diff --git a/mariadb/.helmignore b/mariadb/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/mariadb/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml deleted file mode 100644 index 8f6d1a2a42..0000000000 --- a/mariadb/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: OpenStack-Helm MariaDB -name: mariadb -version: 0.1.0 -home: https://mariadb.com/kb/en/ -icon: http://badges.mariadb.org/mariadb-badge-180x60.png -sources: - - https://github.com/MariaDB/server - - https://git.openstack.org/cgit/openstack/openstack-helm -maintainers: - - name: OpenStack-Helm Authors diff --git a/mariadb/README.rst b/mariadb/README.rst deleted file mode 100644 index 93af0868a1..0000000000 --- a/mariadb/README.rst +++ /dev/null @@ -1,38 +0,0 @@ -openstack-helm/mariadb -====================== - -By default, this chart creates a 3-member mariadb galera cluster. - -This chart leverages StatefulSets, with persistent storage. - -It creates a job that acts as a temporary standalone galera cluster. -This host is bootstrapped with authentication and then the WSREP -bindings are exposed publicly. The cluster members being StatefulSets -are provisioned one at a time. The first host must be marked as -``Ready`` before the next host will be provisioned. This is determined -by the readinessProbes which actually validate that MySQL is up and -responsive. - -The configuration leverages xtrabackup-v2 for synchronization. This may -later be augmented to leverage rsync which has some benefits. - -Once the seed job completes, which completes only when galera reports -that it is Synced and all cluster members are reporting in thus matching -the cluster count according to the job to the replica count in the helm -values configuration, the job is terminated. When the job is no longer -active, future StatefulSets provisioned will leverage the existing -cluster members as gcomm endpoints. It is only when the job is running -that the cluster members leverage the seed job as their gcomm endpoint. -This ensures you can restart members and scale the cluster. - -The StatefulSets all leverage PVCs to provide stateful storage to -``/var/lib/mysql``. - -You must ensure that your control nodes that should receive mariadb -instances are labeled with ``openstack-control-plane=enabled``, or -whatever you have configured in values.yaml for the label -configuration: - -:: - - kubectl label nodes openstack-control-plane=enabled --all diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl deleted file mode 100644 index b74b2b6331..0000000000 --- a/mariadb/files/nginx.tmpl +++ /dev/null @@ -1,901 +0,0 @@ -{{ $all := . }} -{{ $servers := .Servers }} -{{ $cfg := .Cfg }} -{{ $IsIPV6Enabled := .IsIPV6Enabled }} -{{ $healthzURI := .HealthzURI }} -{{ $backends := .Backends }} -{{ $proxyHeaders := .ProxySetHeaders }} -{{ $addHeaders := .AddHeaders }} - -{{ if $cfg.EnableModsecurity }} -load_module /etc/nginx/modules/ngx_http_modsecurity_module.so; -{{ end }} - -{{ if $cfg.EnableOpentracing }} -load_module /etc/nginx/modules/ngx_http_opentracing_module.so; -{{ end }} - -{{ if (and $cfg.EnableOpentracing (ne $cfg.ZipkinCollectorHost "")) }} -load_module /etc/nginx/modules/ngx_http_zipkin_module.so; -{{ end }} - -daemon off; - -worker_processes {{ $cfg.WorkerProcesses }}; -pid /run/nginx.pid; -{{ if ne .MaxOpenFiles 0 }} -worker_rlimit_nofile {{ .MaxOpenFiles }}; -{{ end}} - -{{/* http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout */}} -{{/* avoid waiting too long during a reload */}} -worker_shutdown_timeout {{ $cfg.WorkerShutdownTimeout }} ; - -events { - multi_accept on; - worker_connections {{ $cfg.MaxWorkerConnections }}; - use epoll; -} - -http { - {{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}} - {{ if $cfg.UseProxyProtocol }} - real_ip_header proxy_protocol; - {{ else }} - real_ip_header {{ $cfg.ForwardedForHeader }}; - {{ end }} - - real_ip_recursive on; - {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} - set_real_ip_from {{ $trusted_ip }}; - {{ end }} - - {{/* databases used to determine the country depending on the client IP address */}} - {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}} - {{/* this is require to calculate traffic for individual country using GeoIP in the status page */}} - geoip_country /etc/nginx/GeoIP.dat; - geoip_city /etc/nginx/GeoLiteCity.dat; - geoip_proxy_recursive on; - - {{ if $cfg.EnableVtsStatus }} - vhost_traffic_status_zone shared:vhost_traffic_status:{{ $cfg.VtsStatusZoneSize }}; - vhost_traffic_status_filter_by_set_key {{ $cfg.VtsDefaultFilterKey }}; - {{ end }} - - sendfile on; - - aio threads; - aio_write on; - - tcp_nopush on; - tcp_nodelay on; - - log_subrequest on; - - reset_timedout_connection on; - - keepalive_timeout {{ $cfg.KeepAlive }}s; - keepalive_requests {{ $cfg.KeepAliveRequests }}; - - client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; - client_header_timeout {{ $cfg.ClientHeaderTimeout }}s; - large_client_header_buffers {{ $cfg.LargeClientHeaderBuffers }}; - client_body_buffer_size {{ $cfg.ClientBodyBufferSize }}; - client_body_timeout {{ $cfg.ClientBodyTimeout }}s; - - http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; - http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; - - types_hash_max_size 2048; - server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; - server_names_hash_bucket_size {{ $cfg.ServerNameHashBucketSize }}; - map_hash_bucket_size {{ $cfg.MapHashBucketSize }}; - - proxy_headers_hash_max_size {{ $cfg.ProxyHeadersHashMaxSize }}; - proxy_headers_hash_bucket_size {{ $cfg.ProxyHeadersHashBucketSize }}; - - variables_hash_bucket_size {{ $cfg.VariablesHashBucketSize }}; - variables_hash_max_size {{ $cfg.VariablesHashMaxSize }}; - - underscores_in_headers {{ if $cfg.EnableUnderscoresInHeaders }}on{{ else }}off{{ end }}; - ignore_invalid_headers {{ if $cfg.IgnoreInvalidHeaders }}on{{ else }}off{{ end }}; - - {{ if $cfg.EnableOpentracing }} - opentracing on; - {{ end }} - - {{ if (and $cfg.EnableOpentracing (ne $cfg.ZipkinCollectorHost "")) }} - zipkin_collector_host {{ $cfg.ZipkinCollectorHost }}; - zipkin_collector_port {{ $cfg.ZipkinCollectorPort }}; - zipkin_service_name {{ $cfg.ZipkinServiceName }}; - {{ end }} - - include /etc/nginx/mime.types; - default_type text/html; - - {{ if $cfg.EnableBrotli }} - brotli on; - brotli_comp_level {{ $cfg.BrotliLevel }}; - brotli_types {{ $cfg.BrotliTypes }}; - {{ end }} - - {{ if $cfg.UseGzip }} - gzip on; - gzip_comp_level 5; - gzip_http_version 1.1; - gzip_min_length 256; - gzip_types {{ $cfg.GzipTypes }}; - gzip_proxied any; - gzip_vary on; - {{ end }} - - # Custom headers for response - {{ range $k, $v := $addHeaders }} - add_header {{ $k }} "{{ $v }}"; - {{ end }} - - server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }}; - - # disable warnings - uninitialized_variable_warn off; - - # Additional available variables: - # $namespace - # $ingress_name - # $service_name - log_format upstreaminfo {{ if $cfg.LogFormatEscapeJSON }}escape=json {{ end }}'{{ buildLogFormatUpstream $cfg }}'; - - {{/* map urls that should not appear in access.log */}} - {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}} - map $request_uri $loggable { - {{ range $reqUri := $cfg.SkipAccessLogURLs }} - {{ $reqUri }} 0;{{ end }} - default 1; - } - - {{ if $cfg.DisableAccessLog }} - access_log off; - {{ else }} - access_log {{ $cfg.AccessLogPath }} upstreaminfo if=$loggable; - {{ end }} - error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }}; - - {{ buildResolvers $cfg.Resolver }} - - {{/* Whenever nginx proxies a request without a "Connection" header, the "Connection" header is set to "close" */}} - {{/* when making the target request. This means that you cannot simply use */}} - {{/* "proxy_set_header Connection $http_connection" for WebSocket support because in this case, the */}} - {{/* "Connection" header would be set to "" whenever the original request did not have a "Connection" header, */}} - {{/* which would mean no "Connection" header would be in the target request. Since this would deviate from */}} - {{/* normal nginx behavior we have to use this approach. */}} - # Retain the default nginx handling of requests without a "Connection" header - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - map {{ buildForwardedFor $cfg.ForwardedForHeader }} $the_real_ip { - {{ if $cfg.UseProxyProtocol }} - # Get IP address from Proxy Protocol - default $proxy_protocol_addr; - {{ else }} - default $remote_addr; - {{ end }} - } - - # trust http_x_forwarded_proto headers correctly indicate ssl offloading - map $http_x_forwarded_proto $pass_access_scheme { - default $http_x_forwarded_proto; - '' $scheme; - } - - map $http_x_forwarded_port $pass_server_port { - default $http_x_forwarded_port; - '' $server_port; - } - - map $http_x_forwarded_host $best_http_host { - default $http_x_forwarded_host; - '' $this_host; - } - - {{ if $all.IsSSLPassthroughEnabled }} - # map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port - map $pass_server_port $pass_port { - {{ $all.ListenPorts.SSLProxy }} 443; - default $pass_server_port; - } - {{ else }} - map $pass_server_port $pass_port { - 443 443; - default $pass_server_port; - } - {{ end }} - - # Obtain best http host - map $http_host $this_host { - default $http_host; - '' $host; - } - - {{ if $cfg.ComputeFullForwardedFor }} - # We can't use $proxy_add_x_forwarded_for because the realip module - # replaces the remote_addr too soon - map $http_x_forwarded_for $full_x_forwarded_for { - {{ if $all.Cfg.UseProxyProtocol }} - default "$http_x_forwarded_for, $proxy_protocol_addr"; - '' "$proxy_protocol_addr"; - {{ else }} - default "$http_x_forwarded_for, $realip_remote_addr"; - '' "$realip_remote_addr"; - {{ end}} - } - {{ end }} - - server_name_in_redirect off; - port_in_redirect off; - - ssl_protocols {{ $cfg.SSLProtocols }}; - - # turn on session caching to drastically improve performance - {{ if $cfg.SSLSessionCache }} - ssl_session_cache builtin:1000 shared:SSL:{{ $cfg.SSLSessionCacheSize }}; - ssl_session_timeout {{ $cfg.SSLSessionTimeout }}; - {{ end }} - - # allow configuring ssl session tickets - ssl_session_tickets {{ if $cfg.SSLSessionTickets }}on{{ else }}off{{ end }}; - - {{ if not (empty $cfg.SSLSessionTicketKey ) }} - ssl_session_ticket_key /etc/nginx/tickets.key; - {{ end }} - - # slightly reduce the time-to-first-byte - ssl_buffer_size {{ $cfg.SSLBufferSize }}; - - {{ if not (empty $cfg.SSLCiphers) }} - # allow configuring custom ssl ciphers - ssl_ciphers '{{ $cfg.SSLCiphers }}'; - ssl_prefer_server_ciphers on; - {{ end }} - - {{ if not (empty $cfg.SSLDHParam) }} - # allow custom DH file http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam - ssl_dhparam {{ $cfg.SSLDHParam }}; - {{ end }} - - {{ if not $cfg.EnableDynamicTLSRecords }} - ssl_dyn_rec_size_lo 0; - {{ end }} - - ssl_ecdh_curve {{ $cfg.SSLECDHCurve }}; - - {{ if .CustomErrors }} - # Custom error pages - proxy_intercept_errors on; - {{ end }} - - {{ range $errCode := $cfg.CustomHTTPErrors }} - error_page {{ $errCode }} = @custom_{{ $errCode }};{{ end }} - - proxy_ssl_session_reuse on; - - {{ if $cfg.AllowBackendServerHeader }} - proxy_pass_header Server; - {{ end }} - - {{ if not (empty $cfg.HTTPSnippet) }} - # Custom code snippet configured in the configuration configmap - {{ $cfg.HTTPSnippet }} - {{ end }} - - {{ range $name, $upstream := $backends }} - {{ if eq $upstream.SessionAffinity.AffinityType "cookie" }} - upstream sticky-{{ $upstream.Name }} { - sticky hash={{ $upstream.SessionAffinity.CookieSessionAffinity.Hash }} name={{ $upstream.SessionAffinity.CookieSessionAffinity.Name }} httponly; - - {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }} - keepalive {{ $cfg.UpstreamKeepaliveConnections }}; - {{ end }} - - {{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }}; - {{ end }} - - } - - {{ end }} - - - upstream {{ $upstream.Name }} { - # Load balance algorithm; empty for round robin, which is the default - {{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }} - {{ $cfg.LoadBalanceAlgorithm }}; - {{ end }} - - {{ if $upstream.UpstreamHashBy }} - hash {{ $upstream.UpstreamHashBy }} consistent; - {{ end }} - - {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }} - keepalive {{ $cfg.UpstreamKeepaliveConnections }}; - {{ end }} - - {{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }}; - {{ end }} - } - - {{ end }} - - {{/* build the maps that will be use to validate the Whitelist */}} - {{ range $index, $server := $servers }} - {{ range $location := $server.Locations }} - {{ $path := buildLocation $location }} - - {{ if isLocationAllowed $location }} - {{ if gt (len $location.Whitelist.CIDR) 0 }} - - # Deny for {{ print $server.Hostname $path }} - geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} { - default 1; - - {{ range $ip := $location.Whitelist.CIDR }} - {{ $ip }} 0;{{ end }} - } - {{ end }} - {{ end }} - {{ end }} - {{ end }} - - {{ range $rl := (filterRateLimits $servers ) }} - # Ratelimit {{ $rl.Name }} - geo $the_real_ip $whitelist_{{ $rl.ID }} { - default 0; - {{ range $ip := $rl.Whitelist }} - {{ $ip }} 1;{{ end }} - } - - # Ratelimit {{ $rl.Name }} - map $whitelist_{{ $rl.ID }} $limit_{{ $rl.ID }} { - 0 {{ $cfg.LimitConnZoneVariable }}; - 1 ""; - } - {{ end }} - - {{/* build all the required rate limit zones. Each annotation requires a dedicated zone */}} - {{/* 1MB -> 16 thousand 64-byte states or about 8 thousand 128-byte states */}} - {{ range $zone := (buildRateLimitZones $servers) }} - {{ $zone }} - {{ end }} - - {{/* Build server redirects (from/to www) */}} - {{ range $hostname, $to := .RedirectServers }} - server { - {{ range $address := $all.Cfg.BindAddressIpv4 }} - listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}; - listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} ssl; - {{ else }} - listen {{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}; - listen {{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} ssl; - {{ end }} - {{ if $IsIPV6Enabled }} - {{ range $address := $all.Cfg.BindAddressIpv6 }} - listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}; - listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}; - {{ else }} - listen [::]:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}; - listen [::]:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}; - {{ end }} - {{ end }} - server_name {{ $hostname }}; - - {{ if ne $all.ListenPorts.HTTPS 443 }} - {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }} - return {{ $all.Cfg.HTTPRedirectCode }} $scheme://{{ $to }}{{ $redirect_port }}$request_uri; - {{ else }} - return {{ $all.Cfg.HTTPRedirectCode }} $scheme://{{ $to }}$request_uri; - {{ end }} - } - {{ end }} - - {{ range $index, $server := $servers }} - - ## start server {{ $server.Hostname }} - server { - server_name {{ $server.Hostname }} {{ $server.Alias }}; - {{ template "SERVER" serverConfig $all $server }} - - {{ if not (empty $cfg.ServerSnippet) }} - # Custom code snippet configured in the configuration configmap - {{ $cfg.ServerSnippet }} - {{ end }} - - {{ template "CUSTOM_ERRORS" $all }} - } - ## end server {{ $server.Hostname }} - - {{ end }} - - # default server, used for NGINX healthcheck and access to nginx stats - server { - # Use the port {{ $all.ListenPorts.Status }} (random value just to avoid known ports) as default port for nginx. - # Changing this value requires a change in: - # https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/pkg/cmd/controller/nginx.go - listen {{ $all.ListenPorts.Status }} default_server reuseport backlog={{ $all.BacklogSize }}; - {{ if $IsIPV6Enabled }}listen [::]:{{ $all.ListenPorts.Status }} default_server reuseport backlog={{ $all.BacklogSize }};{{ end }} - set $proxy_upstream_name "-"; - - location {{ $healthzURI }} { - access_log off; - return 200; - } - - location /nginx_status { - set $proxy_upstream_name "internal"; - - {{ if $cfg.EnableVtsStatus }} - vhost_traffic_status_display; - vhost_traffic_status_display_format html; - {{ else }} - access_log off; - stub_status on; - {{ end }} - } - - location / { - {{ if .CustomErrors }} - proxy_set_header X-Code 404; - {{ end }} - set $proxy_upstream_name "upstream-default-backend"; - proxy_pass http://upstream-default-backend; - } - - {{ template "CUSTOM_ERRORS" $all }} - } -} - -stream { - log_format log_stream {{ $cfg.LogFormatStream }}; - - {{ if $cfg.DisableAccessLog }} - access_log off; - {{ else }} - access_log {{ $cfg.AccessLogPath }} log_stream; - {{ end }} - - error_log {{ $cfg.ErrorLogPath }}; - - # TCP services - {{ range $i, $tcpServer := .TCPBackends }} - upstream tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }} { - # NOTE(portdirect): mark the 1st server as up, the 2nd as backup, and all others as down. - # The ingress controller will manage this list, based on the health checks in the backend pods, - # which approximates the pattern commonly used by Haproxy's httpchk. - {{ range $j, $endpoint := $tcpServer.Endpoints }} - {{ if eq $j 0 }} - # NOTE(portdirect): see https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/#passive-tcp-health-checks to tune passive healthchecks - server {{ $endpoint.Address }}:{{ $endpoint.Port }}; - {{ else if eq $j 1 }} - server {{ $endpoint.Address }}:{{ $endpoint.Port }} backup; - {{ else }} - server {{ $endpoint.Address }}:{{ $endpoint.Port }} down; - {{ end }} - {{ end }} - } - server { - {{ range $address := $all.Cfg.BindAddressIpv4 }} - listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }}; - {{ else }} - listen {{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }}; - {{ end }} - {{ if $IsIPV6Enabled }} - {{ range $address := $all.Cfg.BindAddressIpv6 }} - listen {{ $address }}:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }}; - {{ else }} - listen [::]:{{ $tcpServer.Port }}{{ if $tcpServer.Backend.ProxyProtocol.Decode }} proxy_protocol{{ end }}; - {{ end }} - {{ end }} - proxy_timeout {{ $cfg.ProxyStreamTimeout }}; - proxy_pass tcp-{{ $tcpServer.Port }}-{{ $tcpServer.Backend.Namespace }}-{{ $tcpServer.Backend.Name }}-{{ $tcpServer.Backend.Port }}; - {{ if $tcpServer.Backend.ProxyProtocol.Encode }} - proxy_protocol on; - {{ end }} - } - - {{ end }} - - # UDP services - {{ range $i, $udpServer := .UDPBackends }} - upstream udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }} { - {{ range $j, $endpoint := $udpServer.Endpoints }} - server {{ $endpoint.Address }}:{{ $endpoint.Port }}; - {{ end }} - } - - server { - {{ range $address := $all.Cfg.BindAddressIpv4 }} - listen {{ $address }}:{{ $udpServer.Port }} udp; - {{ else }} - listen {{ $udpServer.Port }} udp; - {{ end }} - {{ if $IsIPV6Enabled }} - {{ range $address := $all.Cfg.BindAddressIpv6 }} - listen {{ $address }}:{{ $udpServer.Port }} udp; - {{ else }} - listen [::]:{{ $udpServer.Port }} udp; - {{ end }} - {{ end }} - proxy_responses {{ $cfg.ProxyStreamResponses }}; - proxy_timeout {{ $cfg.ProxyStreamTimeout }}; - proxy_pass udp-{{ $udpServer.Port }}-{{ $udpServer.Backend.Namespace }}-{{ $udpServer.Backend.Name }}-{{ $udpServer.Backend.Port }}; - } - - {{ end }} -} - -{{/* definition of templates to avoid repetitions */}} -{{ define "CUSTOM_ERRORS" }} - {{ $proxySetHeaders := .ProxySetHeaders }} - {{ range $errCode := .Cfg.CustomHTTPErrors }} - location @custom_{{ $errCode }} { - internal; - - proxy_intercept_errors off; - - proxy_set_header X-Code {{ $errCode }}; - proxy_set_header X-Format $http_accept; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Namespace $namespace; - proxy_set_header X-Ingress-Name $ingress_name; - proxy_set_header X-Service-Name $service_name; - - rewrite (.*) / break; - proxy_pass http://upstream-default-backend; - } - {{ end }} -{{ end }} - -{{/* CORS support from https://michielkalkman.com/snippets/nginx-cors-open-configuration.html */}} -{{ define "CORS" }} - {{ $cors := .CorsConfig }} - # Cors Preflight methods needs additional options and different Return Code - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}' always; - {{ if $cors.CorsAllowCredentials }} add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}' always; {{ end }} - add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}' always; - add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}' always; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - - add_header 'Access-Control-Allow-Origin' '{{ $cors.CorsAllowOrigin }}' always; - {{ if $cors.CorsAllowCredentials }} add_header 'Access-Control-Allow-Credentials' '{{ $cors.CorsAllowCredentials }}' always; {{ end }} - add_header 'Access-Control-Allow-Methods' '{{ $cors.CorsAllowMethods }}' always; - add_header 'Access-Control-Allow-Headers' '{{ $cors.CorsAllowHeaders }}' always; - -{{ end }} - -{{/* definition of server-template to avoid repetitions with server-alias */}} -{{ define "SERVER" }} - {{ $all := .First }} - {{ $server := .Second }} - {{ range $address := $all.Cfg.BindAddressIpv4 }} - listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}}; - {{ else }} - listen {{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}}; - {{ end }} - {{ if $all.IsIPV6Enabled }} - {{ range $address := $all.Cfg.BindAddressIpv6 }} - listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }}; - {{ else }} - listen [::]:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }}; - {{ end }} - {{ end }} - set $proxy_upstream_name "-"; - - {{/* Listen on {{ $all.ListenPorts.SSLProxy }} because port {{ $all.ListenPorts.HTTPS }} is used in the TLS sni server */}} - {{/* This listener must always have proxy_protocol enabled, because the SNI listener forwards on source IP info in it. */}} - {{ if not (empty $server.SSLCertificate) }} - {{ range $address := $all.Cfg.BindAddressIpv4 }} - listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }}; - {{ else }} - listen {{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }}; - {{ end }} - {{ if $all.IsIPV6Enabled }} - {{ range $address := $all.Cfg.BindAddressIpv6 }} - {{ if not (empty $server.SSLCertificate) }}listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }}; - {{ else }} - {{ if not (empty $server.SSLCertificate) }}listen [::]:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }}; - {{ end }} - {{ end }} - {{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}} - # PEM sha: {{ $server.SSLPemChecksum }} - ssl_certificate {{ $server.SSLCertificate }}; - ssl_certificate_key {{ $server.SSLCertificate }}; - {{ if not (empty $server.SSLFullChainCertificate)}} - ssl_trusted_certificate {{ $server.SSLFullChainCertificate }}; - ssl_stapling on; - ssl_stapling_verify on; - {{ end }} - {{ end }} - - {{ if (and (not (empty $server.SSLCertificate)) $all.Cfg.HSTS) }} - more_set_headers "Strict-Transport-Security: max-age={{ $all.Cfg.HSTSMaxAge }}{{ if $all.Cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }};{{ if $all.Cfg.HSTSPreload }} preload{{ end }}"; - {{ end }} - - - {{ if not (empty $server.CertificateAuth.CAFileName) }} - # PEM sha: {{ $server.CertificateAuth.PemSHA }} - ssl_client_certificate {{ $server.CertificateAuth.CAFileName }}; - ssl_verify_client {{ $server.CertificateAuth.VerifyClient }}; - ssl_verify_depth {{ $server.CertificateAuth.ValidationDepth }}; - {{ if not (empty $server.CertificateAuth.ErrorPage)}} - error_page 495 496 = {{ $server.CertificateAuth.ErrorPage }}; - {{ end }} - {{ end }} - - {{ if not (empty $server.ServerSnippet) }} - {{ $server.ServerSnippet }} - {{ end }} - - {{ range $location := $server.Locations }} - {{ $path := buildLocation $location }} - {{ $authPath := buildAuthLocation $location }} - - {{ if not (empty $location.Rewrite.AppRoot)}} - if ($uri = /) { - return 302 {{ $location.Rewrite.AppRoot }}; - } - {{ end }} - - {{ if not (empty $authPath) }} - location = {{ $authPath }} { - internal; - set $proxy_upstream_name "external-authentication"; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - {{ if not (empty $location.ExternalAuth.Method) }} - proxy_method {{ $location.ExternalAuth.Method }}; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Scheme $pass_access_scheme; - {{ end }} - - proxy_set_header Host {{ $location.ExternalAuth.Host }}; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Original-Method $request_method; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Sent-From "nginx-ingress-controller"; - - proxy_http_version 1.1; - proxy_ssl_server_name on; - proxy_pass_request_headers on; - client_max_body_size "{{ $location.Proxy.BodySize }}"; - {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }} - client_body_buffer_size {{ $location.ClientBodyBufferSize }}; - {{ end }} - - set $target {{ $location.ExternalAuth.URL }}; - proxy_pass $target; - } - {{ end }} - - location {{ $path }} { - {{ if $all.Cfg.EnableVtsStatus }}{{ if $location.VtsFilterKey }} vhost_traffic_status_filter_by_set_key {{ $location.VtsFilterKey }};{{ end }}{{ end }} - - set $proxy_upstream_name "{{ buildUpstreamName $server.Hostname $all.Backends $location }}"; - - {{ $ing := (getIngressInformation $location.Ingress $path) }} - {{/* $ing.Metadata contains the Ingress metadata */}} - set $namespace "{{ $ing.Namespace }}"; - set $ingress_name "{{ $ing.Rule }}"; - set $service_name "{{ $ing.Service }}"; - - {{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }} - # enforce ssl on server side - if ($pass_access_scheme = http) { - {{ if ne $all.ListenPorts.HTTPS 443 }} - {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }} - return {{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host{{ $redirect_port }}$request_uri; - {{ else }} - return {{ $all.Cfg.HTTPRedirectCode }} https://$best_http_host$request_uri; - {{ end }} - } - {{ end }} - - {{ if $all.Cfg.EnableModsecurity }} - modsecurity on; - - modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf; - {{ if $all.Cfg.EnableOWASPCoreRules }} - modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf; - {{ end }} - {{ end }} - - {{ if isLocationAllowed $location }} - {{ if gt (len $location.Whitelist.CIDR) 0 }} - if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) { - return 403; - } - {{ end }} - - port_in_redirect {{ if $location.UsePortInRedirects }}on{{ else }}off{{ end }}; - - {{ if not (empty $authPath) }} - # this location requires authentication - auth_request {{ $authPath }}; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - {{- range $idx, $line := buildAuthResponseHeaders $location }} - {{ $line }} - {{- end }} - {{ end }} - - {{ if not (empty $location.ExternalAuth.SigninURL) }} - error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }}; - {{ end }} - - {{/* if the location contains a rate limit annotation, create one */}} - {{ $limits := buildRateLimit $location }} - {{ range $limit := $limits }} - {{ $limit }}{{ end }} - - {{ if $location.BasicDigestAuth.Secured }} - {{ if eq $location.BasicDigestAuth.Type "basic" }} - auth_basic "{{ $location.BasicDigestAuth.Realm }}"; - auth_basic_user_file {{ $location.BasicDigestAuth.File }}; - {{ else }} - auth_digest "{{ $location.BasicDigestAuth.Realm }}"; - auth_digest_user_file {{ $location.BasicDigestAuth.File }}; - {{ end }} - proxy_set_header Authorization ""; - {{ end }} - - {{ if $location.CorsConfig.CorsEnabled }} - {{ template "CORS" $location }} - {{ end }} - - {{ if not (empty $location.Redirect.URL) }} - if ($uri ~* {{ $path }}) { - return {{ $location.Redirect.Code }} {{ $location.Redirect.URL }}; - } - {{ end }} - - client_max_body_size "{{ $location.Proxy.BodySize }}"; - {{ if isValidClientBodyBufferSize $location.ClientBodyBufferSize }} - client_body_buffer_size {{ $location.ClientBodyBufferSize }}; - {{ end }} - - {{/* By default use vhost as Host to upstream, but allow overrides */}} - {{ if not (empty $location.UpstreamVhost) }} - proxy_set_header Host "{{ $location.UpstreamVhost }}"; - {{ else }} - proxy_set_header Host $best_http_host; - {{ end }} - - - # Pass the extracted client certificate to the backend - {{ if not (empty $server.CertificateAuth.CAFileName) }} - {{ if $server.CertificateAuth.PassCertToUpstream }} - proxy_set_header ssl-client-cert $ssl_client_escaped_cert; - {{ else }} - proxy_set_header ssl-client-cert ""; - {{ end }} - proxy_set_header ssl-client-verify $ssl_client_verify; - proxy_set_header ssl-client-dn $ssl_client_s_dn; - {{ else }} - proxy_set_header ssl-client-cert ""; - proxy_set_header ssl-client-verify ""; - proxy_set_header ssl-client-dn ""; - {{ end }} - - # Allow websocket connections - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_set_header X-Real-IP $the_real_ip; - {{ if $all.Cfg.ComputeFullForwardedFor }} - proxy_set_header X-Forwarded-For $full_x_forwarded_for; - {{ else }} - proxy_set_header X-Forwarded-For $the_real_ip; - {{ end }} - proxy_set_header X-Forwarded-Host $best_http_host; - proxy_set_header X-Forwarded-Port $pass_port; - proxy_set_header X-Forwarded-Proto $pass_access_scheme; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Scheme $pass_access_scheme; - - # Pass the original X-Forwarded-For - proxy_set_header X-Original-Forwarded-For {{ buildForwardedFor $all.Cfg.ForwardedForHeader }}; - - # mitigate HTTPoxy Vulnerability - # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ - proxy_set_header Proxy ""; - - # Custom headers to proxied server - {{ range $k, $v := $all.ProxySetHeaders }} - proxy_set_header {{ $k }} "{{ $v }}"; - {{ end }} - - proxy_connect_timeout {{ $location.Proxy.ConnectTimeout }}s; - proxy_send_timeout {{ $location.Proxy.SendTimeout }}s; - proxy_read_timeout {{ $location.Proxy.ReadTimeout }}s; - - {{ if (or (eq $location.Proxy.ProxyRedirectFrom "default") (eq $location.Proxy.ProxyRedirectFrom "off")) }} - proxy_redirect {{ $location.Proxy.ProxyRedirectFrom }}; - {{ else }} - proxy_redirect {{ $location.Proxy.ProxyRedirectFrom }} {{ $location.Proxy.ProxyRedirectTo }}; - {{ end }} - proxy_buffering off; - proxy_buffer_size "{{ $location.Proxy.BufferSize }}"; - proxy_buffers 4 "{{ $location.Proxy.BufferSize }}"; - proxy_request_buffering "{{ $location.Proxy.RequestBuffering }}"; - - proxy_http_version 1.1; - - proxy_cookie_domain {{ $location.Proxy.CookieDomain }}; - proxy_cookie_path {{ $location.Proxy.CookiePath }}; - - # In case of errors try the next upstream server before returning an error - proxy_next_upstream {{ buildNextUpstream $location.Proxy.NextUpstream $all.Cfg.RetryNonIdempotent }}; - - {{/* rewrite only works if the content is not compressed */}} - {{ if $location.Rewrite.AddBaseURL }} - proxy_set_header Accept-Encoding ""; - {{ end }} - - {{/* Add any additional configuration defined */}} - {{ $location.ConfigurationSnippet }} - - {{ if not (empty $all.Cfg.LocationSnippet) }} - # Custom code snippet configured in the configuration configmap - {{ $all.Cfg.LocationSnippet }} - {{ end }} - - {{/* if we are sending the request to a custom default backend, we add the required headers */}} - {{ if (hasPrefix $location.Backend "custom-default-backend-") }} - proxy_set_header X-Code 503; - proxy_set_header X-Format $http_accept; - proxy_set_header X-Namespace $namespace; - proxy_set_header X-Ingress-Name $ingress_name; - proxy_set_header X-Service-Name $service_name; - {{ end }} - - - {{ if not (empty $location.Backend) }} - {{ buildProxyPass $server.Hostname $all.Backends $location }} - {{ else }} - # No endpoints available for the request - return 503; - {{ end }} - {{ else }} - # Location denied. Reason: {{ $location.Denied }} - return 503; - {{ end }} - } - - {{ end }} - - {{ if eq $server.Hostname "_" }} - # health checks in cloud providers require the use of port {{ $all.ListenPorts.HTTP }} - location {{ $all.HealthzURI }} { - access_log off; - return 200; - } - - # this is required to avoid error if nginx is being monitored - # with an external software (like sysdig) - location /nginx_status { - allow 127.0.0.1; - {{ if $all.IsIPV6Enabled }}allow ::1;{{ end }} - deny all; - - access_log off; - stub_status on; - } - - {{ end }} - -{{ end }} diff --git a/mariadb/requirements.yaml b/mariadb/requirements.yaml deleted file mode 100644 index 53782e69b2..0000000000 --- a/mariadb/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: helm-toolkit - repository: http://localhost:8879/charts - version: 0.1.0 diff --git a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl deleted file mode 100644 index af6e0c0c74..0000000000 --- a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -function start () { - exec /usr/bin/dumb-init \ - /nginx-ingress-controller \ - --force-namespace-isolation \ - --watch-namespace ${POD_NAMESPACE} \ - --election-id=${RELEASE_NAME} \ - --ingress-class=${INGRESS_CLASS} \ - --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \ - --tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp -} - - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/mariadb/templates/bin/_mariadb-ingress-error-pages.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-error-pages.sh.tpl deleted file mode 100644 index cf62c33f48..0000000000 --- a/mariadb/templates/bin/_mariadb-ingress-error-pages.sh.tpl +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -if [ "x${COMMAND}" == "xstart" ]; then - exec /server -elif [ "x${COMMAND}" == "xstop" ]; then - kill -TERM 1 -fi diff --git a/mariadb/templates/bin/_readiness.sh.tpl b/mariadb/templates/bin/_readiness.sh.tpl deleted file mode 100644 index 86f513e217..0000000000 --- a/mariadb/templates/bin/_readiness.sh.tpl +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env bash - -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -e - -MYSQL="mysql \ - --defaults-file=/etc/mysql/admin_user.cnf \ - --host=localhost \ - --connect-timeout 2" - -mysql_status_query () { - STATUS=$1 - $MYSQL -e "show status like \"${STATUS}\"" | \ - awk "/${STATUS}/ { print \$NF; exit }" -} - -if ! $MYSQL -e 'select 1' > /dev/null 2>&1 ; then - exit 1 -fi - -if [ "x$(mysql_status_query wsrep_cluster_status)" != "xPrimary" ]; then - # Not in primary cluster - exit 1 -fi -if [ "x$(mysql_status_query wsrep_ready)" != "xON" ]; then - # WSREP not ready - exit 1 -fi -if [ "x$(mysql_status_query wsrep_local_state_comment)" != "xSynced" ]; then - # WSREP not synced - exit 1 -fi - -# If we made it this far, its safe to remove the bootstrap file if present -if [ -e ${BOOTSTRAP_FILE} ]; then - rm -f ${BOOTSTRAP_FILE} -fi diff --git a/mariadb/templates/bin/_start.sh.tpl b/mariadb/templates/bin/_start.sh.tpl deleted file mode 100644 index 6920a9af20..0000000000 --- a/mariadb/templates/bin/_start.sh.tpl +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/bash -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -xe - -# MariaDB 10.2.13 has a regression which breaks clustering, patch -# around this for now -if /usr/sbin/mysqld --version | grep --silent 10.2.13 ; then - sed -i 's^LSOF_OUT=.*^LSOF_OUT=$(lsof -sTCP:LISTEN -i TCP:${PORT} -a -c nc -c socat -F c 2> /dev/null || :)^' /usr/bin/wsrep_sst_xtrabackup-v2 -fi - -# Bootstrap database -CLUSTER_INIT_ARGS="" -CLUSTER_CONFIG_PATH=/etc/mysql/conf.d/10-cluster-config.cnf - -function exitWithManualRecovery() { - - UUID=$(sed -e 's/^.*uuid:[\ ,\t]*//' -e 'tx' -e 'd' -e ':x' /var/lib/mysql/grastate.dat) - SEQNO=$(sed -e 's/^.*seqno:[\ ,\t]*//' -e 'tx' -e 'd' -e ':x' /var/lib/mysql/grastate.dat) - - cat >/dev/stderr < - to force bootstrapping from the specified node. - - Remember to remove FORCE_RECOVERY after your nodes - are fully recovered! You may lose data otherwise. - -You can ignore this message and wait for the next restart if at -least one node started without errors. -EOF - - exit 1 -} - -# Construct cluster config -MEMBERS="" -for i in $(seq 1 ${MARIADB_REPLICAS}); do - if [ "$i" -eq "1" ]; then - NUM="0" - else - NUM="$(expr $i - 1)" - fi - CANDIDATE_POD="${POD_NAME_PREFIX}-$NUM.$(hostname -d)" - if [ "x${CANDIDATE_POD}" != "x${POD_NAME}.$(hostname -d)" ]; then - if [ -n "${MEMBERS}" ]; then - MEMBERS+=, - fi - MEMBERS+="${CANDIDATE_POD}:${WSREP_PORT}" - fi -done - -echo "Writing cluster config for ${POD_NAME} to ${CLUSTER_CONFIG_PATH}" -cat > ${CLUSTER_CONFIG_PATH} </dev/stderr </dev/stderr </var/lib/mysql/grastate.dat < "${BOOTSTRAP_FILE}" << EOF -DELETE FROM mysql.user ; -CREATE OR REPLACE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; -GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; -DROP DATABASE IF EXISTS test ; -FLUSH PRIVILEGES ; -EOF - - CLUSTER_INIT_ARGS="${CLUSTER_INIT_ARGS} --init-file=${BOOTSTRAP_FILE}" -fi - -exec mysqld ${CLUSTER_INIT_ARGS} diff --git a/mariadb/templates/bin/_stop.sh.tpl b/mariadb/templates/bin/_stop.sh.tpl deleted file mode 100644 index c197065a0d..0000000000 --- a/mariadb/templates/bin/_stop.sh.tpl +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -xe - -exec mysqladmin \ - --defaults-file=/etc/mysql/admin_user.cnf \ - --host=localhost \ - --connect-timeout 2 \ - shutdown diff --git a/mariadb/templates/configmap-bin.yaml b/mariadb/templates/configmap-bin.yaml deleted file mode 100644 index 5e0b62cfc9..0000000000 --- a/mariadb/templates/configmap-bin.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_bin }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mariadb-bin -data: -{{- if .Values.images.local_registry.active }} - image-repo-sync.sh: | -{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -{{- end }} - mariadb-ingress-controller.sh: | -{{ tuple "bin/_mariadb-ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - mariadb-ingress-error-pages.sh: | -{{ tuple "bin/_mariadb-ingress-error-pages.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - readiness.sh: | -{{ tuple "bin/_readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - start.sh: | -{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - stop.sh: | -{{ tuple "bin/_stop.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/configmap-etc.yaml b/mariadb/templates/configmap-etc.yaml deleted file mode 100644 index aa11d5db95..0000000000 --- a/mariadb/templates/configmap-etc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_etc }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mariadb-etc -data: - my.cnf: | -{{ tuple "etc/_my.cnf.tpl" $envAll | include "helm-toolkit.utils.template" | indent 4 }} - 00-base.cnf: | -{{ tuple "etc/_00-base.cnf.tpl" $envAll | include "helm-toolkit.utils.template" | indent 4 }} - 20-override.cnf: | -{{ tuple "etc/_20-override.cnf.tpl" $envAll | include "helm-toolkit.utils.template" | indent 4 }} - 99-force.cnf: | -{{ tuple "etc/_99-force.cnf.tpl" $envAll | include "helm-toolkit.utils.template" | indent 4 }} -{{- if $envAll.Values.conf.ingress }} - nginx.tmpl: | -{{ $envAll.Values.conf.ingress | indent 4 }} -{{- else }} -{{ ( $envAll.Files.Glob "files/nginx.tmpl" ).AsConfig | indent 2 }} -{{- end }} -{{- end }} diff --git a/mariadb/templates/configmap-services-tcp.yaml b/mariadb/templates/configmap-services-tcp.yaml deleted file mode 100644 index 605a186091..0000000000 --- a/mariadb/templates/configmap-services-tcp.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_services_tcp }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mariadb-services-tcp -data: - {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}: "{{ .Release.Namespace }}/{{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" -{{- end }} diff --git a/mariadb/templates/deployment-error.yaml b/mariadb/templates/deployment-error.yaml deleted file mode 100644 index 87d4c16160..0000000000 --- a/mariadb/templates/deployment-error.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_error }} -{{- $envAll := . }} - -{{- $serviceAccountName := "mariadb-ingress-error-pages"}} -{{ tuple $envAll "error_pages" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mariadb-ingress-error-pages - labels: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.error_page }} - selector: - matchLabels: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value }} - terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} - initContainers: -{{ tuple $envAll "error_pages" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ingress-error-pages -{{ tuple $envAll "error_pages" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.error_pages | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - command: - - /tmp/mariadb-ingress-error-pages.sh - - start - lifecycle: - preStop: - exec: - command: - - /tmp/mariadb-ingress-error-pages.sh - - stop - volumeMounts: - - name: ingress-bin - mountPath: /tmp/mariadb-ingress-error-pages.sh - subPath: mariadb-ingress-error-pages.sh - readOnly: true - volumes: - - name: ingress-bin - configMap: - name: mariadb-bin - defaultMode: 0555 -{{- end }} diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml deleted file mode 100644 index 4bfc147fe8..0000000000 --- a/mariadb/templates/deployment-ingress.yaml +++ /dev/null @@ -1,202 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.deployment_ingress }} -{{- $envAll := . }} - -{{- $ingressClass := printf "%s-%s" .Release.Name "mariadb-ingress" }} - -{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }} -{{ tuple $envAll "ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resourceNames: - - {{ printf "%s-%s" .Release.Name $ingressClass | quote }} - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mariadb-ingress - labels: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.ingress }} - selector: - matchLabels: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }} - terminationGracePeriodSeconds: 60 - initContainers: -{{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ingress -{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - readinessProbe: - tcpSocket: - port: {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - timeoutSeconds: 1 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: RELEASE_NAME - value: {{ .Release.Name | quote }} - - name: INGRESS_CLASS - value: {{ $ingressClass | quote }} - - name: ERROR_PAGE_SERVICE - value: {{ tuple "oslo_db" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} - command: - - /tmp/mariadb-ingress-controller.sh - - start - lifecycle: - preStop: - exec: - command: - - /tmp/mariadb-ingress-controller.sh - - stop - volumeMounts: - - name: mariadb-bin - mountPath: /tmp/mariadb-ingress-controller.sh - subPath: mariadb-ingress-controller.sh - readOnly: true - - name: mariadb-etc - mountPath: /etc/nginx/template/nginx.tmpl - subPath: nginx.tmpl - readOnly: true - volumes: - - name: mariadb-bin - configMap: - name: mariadb-bin - defaultMode: 0555 - - name: mariadb-etc - configMap: - name: mariadb-etc - defaultMode: 0444 -{{- end }} diff --git a/mariadb/templates/etc/_00-base.cnf.tpl b/mariadb/templates/etc/_00-base.cnf.tpl deleted file mode 100644 index 5e2597f999..0000000000 --- a/mariadb/templates/etc/_00-base.cnf.tpl +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -[mysqld] -# Charset -character_set_server=utf8 -collation_server=utf8_unicode_ci -skip-character-set-client-handshake - -# Logging -slow_query_log=on -slow_query_log_file=/var/log/mysql/mariadb-slow.log -log_warnings=2 - -# General logging has huge performance penalty therefore is disabled by default -general_log=off -general_log_file=/var/log/mysql/mariadb-error.log - -long_query_time=3 -log_queries_not_using_indexes=on - -# Networking -bind_address=0.0.0.0 -port={{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - -# When a client connects, the server will perform hostname resolution, -# and when DNS is slow, establishing the connection will become slow as well. -# It is therefore recommended to start the server with skip-name-resolve to -# disable all DNS lookups. The only limitation is that the GRANT statements -# must then use IP addresses only. -skip_name_resolve - -# Tuning -user=mysql -max_allowed_packet=256M -open_files_limit=10240 -max_connections=8192 -max-connect-errors=1000000 - -## Generally, it is unwise to set the query cache to be larger than 64-128M -## as the costs associated with maintaining the cache outweigh the performance -## gains. -## The query cache is a well known bottleneck that can be seen even when -## concurrency is moderate. The best option is to disable it from day 1 -## by setting query_cache_size=0 (now the default on MySQL 5.6) -## and to use other ways to speed up read queries: good indexing, adding -## replicas to spread the read load or using an external cache. -query_cache_size=0 -query_cache_type=0 - -sync_binlog=0 -thread_cache_size=16 -table_open_cache=2048 -table_definition_cache=1024 - -# -# InnoDB -# -# The buffer pool is where data and indexes are cached: having it as large as possible -# will ensure you use memory and not disks for most read operations. -# Typical values are 50..75% of available RAM. -# TODO(tomasz.paszkowski): This needs to by dynamic based on available RAM. -innodb_buffer_pool_size=1024M -innodb_doublewrite=0 -innodb_file_format=Barracuda -innodb_file_per_table=1 -innodb_flush_method=O_DIRECT -innodb_io_capacity=500 -innodb_locks_unsafe_for_binlog=1 -innodb_log_file_size=128M -innodb_old_blocks_time=1000 -innodb_read_io_threads=8 -innodb_write_io_threads=8 - -# Clustering -binlog_format=ROW -default-storage-engine=InnoDB -innodb_autoinc_lock_mode=2 -innodb_flush_log_at_trx_commit=2 -wsrep_cluster_name={{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" | replace "." "_" }} -wsrep_on=1 -wsrep_provider=/usr/lib/galera/libgalera_smm.so -wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" -wsrep_slave_threads=12 -wsrep_sst_auth=root:{{ .Values.endpoints.oslo_db.auth.admin.password }} -wsrep_sst_method=xtrabackup-v2 - -[mysqldump] -max-allowed-packet=16M - -[client] -default_character_set=utf8 -protocol=tcp -port={{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} diff --git a/mariadb/templates/etc/_20-override.cnf.tpl b/mariadb/templates/etc/_20-override.cnf.tpl deleted file mode 100644 index 7c445fd65b..0000000000 --- a/mariadb/templates/etc/_20-override.cnf.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{ .Values.database.config_override }} diff --git a/mariadb/templates/etc/_99-force.cnf.tpl b/mariadb/templates/etc/_99-force.cnf.tpl deleted file mode 100644 index 3d92e99ffe..0000000000 --- a/mariadb/templates/etc/_99-force.cnf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -[mysqld] -datadir=/var/lib/mysql -tmpdir=/tmp diff --git a/mariadb/templates/etc/_my.cnf.tpl b/mariadb/templates/etc/_my.cnf.tpl deleted file mode 100644 index 33184d5298..0000000000 --- a/mariadb/templates/etc/_my.cnf.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -[mysqld] -datadir=/var/lib/mysql -basedir=/usr - -[client-server] -!includedir /etc/mysql/conf.d/ diff --git a/mariadb/templates/job-image-repo-sync.yaml b/mariadb/templates/job-image-repo-sync.yaml deleted file mode 100644 index e099429a1d..0000000000 --- a/mariadb/templates/job-image-repo-sync.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "mariadb" -}} -{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl b/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl deleted file mode 100644 index 49773d0a11..0000000000 --- a/mariadb/templates/monitoring/prometheus/bin/_create-mysql-user.sh.tpl +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -mysql --defaults-file=/etc/mysql/admin_user.cnf -e \ - "CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \ - GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%'; \ - FLUSH PRIVILEGES;" diff --git a/mariadb/templates/monitoring/prometheus/bin/_mysqld-exporter.sh.tpl b/mariadb/templates/monitoring/prometheus/bin/_mysqld-exporter.sh.tpl deleted file mode 100644 index 6a7395fcc2..0000000000 --- a/mariadb/templates/monitoring/prometheus/bin/_mysqld-exporter.sh.tpl +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex -COMMAND="${@:-start}" - -function start () { - exec /bin/mysqld_exporter -config.my-cnf=/etc/mysql/mysql_user.cnf -} - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/mariadb/templates/monitoring/prometheus/exporter-configmap-bin.yaml b/mariadb/templates/monitoring/prometheus/exporter-configmap-bin.yaml deleted file mode 100644 index 169f8e56a6..0000000000 --- a/mariadb/templates/monitoring/prometheus/exporter-configmap-bin.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.monitoring.prometheus.configmap_bin .Values.monitoring.prometheus.enabled }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mysql-exporter-bin -data: - create-mysql-user.sh: | -{{ tuple "bin/_create-mysql-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - mysqld-exporter.sh: | -{{ tuple "bin/_mysqld-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml b/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml deleted file mode 100644 index 274a06c0e2..0000000000 --- a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} -{{- $envAll := . }} - -{{- $serviceAccountName := "prometheus-mysql-exporter"}} -{{ tuple $envAll "prometheus_mysql_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus-mysql-exporter - labels: -{{ tuple $envAll "prometheus_mysql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - replicas: {{ .Values.pod.replicas.prometheus_mysql_exporter }} - selector: - matchLabels: -{{ tuple $envAll "prometheus_mysql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "prometheus_mysql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - namespace: {{ .Values.endpoints.prometheus_mysql_exporter.namespace }} - spec: - serviceAccountName: {{ $serviceAccountName }} - nodeSelector: - {{ .Values.labels.prometheus_mysql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_mysql_exporter.node_selector_value }} - terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_mysql_exporter.timeout | default "30" }} - initContainers: -{{ tuple $envAll "prometheus_mysql_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: mysql-exporter -{{ tuple $envAll "prometheus_mysql_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.prometheus_mysql_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/mysqld-exporter.sh - - start - ports: - - name: metrics - containerPort: {{ .Values.network.prometheus_mysql_exporter.port }} - env: - - name: EXPORTER_USER - valueFrom: - secretKeyRef: - name: mysql-exporter-secrets - key: EXPORTER_USER - - name: EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-exporter-secrets - key: EXPORTER_PASSWORD - - name: DATA_SOURCE_NAME - valueFrom: - secretKeyRef: - name: mysql-exporter-secrets - key: DATA_SOURCE_NAME - volumeMounts: - - name: mysql-exporter-secrets - mountPath: /etc/mysql/mysql_user.cnf - subPath: mysql_user.cnf - readOnly: true - - name: mysql-exporter-bin - mountPath: /tmp/mysqld-exporter.sh - subPath: mysqld-exporter.sh - readOnly: true - volumes: - - name: mysql-exporter-secrets - secret: - secretName: mysql-exporter-secrets - defaultMode: 0444 - - name: mysql-exporter-bin - configMap: - name: mysql-exporter-bin - defaultMode: 0555 -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml deleted file mode 100644 index df7a147015..0000000000 --- a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.monitoring.prometheus.job_user_create .Values.monitoring.prometheus.enabled }} -{{- $envAll := . }} - -{{- $serviceAccountName := "exporter-create-sql-user" }} -{{ tuple $envAll "prometheus_create_mysql_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: exporter-create-sql-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "prometheus_mysql_exporter" "create-sql-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.prometheus_mysql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_mysql_exporter.node_selector_value }} - initContainers: -{{ tuple $envAll "prometheus_create_mysql_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: exporter-create-sql-user -{{ tuple $envAll "prometheus_create_mysql_user" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.prometheus_create_mysql_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/create-mysql-user.sh - env: - - name: EXPORTER_USER - valueFrom: - secretKeyRef: - name: mysql-exporter-secrets - key: EXPORTER_USER - - name: EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-exporter-secrets - key: EXPORTER_PASSWORD - - name: MYSQL_SERVICE - value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - - name: MYSQL_ROOT_USER - value: {{ .Values.endpoints.oslo_db.auth.admin.username }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mariadb-db-root-password - key: MYSQL_ROOT_PASSWORD - volumeMounts: - - name: mysql-exporter-bin - mountPath: /tmp/create-mysql-user.sh - subPath: create-mysql-user.sh - readOnly: true - - name: mariadb-secrets - mountPath: /etc/mysql/admin_user.cnf - subPath: admin_user.cnf - readOnly: true - volumes: - - name: mysql-exporter-bin - configMap: - name: mysql-exporter-bin - defaultMode: 0555 - - name: mariadb-secrets - secret: - secretName: mariadb-secrets - defaultMode: 0444 -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/exporter-secrets-etc.yaml b/mariadb/templates/monitoring/prometheus/exporter-secrets-etc.yaml deleted file mode 100644 index 2d19c27562..0000000000 --- a/mariadb/templates/monitoring/prometheus/exporter-secrets-etc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.monitoring.prometheus.secret_etc .Values.monitoring.prometheus.enabled }} -{{- $envAll := . }} - -{{- $exporter_user := .Values.endpoints.oslo_db.auth.exporter.username }} -{{- $exporter_password := .Values.endpoints.oslo_db.auth.exporter.password }} -{{- $db_host := tuple "oslo_db" "direct" "mysql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} -{{- $data_source_name := printf "%s:%s@(%s)/" $exporter_user $exporter_password $db_host }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: mysql-exporter-secrets -type: Opaque -data: - DATA_SOURCE_NAME: {{ $data_source_name | b64enc }} - EXPORTER_USER: {{ .Values.endpoints.oslo_db.auth.exporter.username | b64enc }} - EXPORTER_PASSWORD: {{ .Values.endpoints.oslo_db.auth.exporter.password | b64enc }} - mysql_user.cnf: {{ tuple "secrets/_exporter_user.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }} -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/exporter-service.yaml b/mariadb/templates/monitoring/prometheus/exporter-service.yaml deleted file mode 100644 index c040f2642e..0000000000 --- a/mariadb/templates/monitoring/prometheus/exporter-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.monitoring.prometheus.service_exporter .Values.monitoring.prometheus.enabled }} -{{- $envAll := . }} -{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.mysqld_exporter }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "prometheus_mysql_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - labels: -{{ tuple $envAll "prometheus_mysql_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - annotations: -{{- if .Values.monitoring.prometheus.enabled }} -{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }} -{{- end }} -spec: - ports: - - name: metrics - port: {{ .Values.network.prometheus_mysql_exporter.port }} - selector: -{{ tuple $envAll "prometheus_mysql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/monitoring/prometheus/secrets/_exporter_user.cnf.tpl b/mariadb/templates/monitoring/prometheus/secrets/_exporter_user.cnf.tpl deleted file mode 100644 index f3d03afa9f..0000000000 --- a/mariadb/templates/monitoring/prometheus/secrets/_exporter_user.cnf.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -[client] -user = {{ .Values.endpoints.prometheus_mysql_exporter.auth.user.username }} -password = {{ .Values.endpoints.prometheus_mysql_exporter.auth.user.password }} -host = {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} diff --git a/mariadb/templates/pdb-mariadb.yaml b/mariadb/templates/pdb-mariadb.yaml deleted file mode 100644 index 19f85dc121..0000000000 --- a/mariadb/templates/pdb-mariadb.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.pdb_server }} -{{- $envAll := . }} ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: mariadb-server -spec: - minAvailable: {{ .Values.pod.lifecycle.disruption_budget.mariadb.min_available }} - selector: - matchLabels: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{- end }} diff --git a/mariadb/templates/secret-db-root-password.yaml b/mariadb/templates/secret-db-root-password.yaml deleted file mode 100644 index e99f30b4ee..0000000000 --- a/mariadb/templates/secret-db-root-password.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_db }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: mariadb-db-root-password -type: Opaque -data: - MYSQL_ROOT_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }} -{{- end }} diff --git a/mariadb/templates/secrets-etc.yaml b/mariadb/templates/secrets-etc.yaml deleted file mode 100644 index 1e6865986a..0000000000 --- a/mariadb/templates/secrets-etc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_etc }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: mariadb-secrets -type: Opaque -data: - admin_user.cnf: {{ tuple "secrets/_admin_user.cnf.tpl" . | include "helm-toolkit.utils.template" | b64enc }} -{{- end }} diff --git a/mariadb/templates/secrets/_admin_user.cnf.tpl b/mariadb/templates/secrets/_admin_user.cnf.tpl deleted file mode 100644 index c30120286d..0000000000 --- a/mariadb/templates/secrets/_admin_user.cnf.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -[client] -user = {{ .Values.endpoints.oslo_db.auth.admin.username }} -password = {{ .Values.endpoints.oslo_db.auth.admin.password }} -host = {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} diff --git a/mariadb/templates/service-discovery.yaml b/mariadb/templates/service-discovery.yaml deleted file mode 100644 index a705b90669..0000000000 --- a/mariadb/templates/service-discovery.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_discovery }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "oslo_db" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - ports: - - name: mysql - port: {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: wsrep - port: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - clusterIP: None - selector: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/service-error.yaml b/mariadb/templates/service-error.yaml deleted file mode 100644 index f8891448a0..0000000000 --- a/mariadb/templates/service-error.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_error }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - name: {{ tuple "oslo_db" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - clusterIP: None - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: -{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/service-ingress.yaml b/mariadb/templates/service-ingress.yaml deleted file mode 100644 index 08d003e412..0000000000 --- a/mariadb/templates/service-ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - name: {{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: mysql - port: {{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - protocol: TCP - selector: -{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/service.yaml b/mariadb/templates/service.yaml deleted file mode 100644 index 2600fe4c4c..0000000000 --- a/mariadb/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: mysql - port: {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - selector: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml deleted file mode 100644 index 7165493eb2..0000000000 --- a/mariadb/templates/statefulset.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.statefulset }} -{{- $envAll := . }} - -{{- $serviceAccountName := "mariadb" }} -{{ tuple $envAll "mariadb" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - # NOTE(portdirect): the statefulset name must match the POD_NAME_PREFIX env var for discovery to work - name: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - labels: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - serviceName: "{{ tuple "oslo_db" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}" - podManagementPolicy: "Parallel" - replicas: {{ .Values.pod.replicas.server }} - selector: - matchLabels: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} - template: - metadata: - labels: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} - initContainers: -{{ tuple $envAll "mariadb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} -{{- if .Values.volume.chown_on_start }} - - name: mariadb-perms -{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.image" | indent 10 }} - securityContext: - runAsUser: 0 -{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - chown - - -R - - "mysql:mysql" - - /var/lib/mysql - volumeMounts: - - name: mysql-data - mountPath: /var/lib/mysql -{{- end }} - containers: - - name: mariadb -{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: FORCE_BOOTSTRAP - value: {{ .Values.force_bootstrap | quote }} - - name: FORCE_RECOVERY - value: {{ .Values.force_recovey | quote }} - - name: BOOTSTRAP_FILE - value: {{ printf "/tmp/%s.sql" (randAlphaNum 8) }} - - name: MARIADB_REPLICAS - value: {{ .Values.pod.replicas.server | quote }} - - name: WSREP_PORT - value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - - name: POD_NAME_PREFIX - value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mariadb-db-root-password - key: MYSQL_ROOT_PASSWORD - ports: - - name: mysql - protocol: TCP - containerPort: {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: wsrep - protocol: TCP - containerPort: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - command: - - /tmp/start.sh - lifecycle: - preStop: - exec: - command: - - /tmp/stop.sh - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 3 - exec: - command: - - /tmp/readiness.sh - volumeMounts: - - name: mycnfd - mountPath: /etc/mysql/conf.d - - name: mariadb-bin - mountPath: /tmp/start.sh - subPath: start.sh - readOnly: true - - name: mariadb-bin - mountPath: /tmp/stop.sh - subPath: stop.sh - readOnly: true - - name: mariadb-bin - mountPath: /tmp/readiness.sh - subPath: readiness.sh - readOnly: true - - name: mariadb-etc - mountPath: /etc/mysql/my.cnf - subPath: my.cnf - readOnly: true - - name: mariadb-etc - mountPath: /etc/mysql/conf.d/00-base.cnf - subPath: 00-base.cnf - readOnly: true - - name: mariadb-etc - mountPath: /etc/mysql/conf.d/20-override.cnf - subPath: 20-override.cnf - readOnly: true - - name: mariadb-etc - mountPath: /etc/mysql/conf.d/99-force.cnf - subPath: 99-force.cnf - readOnly: true - - name: mariadb-secrets - mountPath: /etc/mysql/admin_user.cnf - subPath: admin_user.cnf - readOnly: true - - name: mysql-data - mountPath: /var/lib/mysql - volumes: - - name: mycnfd - emptyDir: {} - - name: mariadb-bin - configMap: - name: mariadb-bin - defaultMode: 0555 - - name: mariadb-etc - configMap: - name: mariadb-etc - defaultMode: 0444 - - name: mariadb-secrets - secret: - secretName: mariadb-secrets - defaultMode: 0444 - {{- if not .Values.volume.enabled }} - - name: mysql-data - emptyDir: {} - {{- end }} -{{- if .Values.volume.enabled }} - volumeClaimTemplates: - - metadata: - name: mysql-data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.volume.size }} - storageClassName: {{ .Values.volume.class_name }} -{{- end }} -{{- end }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml deleted file mode 100644 index dffca8abf3..0000000000 --- a/mariadb/values.yaml +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for mariadb. -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - -release_group: null - -images: - tags: - # NOTE: if you update from 10.2.13 please look at - # https://review.openstack.org/#/q/Ifd09d7effe7d382074ca9e6678df36bdd4bce0af - # and check whether it's still needed - mariadb: docker.io/mariadb:10.2.13 - ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 - error_pages: gcr.io/google_containers/defaultbackend:1.0 - prometheus_create_mysql_user: docker.io/mariadb:10.2.13 - prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.10.0 - prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:newton - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" - local_registry: - active: false - exclude: - - dep_check - - image_repo_sync - -labels: - server: - node_selector_key: openstack-control-plane - node_selector_value: enabled - ingress: - node_selector_key: openstack-control-plane - node_selector_value: enabled - prometheus_mysql_exporter: - node_selector_key: openstack-control-plane - node_selector_value: enabled - error_server: - node_selector_key: openstack-control-plane - node_selector_value: enabled - -pod: - affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname - replicas: - server: 1 - ingress: 1 - error_page: 1 - prometheus_mysql_exporter: 1 - lifecycle: - upgrades: - deployments: - revision_history: 3 - pod_replacement_strategy: RollingUpdate - rolling_update: - max_unavailable: 1 - max_surge: 3 - termination_grace_period: - prometheus_mysql_exporter: - timeout: 30 - error_pages: - timeout: 10 - disruption_budget: - mariadb: - min_available: 0 - resources: - enabled: false - prometheus_mysql_exporter: - limits: - memory: "1024Mi" - cpu: "2000m" - requests: - memory: "128Mi" - cpu: "500m" - server: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - jobs: - tests: - limits: - memory: "1024Mi" - cpu: "2000m" - requests: - memory: "128Mi" - cpu: "100m" - prometheus_create_mysql_user: - limits: - memory: "1024Mi" - cpu: "2000m" - requests: - memory: "128Mi" - cpu: "100m" - image_repo_sync: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - -dependencies: - dynamic: - common: - local_image_registry: - jobs: - - mariadb-image-repo-sync - services: - - endpoint: node - service: local_image_registry - static: - error_pages: - jobs: null - ingress: - jobs: null - services: - - endpoint: error_pages - service: oslo_db - mariadb: - jobs: null - services: null - prometheus_create_mysql_user: - services: - - endpoint: internal - service: oslo_db - prometheus_mysql_exporter: - jobs: - - exporter-create-sql-user - services: - - endpoint: internal - service: oslo_db - prometheus_mysql_exporter_tests: - services: - - endpoint: internal - service: prometheus_mysql_exporter - - endpoint: internal - service: monitoring - image_repo_sync: - services: - - endpoint: internal - service: local_image_registry - -force_bootstrap: false - -volume: - chown_on_start: true - enabled: true - class_name: general - size: 5Gi - - - -conf: - ingress: null - -database: - config_override: null - # Any configuration here will override the base config. - # config_override: |- - # [mysqld] - # wsrep_slave_threads=1 - -monitoring: - prometheus: - enabled: false - mysqld_exporter: - scrape: true - -network: - prometheus_mysql_exporter: - port: 9104 - -# typically overridden by environmental -# values, but should include all endpoints -# required by this chart -endpoints: - cluster_domain_suffix: cluster.local - local_image_registry: - name: docker-registry - namespace: docker-registry - hosts: - default: localhost - internal: docker-registry - node: localhost - host_fqdn_override: - default: null - port: - registry: - node: 5000 - monitoring: - name: prometheus - namespace: null - hosts: - default: prom-metrics - public: prometheus - host_fqdn_override: - default: null - path: - default: null - scheme: - default: 'http' - port: - api: - default: 9090 - public: 80 - prometheus_mysql_exporter: - namespace: null - auth: - user: - username: exporter - password: password - hosts: - default: mysql-exporter - host_fqdn_override: - default: null - path: - default: /metrics - scheme: - default: 'http' - port: - metrics: - default: 9104 - oslo_db: - namespace: null - auth: - admin: - username: root - password: password - exporter: - username: exporter - password: password - hosts: - default: mariadb - direct: mariadb-server - discovery: mariadb-discovery - error_pages: mariadb-ingress-error-pages - host_fqdn_override: - default: null - path: null - scheme: mysql+pymysql - port: - mysql: - default: 3306 - wsrep: - default: 4567 - -manifests: - configmap_bin: true - configmap_etc: true - configmap_services_tcp: true - deployment_error: true - deployment_ingress: true - job_image_repo_sync: true - monitoring: - prometheus: - configmap_bin: true - deployment_exporter: true - job_user_create: true - secret_etc: true - service_exporter: true - pdb_server: true - secret_db: true - secret_etc: true - service_discovery: true - service_ingress: true - service_error: true - service: true - statefulset: true diff --git a/tools/deployment/armada/multinode/armada-lma.yaml b/tools/deployment/armada/multinode/armada-lma.yaml index 06cee1e79f..9e2d9a8ed9 100644 --- a/tools/deployment/armada/multinode/armada-lma.yaml +++ b/tools/deployment/armada/multinode/armada-lma.yaml @@ -188,7 +188,7 @@ data: node_selector_value: enabled source: type: local - location: ${OSH_PATH} + location: ${OSH_INFRA_PATH} subpath: mariadb reference: master dependencies: diff --git a/tools/deployment/armada/multinode/armada-osh.yaml b/tools/deployment/armada/multinode/armada-osh.yaml index ee829ef141..15a3953ca9 100644 --- a/tools/deployment/armada/multinode/armada-osh.yaml +++ b/tools/deployment/armada/multinode/armada-osh.yaml @@ -151,7 +151,7 @@ data: node_selector_value: enabled source: type: local - location: ${OSH_PATH} + location: ${OSH_INFRA_PATH} subpath: mariadb reference: master dependencies: diff --git a/tools/deployment/developer/common/050-mariadb.sh b/tools/deployment/developer/common/050-mariadb.sh index 1d3154df31..7d297bdd9e 100755 --- a/tools/deployment/developer/common/050-mariadb.sh +++ b/tools/deployment/developer/common/050-mariadb.sh @@ -20,8 +20,9 @@ set -xe make mariadb #NOTE: Deploy command +: ${OSH_INFRA_PATH:="../openstack-helm-infra"} : ${OSH_EXTRA_HELM_ARGS:=""} -helm upgrade --install mariadb ./mariadb \ +helm upgrade --install mariadb ${OSH_INFRA_PATH}/mariadb \ --namespace=openstack \ --set pod.replicas.server=1 \ ${OSH_EXTRA_HELM_ARGS} \ diff --git a/tools/deployment/multinode/050-mariadb.sh b/tools/deployment/multinode/050-mariadb.sh index 5d5ac733db..b57b10f8d6 100755 --- a/tools/deployment/multinode/050-mariadb.sh +++ b/tools/deployment/multinode/050-mariadb.sh @@ -23,7 +23,8 @@ pod: server: 3 ingress: 3 EOF -helm upgrade --install mariadb ./mariadb \ +: ${OSH_INFRA_PATH:="../openstack-helm-infra"} +helm upgrade --install mariadb ${OSH_INFRA_PATH}/mariadb \ --namespace=openstack \ --values=/tmp/mariadb.yaml \ ${OSH_EXTRA_HELM_ARGS} \