vsqljob-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -220,7 +221,7 @@ webhooks:
namespace: {{ .Release.Namespace }}
path: /validate-k8s-mariadb-com-v1alpha1-user
failurePolicy: Fail
name: vuser.kb.io
name: vuser-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
@@ -231,4 +232,5 @@ webhooks:
- UPDATE
resources:
- users
sideEffects: None
sideEffects: None
{{- end }}

49
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/deployment.yaml
View File

@@ -1,25 +1,26 @@
{{ if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled }}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
{{ if .Values.webhook.ha.enabled }}
{{- if .Values.webhook.ha.enabled }}
replicas: {{ .Values.webhook.ha.replicas}}
{{ end }}
{{- end }}
selector:
matchLabels:
{{ include "mariadb-operator-webhook.selectorLabels" . | nindent 6 }}
{{- include "mariadb-operator-webhook.selectorLabels" . | nindent 6 }}
template:
metadata:
{{ with .Values.webhook.podAnnotations }}
{{- with .Values.webhook.podAnnotations }}
annotations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
labels:
{{ include "mariadb-operator-webhook.selectorLabels" . | nindent 8 }}
{{- include "mariadb-operator-webhook.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.webhook.imagePullSecrets }}
imagePullSecrets:
@@ -27,25 +28,32 @@ spec:
{{- end }}
serviceAccountName: {{ include "mariadb-operator-webhook.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automount }}
{{ with .Values.webhook.nodeSelector }}
{{- with .Values.webhook.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.webhook.tolerations }}
{{- end }}
{{- with .Values.webhook.tolerations }}
tolerations:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.webhook.affinity }}
{{- end }}
{{- with .Values.webhook.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webhook.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.webhook.affinity }}
affinity:
{{ toYaml . | nindent 8 }}
{{ end }}
{{ with .Values.webhook.podSecurityContext }}
{{- end }}
{{- with .Values.webhook.podSecurityContext }}
securityContext:
{{ toYaml . | nindent 8 }}
{{ end }}
{{- end }}
hostNetwork: {{ .Values.webhook.hostNetwork }}
containers:
- image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
- image: "{{ template "image" (tuple .Values.webhook.image $.Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
name: webhook
args:
@@ -92,14 +100,14 @@ spec:
port: 8081
initialDelaySeconds: 20
periodSeconds: 5
{{ with .Values.webhook.resources }}
{{- with .Values.webhook.resources }}
resources:
{{ toYaml . | nindent 12 }}
{{ end }}
{{ with .Values.webhook.securityContext}}
{{- end }}
{{- with .Values.webhook.securityContext}}
securityContext:
{{ toYaml . | nindent 12 }}
{{ end }}
{{- end }}
volumes:
{{- if not .Values.webhook.cert.certManager.enabled }}
- name: ca
@@ -114,3 +122,4 @@ spec:
{{- if .Values.webhook.extraVolumes }}
{{- toYaml .Values.webhook.extraVolumes | nindent 8 }}
{{- end }}
{{- end }}

13
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/pdb.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{ if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled .Values.webhook.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mariadb-operator.fullname" . }}-webhook
labels:
{{ include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.webhook.pdb.maxUnavailable }}
selector:
matchLabels:
{{ include "mariadb-operator-webhook.selectorLabels" . | nindent 6 }}
{{- end }}

15
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "mariadb-operator.fullname" . }}-webhook
labels:
{{- include "mariadb-operator-webhook.labels" . | nindent 4 }}
spec:
ports:
- port: 443
protocol: TCP
targetPort: {{ .Values.webhook.port }}
selector:
{{- include "mariadb-operator-webhook.selectorLabels" . | nindent 4 }}
{{- end }}

4
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-serviceaccount.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/serviceaccount.yaml
View File

@@ -1,3 +1,4 @@
{{- if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
@@ -10,4 +11,5 @@ metadata:
{{- with .Values.webhook.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

12
packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-servicemonitor.yaml → packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/servicemonitor.yaml
View File

@@ -1,4 +1,4 @@
{{ if and .Values.metrics.enabled .Values.webhook.serviceMonitor.enabled }}
{{ if and (not .Values.currentNamespaceOnly) .Values.webhook.enabled .Values.metrics.enabled .Values.webhook.serviceMonitor.enabled }}
apiVersion: v1
kind: Service
metadata:
@@ -33,4 +33,12 @@ spec:
- port: metrics
interval: {{ .Values.webhook.serviceMonitor.interval }}
scrapeTimeout: {{ .Values.webhook.serviceMonitor.scrapeTimeout }}
{{ end }}
{{- if .Values.webhook.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.webhook.serviceMonitor.metricRelabelings | nindent 6 }}
{{- end }}
{{- if .Values.webhook.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.webhook.serviceMonitor.relabelings | nindent 6 }}
{{- end }}
{{- end }}

140
packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
View File

@@ -1,25 +1,32 @@
nameOverride: ""
fullnameOverride: ""
# --- CRDs
crds:
# -- Whether the helm chart should create and update the CRDs. It is false by default, which implies that the CRDs must be
# managed independently with the mariadb-operator-crds helm chart.
# **WARNING** This should only be set to true during the initial deployment. If this chart manages the CRDs
# and is later uninstalled, all MariaDB instances will be DELETED.
enabled: false
image:
repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []
# -- Controller log level
logLevel: INFO
# -- Cluster DNS name
clusterName: cluster.local
# -- Whether the operator should watch CRDs only in its own namespace or not.
currentNamespaceOnly: false
ha:
# -- Enable high availability
# -- Enable high availability of the controller.
# If you enable it we recommend to set `affinity` and `pdb`
enabled: false
# -- Number of replicas
replicas: 3
metrics:
# -- Enable operator internal metrics. Prometheus must be installed in the cluster
enabled: false
@@ -33,7 +40,10 @@ metrics:
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
# MetricRelabelConfigs to apply to samples before ingestion.
metricRelabelings: []
# RelabelConfigs to apply to samples before scraping.
relabelings: []
serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
@@ -46,40 +56,28 @@ serviceAccount:
# -- The name of the service account to use.
# If not set and enabled is true, a name is generated using the fullname template
name: ""
rbac:
# -- Specifies whether RBAC resources should be created
enabled: true
aggregation:
# -- Specifies whether the cluster roles aggrate to view and edit predefinied roles
enabled: true
# -- Extra arguments to be passed to the controller entrypoint
extrArgs: []
# -- Extra environment variables to be passed to the controller
extraEnv: []
# -- Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom
extraEnvFrom: []
# -- Extra volumes to pass to pod.
extraVolumes: []
# -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to controller Pod
podAnnotations: {}
# -- Security context to add to controller Pod
podSecurityContext: {}
# -- Security context to add to controller container
securityContext: {}
# -- Resources to add to controller container
resources: {}
# requests:
@@ -88,19 +86,50 @@ resources: {}
# -- Node selectors to add to controller Pod
nodeSelector: {}
# -- Tolerations to add to controller Pod
tolerations: []
# -- topologySpreadConstraints to add to controller Pod
topologySpreadConstraints: []
# -- priorityClassName to add to controller Pod
priorityClassName: ""
# -- Affinity to add to controller Pod
affinity: {}
# Sample on how to create an antiAffinity rule that place
# the pods on different nodes, to be used together with `ha.enabled: true`
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - mariadb-operator
# - key: app.kubernetes.io/instance
# operator: In
# values:
# - mariadb-operator
# topologyKey: kubernetes.io/hostname
pdb:
# -- Enable PodDisruptionBudget for the controller.
enabled: false
# -- Maximum number of unavailable Pods. You may also give a percentage, like `50%`
maxUnavailable: 1
pprof:
# -- Enable the pprof HTTP server.
enabled: false
# -- The port where the pprof HTTP server listens.
port: 6060
webhook:
# -- Specifies whether the webhook should be created.
enabled: true
image:
repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []
ha:
# -- Enable high availability
@@ -144,6 +173,10 @@ webhook:
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
# MetricRelabelConfigs to apply to samples before ingestion.
metricRelabelings: []
# RelabelConfigs to apply to samples before scraping.
relabelings: []
serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
@@ -175,13 +208,21 @@ webhook:
# requests:
# cpu: 10m
# memory: 32Mi
# -- Node selectors to add to controller Pod
# -- Node selectors to add to webhook Pod
nodeSelector: {}
# -- Tolerations to add to controller Pod
# -- Tolerations to add to webhook Pod
tolerations: []
# -- Affinity to add to controller Pod
# -- topologySpreadConstraints to add to webhook Pod
topologySpreadConstraints: []
# -- priorityClassName to add to webhook Pod
priorityClassName: ""
# -- Affinity to add to webhook Pod
affinity: {}
pdb:
# -- Enable PodDisruptionBudget for the webhook.
enabled: false
# -- Maximum number of unavailable Pods. You may also give a percentage, like `50%`
maxUnavailable: 1
certController:
# -- Specifies whether the cert-controller should be created.
enabled: true
@@ -190,18 +231,20 @@ certController:
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []
ha:
# -- Enable high availability
enabled: false
# -- Number of replicas
replicas: 3
# -- CA certificate validity. It must be greater than certValidity.
caValidity: 35064h
# -- Certificate validity.
certValidity: 8766h
# -- Duration used to verify whether a certificate is valid or not.
lookaheadValidity: 2160h
# -- CA certificate lifetime. It must be greater than certLifetime.
caLifetime: 26280h
# -- Certificate lifetime.
certLifetime: 2160h
# -- How long before the certificate expiration should the renewal process be triggered. For example, if a certificate is valid for 60 minutes, and renewBeforePercentage=25, cert-controller will begin to attempt to renew the certificate 45 minutes after it was issued (i.e. when there are 15 minutes (25%) remaining until the certificate is no longer valid).
renewBeforePercentage: 33
# -- Requeue duration to ensure that certificate gets renewed.
requeueDuration: 5m
serviceMonitor:
@@ -214,6 +257,10 @@ certController:
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
# MetricRelabelConfigs to apply to samples before ingestion.
metricRelabelings: []
# RelabelConfigs to apply to samples before scraping.
relabelings: []
serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
@@ -236,16 +283,39 @@ certController:
podAnnotations: {}
# -- Security context to add to cert-controller Pod
podSecurityContext: {}
# -- Security context to add to cert-controller container
# -- Security context to add to cert-controller Pod
securityContext: {}
# -- Resources to add to cert-controller container
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
# -- Node selectors to add to controller Pod
# -- Node selectors to add to cert-controller container
nodeSelector: {}
# -- Tolerations to add to controller Pod
# -- Tolerations to add to cert-controller container
tolerations: []
# -- Affinity to add to controller Pod
# -- topologySpreadConstraints to add to cert-controller container
topologySpreadConstraints: []
# -- priorityClassName to add to cert-controller container
priorityClassName: ""
# -- Affinity to add to cert-controller container
affinity: {}
pdb:
# -- Enable PodDisruptionBudget for the cert-controller.
enabled: false
# -- Maximum number of unavailable Pods. You may also give a percentage, like `50%`
maxUnavailable: 1
# -- Operator configuration
config:
# -- Galera library path to be used with MariaDB Galera
galeraLibPath: /usr/lib/galera/libgalera_smm.so
# -- Default MariaDB version to be used when unable to infer it via image tag
mariadbDefaultVersion: "11.4"
# -- Default MariaDB image
mariadbImage: docker-registry1.mariadb.com/library/mariadb:11.4.5
# -- Default MaxScale image
maxscaleImage: docker-registry2.mariadb.com/mariadb/maxscale:23.08.5
# -- Default MariaDB exporter image
exporterImage: prom/mysqld-exporter:v0.15.1
# -- Default MaxScale exporter image
exporterMaxscaleImage: docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1