Skip to content

Commit

Permalink
Feature proxysql (#12)
Browse files Browse the repository at this point in the history 
Co-authored-by: Andreas Bauer <a.bauer@digital-results-international.com>
  • Loading branch information
@noudAndi
noudAndi and Andreas Bauer authored Jun 18, 2024
1 parent 61cf969 commit 59dd450
Show file tree
Hide file tree
Showing 24 changed files with 1,989 additions and 0 deletions.
22 changes: 22 additions & 0 deletions charts/proxysql/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
13 changes: 13 additions & 0 deletions charts/proxysql/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
appVersion: "2.5.5"
description: ProxySQL Helm chart for Kubernetes
name: proxysql
version: 0.14.3
home: https://www.proxysql.com/
sources:
- https://github.com/dysnix/charts
- https://github.com/sysown/proxysql
maintainers:
- email: services@dysnix.com
name: Dysnix
121 changes: 121 additions & 0 deletions charts/proxysql/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
# ProxySQL

[ProxySQL](/https://www.proxysql.com/) is a High-performance MySQL proxy with a GPL license.

## TL;DR;

```bash
$ helm repo add klicktipp https://klicktipp.github.io/helm-charts/
$ helm install my-release klicktipp/proxysql
```

## Introduction

This chart bootstraps a [ProxySQL](https://hub.docker.com/r/proxysql/proxysql) proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.

## Prerequisites

- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure

## Installing the Chart

To install the chart with the release name `my-release`:

```bash
$ helm install my-release dysnix/proxysql
```

The command deploys ProxySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`
## Uninstalling the Chart

To uninstall/delete the `my-release` deployment:

```bash
$ helm delete my-release
```

The command removes all the Kubernetes components associated with the chart and deletes the release.

## Parameters

The following table lists the configurable parameters of the ProxySQL chart and their default values.

| Parameter | Description | Default |
|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| `image.registry` | ProxySQL image registry | `docker.io` |
| `image.repository` | ProxySQL Image name | `proxysql/proxysql` |
| `image.tag` | ProxySQL Image tag | `2.0.9` |
| `image.pullPolicy` | ProxySQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `nameOverride` | String to partially override proxysql.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override proxysql.fullname template with a string | `nil` |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use None for headless service | `nil` |
| `service.port` | ProxySQL service port | `6033` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the proxysql.fullname template |
| `securityContext.enabled` | Enable [a container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | `false` |
| `podSecurityContext.runAsNonRoot` | Run pod as unprivileged user | `true` |
| `podSecurityContext.fsGroup` | Filesystem group ID for the pod containers | `999` |
| `podSecurityContext.runAsUser` | Run pod containers with the specified user ID | `999` |
| `podSecurityContext.runAsGroup` | Run pod containers with the specified group ID | `999` |
| `podDisruptionBudget.enabled` | If true, create a pod disruption budget for master pods. | `false` |
| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable |
| `admin_variables.admin_credentials` | ProxySQL admin credentials for the management (127.0.0.1:6032) | `admin:admin` |
| `admin_variables.debug` | ProxySQL debug mode | `false` |
| `mysql_variables.threads` | The number of background threads that ProxySQL uses in order to process MySQL traffic. | `4` |
| `mysql_variables.max_connections` | The maximum number of client connections that the proxy can handle. | `2048` |
| `mysql_variables.default_query_delay` | Simple throttling mechanism for queries to the backends. Setting this variable to a non-zero value (in miliseconds) will delay the execution of all queries, globally. | `0` |
| `mysql_variables.default_query_timeout` | Mechanism for specifying the maximal duration of queries to the backend MySQL servers until ProxySQL should return an error to the MySQL client. | `3600000` milliseconds |
| `mysql_variables.monitor` | Enables or disables MySQL Monitor module. | `false` |
| `mysql_users` | Defines ProxySQL [users configuration](https://github.com/sysown/proxysql/wiki/Users-configuration) | `[]` |
| `mysql_servers` | Defines ProxySQL [backend servers configuration](https://github.com/sysown/proxysql/wiki/MySQL-Server-Configuration) | `[]` |
| `mysql_query_rules` | Defines ProxySQL [Query Rules (routing)] (https://github.com/sysown/proxysql#configuring-proxysql-through-the-config-file) | `[]` |
| `ssl.auto` | Automatically set `use_ssl` to `1` when the SSL configuration is provided | `true` |
| `ssl.ca` | CA authority certificate to use | `""` |
| `ssl.cert` | ProxySQL SSL certificate | `""` |
| `ssl.key` | ProxySQL SSL key | `""` |
| `ssl.fromSecret` | Specify a secret containing `ca.pem`, `cert.pem` and `key.pem` SSL configuration | `""` |
| `sleep_before_connection_check` | Shutdown Sleep time in seconds before checking for open connections | 15s |
| `terminationGracePeriodSeconds` | Duration the pod needs to terminate gracefully | 30s |

For more information please refer to the proxysql [config file](https://github.com/sysown/proxysql#configuring-proxysql-through-the-config-file) and [global variables](https://github.com/sysown/proxysql/wiki/Global-variables).

> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details

ProxySQL persists its configuration in SQLite, however this deployment is stateless i.e. no data is persisted. Since the configuration is managed via kubernetes and admin ProxySQL CLI is not meant for the configuration purposes all you need is to provide a `values.yaml` input file, for example:

```yaml
mysql_servers:
- address: "172.17.0.1"
port: 3306
hostgroup: 0
max_connections: 200

mysql_users:
- username: "test"
password: "p@ssword"
default_hostgroup: 0
```
```bash
$ helm install my-release dysnix/proxysql -f values.yaml
```

The configuration is immutable thus the ProxySQL helm chart sets `active` to *1* for `mysql_users` and substitutes the `rule_id` for `mysql_query_rules` automatically.

### SSL configuration

ProxySQL can be used to safely route unencrypted MySQL traffic from applications wrapping it into SSL in case these applications do not support SSL configuration. To enable this you need to provide `ssl.*` options. When either `ssl.fromSecret` or `ssl.cert` together with `ssl.key` is provided and the `ssl.auto` is set to *true* (which is default) `mysql_servers` will get `use_ssl` set to *1* automatically if not specifically provided.

### ProxySQL and MySQL 8.0

ProxySQL supports MySQL 8.0 , although there are some limitations for the [details refer to the documentation](https://github.com/sysown/proxysql/wiki/MySQL-8.0).
7 changes: 7 additions & 0 deletions charts/proxysql/files/admin_credentials.cnf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{{- if .Values.proxysql_cluster.enabled -}}
admin_credentials={{ printf "%s:%s;%s:%s" (.Values.secret.admin_user) (.Values.secret.admin_password) (.Values.proxysql_cluster.secret.cluster_username) (.Values.proxysql_cluster.secret.cluster_password) | toJson }}
cluster_username={{ .Values.proxysql_cluster.secret.cluster_username | toJson }}
cluster_password={{ .Values.proxysql_cluster.secret.cluster_password | toJson }}
{{- else -}}
admin_credentials={{ printf "%s:%s" (.Values.secret.admin_user) (.Values.secret.admin_password) | toJson }}
{{- end }}
125 changes: 125 additions & 0 deletions charts/proxysql/files/proxysql.cnf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
datadir="/var/lib/proxysql"

admin_variables=
{
@include "/etc/proxysql/admin_credentials.cnf"
{{- if .Values.admin_variables.mysql_ifaces }}
interfaces={{ .Values.admin_variables.mysql_ifaces | quote }}
{{- else }}
mysql_ifaces={{ printf "0.0.0.0:%d" (.Values.service.adminPort | int) | quote }}
{{- end }}
{{- range $key, $value := .Values.admin_variables }}
{{ $key }}={{ $value | toJson }}
{{- end }}
}

mysql_variables=
{
{{/* ProxySQL SSL config */}}
{{- if .Values.ssl.fromSecret }}
ssl_p2s_ca="{{ include "proxysql.sslDir" . }}/{{ .Values.ssl.ca_file }}"
{{- else if .Values.ssl.ca }}
ssl_p2s_ca="{{ include "proxysql.sslDir" . }}/{{ .Values.ssl.ca_file }}"
{{- end -}}
{{- if or (and .Values.ssl.cert .Values.ssl.key) .Values.ssl.fromSecret }}
ssl_p2s_cert="{{ include "proxysql.sslDir" . }}/{{ .Values.ssl.cert_file }}"
ssl_p2s_key="{{ include "proxysql.sslDir" . }}/{{ .Values.ssl.key_file }}"
{{- end -}}
{{- if .Values.mysql_variables.interfaces }}
interfaces={{ .Values.mysql_variables.interfaces | quote }}
{{- else }}
interfaces={{ printf "0.0.0.0:%d" (.Values.service.proxyPort | int) | quote }}
{{- end }}
{{- range $key, $value := .Values.mysql_variables }}
{{ $key }}={{ $value | toJson }}
{{- end }}
}

mysql_servers =
(
{{- $sslEnabled := or (and .Values.ssl.cert .Values.ssl.key) .Values.ssl.fromSecret -}}
{{- range $_, $server := .Values.mysql_servers }}
{
{{- if and $sslEnabled (not (hasKey $server "use_ssl")) -}}
{{- $server := merge $server (dict "use_ssl" 1) }}
{{- end }}
{{- range $key, $value := $server }}
{{ $key }}={{ $value | toJson }}
{{- end }}
},
{{- end }}
)

mysql_users:
(
{{- range $_, $user := .Values.mysql_users }}
{
{{- if hasKey $user "active" -}}
{{- $server := merge $user (dict "active" 1) }}
{{- end }}
{{- range $key, $value := $user }}
{{ $key }}={{ $value | toJson }}
{{- end }}
},
{{- end }}
)

mysql_query_rules:
(
{{- range $idx, $rule := .Values.mysql_query_rules }}
{
rule_id={{ add $idx 1 }}
{{- range $key, $value := $rule }}
{{ $key }}={{ $value | toJson }}
{{- end }}
},
{{- end }}
)

proxysql_servers=
(
{{- if .Values.use_default_proxysql_servers }}
{{- $nodeCount := .Values.proxysql_cluster.core.replicas | int }}
{{- $coreStatefulSetName := printf "%s-core" (include "proxysql.fullname" .) }}
{{- $coreServiceName := .Values.proxysql_cluster.core.service.name | default (printf "%s-core" (include "proxysql.fullname" .)) }}
{{- range $index, $_ := until $nodeCount }}
{
hostname={{ printf "%s-%d.%s" $coreStatefulSetName $index $coreServiceName | toJson }}
port={{ $.Values.service.adminPort | toJson }}
weight=100
},
{{- end }}
{{- end }} {{/* End IF */}}
{{- range $_, $pserver := .Values.additional_proxysql_servers }}
{
hostname={{ $pserver.hostname | toJson }}
port={{ default $.Values.service.adminPort $pserver.port | toJson }}
weight={{ default 100 $pserver.weight | toJson }}
comment={{ default "" $pserver.comment | toJson }}
},
{{- end }}
)

scheduler=
(
{{- range $idx, $rule := .Values.schedulers }}
{
rule_id={{ add $idx 1 }}
{{- range $key, $value := $rule }}
{{ $key }}={{ $value | toJson }}
{{- end }}
},
{{- end }}
)

mysql_replication_hostgroups=
(
{{- range $idx, $rule := .Values.mysql_replication_hostgroups }}
{
rule_id={{ add $idx 1 }}
{{- range $key, $value := $rule }}
{{ $key }}={{ $value | toJson }}
{{- end }}
},
{{- end }}
)
Loading

0 comments on commit 59dd450

Please sign in to comment.