openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "[mariadb] Remove ingress deployment"

Browse Source
This commit is contained in:
Zuul 2024-10-01 20:10:49 +00:00 committed by Gerrit Code Review
commit 167dd26541
13 changed files with 2 additions and 2225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mariadb/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.6.7
description: OpenStack-Helm MariaDB
name: mariadb
version: 0.2.48
version: 0.2.49
home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources:

1630
mariadb/files/nginx.tmpl
View File

File diff suppressed because it is too large Load Diff

25
mariadb/templates/configmap-ingress-conf.yaml
View File

@ -1,25 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_ingress_conf }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-ingress-conf
data:
{{ toYaml .Values.conf.ingress_conf | indent 2 }}
{{- end }}

29
mariadb/templates/configmap-ingress-etc.yaml
View File

@ -1,29 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License" );
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_ingress_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-ingress-etc
data:
{{- if $envAll.Values.conf.ingress }}
nginx.tmpl: |
{{ $envAll.Values.conf.ingress | indent 4 }}
{{- else }}
{{ ( $envAll.Files.Glob "files/nginx.tmpl" ).AsConfig | indent 2 }}
{{- end }}
{{- end }}

3
mariadb/templates/deployment-controller.yaml
View File

@ -13,9 +13,6 @@ limitations under the License.
*/}}
{{- if .Values.manifests.deployment_controller }}
{{- if .Values.manifests.deployment_ingress }}
{{- fail ".Values.manifests.deployment_ingress and .Values.manifests.deployment_controlle are mutually exclusive" }}
{{- end }}
{{- $envAll := . }}
{{- $serviceAccountName := "mariadb-controller" }}

78
mariadb/templates/deployment-error.yaml
View File

@ -1,78 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_error }}
{{- $envAll := . }}
{{- $serviceAccountName := "mariadb-ingress-error-pages" }}
{{ tuple $envAll "error_pages" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-ingress-error-pages
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.error_page }}
selector:
matchLabels:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-ingress-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "mariadb-ingress-error-pages" "containerNames" (list "init" "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
initContainers:
{{ tuple $envAll "error_pages" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ingress-error-pages
{{ tuple $envAll "error_pages" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "error_pages" "container" "server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.error_pages | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
volumeMounts:
- name: pod-tmp
mountPath: /tmp
volumes:
- name: pod-tmp
emptyDir: {}
{{- end }}

322
mariadb/templates/deployment-ingress.yaml
View File

@ -1,322 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.deployment_ingress }}
{{- $envAll := . }}
{{- $ingressClass := printf "%s-%s" .deployment_name "mariadb-ingress" }}
{{- $serviceAccountName := printf "%s-%s" .deployment_name "ingress" }}
{{ tuple $envAll "ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "networking.k8s.io"
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resourceNames:
- {{ printf "%s-%s" .deployment_name $ingressClass | quote }}
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-ingress
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/name: "mariadb"
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
spec:
replicas: {{ .Values.pod.replicas.ingress }}
selector:
matchLabels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/name: "mariadb"
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-ingress-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "mariadb-ingress" "containerNames" (list "init" "ingress") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }}
terminationGracePeriodSeconds: 60
initContainers:
{{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ingress
{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "ingress" "container" "server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
readinessProbe:
tcpSocket:
port: {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: {{ .deployment_name | quote }}
- name: INGRESS_CLASS
value: {{ $ingressClass | quote }}
- name: ERROR_PAGE_SERVICE
value: {{ tuple "oslo_db" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
command:
- /usr/bin/dumb-init
- /nginx-ingress-controller
- --election-id=$(RELEASE_NAME)
- --ingress-class=$(INGRESS_CLASS)
- --default-backend-service=$(POD_NAMESPACE)/$(ERROR_PAGE_SERVICE)
- --configmap=$(POD_NAMESPACE)/mariadb-ingress-conf
- --enable-ssl-chain-completion=false
- --tcp-services-configmap=$(POD_NAMESPACE)/mariadb-services-tcp
lifecycle:
preStop:
exec:
command:
- kill -TERM 1
volumeMounts:
- name: mariadb-ingress-etc
mountPath: /etc/nginx/template/nginx.tmpl
subPath: nginx.tmpl
readOnly: true
volumes:
- name: mariadb-ingress-etc
configMap:
name: mariadb-ingress-etc
defaultMode: 0444
{{- end }}

32
mariadb/templates/service-error.yaml
View File

@ -1,32 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_error }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
name: {{ tuple "oslo_db" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
clusterIP: None
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

31
mariadb/templates/service-ingress.yaml
View File

@ -1,31 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ingress }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
name: {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: mysql
port: {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
selector:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

3
mariadb/templates/service-master.yaml
View File

@ -13,9 +13,6 @@ limitations under the License.
*/}}
{{- if .Values.manifests.service_master }}
{{- if .Values.manifests.service_ingress }}
{{- fail ".Values.manifests.service_ingress and .Values.manifests.service_master are mutually exclusive" }}
{{- end }}
{{- $envAll := . }}
---

54
mariadb/values.yaml
View File

@ -21,8 +21,6 @@ release_group: null
images:
tags:
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
ingress: registry.k8s.io/ingress-nginx/controller:v1.11.2
error_pages: k8s.gcr.io/defaultbackend-amd64:1.5
prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
@ -43,15 +41,9 @@ labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
ingress:
node_selector_key: openstack-control-plane
node_selector_value: enabled
prometheus_mysql_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
error_server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@ -95,20 +87,6 @@ pod:
runAsUser: 999
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
ingress:
pod:
runAsUser: 65534
container:
server:
runAsUser: 0
readOnlyRootFilesystem: false
error_pages:
pod:
runAsUser: 65534
container:
server:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
prometheus_mysql_exporter:
pod:
runAsUser: 99
@ -172,8 +150,6 @@ pod:
effect: NoSchedule
replicas:
server: 3
ingress: 2
error_page: 1
controller: 1
lifecycle:
upgrades:
@ -183,9 +159,6 @@ pod:
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
error_pages:
timeout: 10
disruption_budget:
mariadb:
min_available: 0
@ -198,13 +171,6 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
ingress:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
tests:
limits:
@ -252,13 +218,6 @@ dependencies:
- endpoint: node
service: local_image_registry
static:
error_pages:
jobs: null
ingress:
jobs: null
services:
- endpoint: error_pages
service: oslo_db
mariadb_backup:
jobs:
- mariadb-ks-user
@ -314,7 +273,6 @@ jobs:
conf:
tests:
# This may either be:
# * internal: which will hit the endpoint exposed by the ingress controller
# * direct: which will hit the backends directly via a k8s service ip
# Note, deadlocks and failure are to be expected with concurrency if
# hitting the `direct` endpoint.
@ -326,10 +284,6 @@ conf:
- --number-of-queries=1000
- --number-char-cols=1
- --number-int-cols=1
ingress: null
ingress_conf:
worker-processes: "auto"
log-format-stream: "\"$remote_addr [$time_local] $protocol $status $bytes_received $bytes_sent $upstream_addr $upstream_connect_time $upstream_first_byte_time $upstream_session_time $session_time\""
mariadb_server:
setup_wait:
iteration: 30
@ -600,7 +554,6 @@ endpoints:
default: mariadb
direct: mariadb-server
discovery: mariadb-discovery
error_pages: mariadb-ingress-error-pages
host_fqdn_override:
default: null
path: null
@ -672,8 +625,6 @@ endpoints:
network:
mariadb: {}
mariadb_discovery: {}
mariadb_ingress: {}
mariadb_ingress_error_pages: {}
mariadb_master: {}
network_policy:
@ -696,11 +647,7 @@ manifests:
certificates: false
configmap_bin: true
configmap_etc: true
configmap_ingress_conf: false
configmap_ingress_etc: false
configmap_services_tcp: true
deployment_error: false
deployment_ingress: false
job_image_repo_sync: true
cron_job_mariadb_backup: false
job_ks_user: false
@ -720,7 +667,6 @@ manifests:
secret_etc: true
secret_registry: true
service_discovery: true
service_ingress: false
service_error: false
service: true
statefulset: true

17
mariadb/values_overrides/ingress-service.yaml
View File

@ -1,17 +0,0 @@
---
manifests:
deployment_ingress: true
deployment_error: true
service_ingress: true
configmap_ingress_conf: true
configmap_ingress_etc: true
service_error: true
conf:
galera:
cluster_leader_ttl: 120
endpoints:
oslo_db:
hosts:
default: mariadb
primary: mariadb-primary-service
...

1
releasenotes/notes/mariadb.yaml
View File

@ -64,4 +64,5 @@ mariadb:
- 0.2.46 Avoid using cluster endpoints
- 0.2.47 Deploy exporter as sidecar
- 0.2.48 Switch to mariadb controller deployment
- 0.2.49 Remove ingress deployment
...