diff --git a/README.md b/README.md
index 1bec542..4aa32b9 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ This module allows you to easily deploy a MySQL database on Kubernetes using Hel
| MysqlDB Helm Chart Version | K8s supported version (EKS, AKS & GKE) |
| :-----: | :--- |
-| **9.2.0** | **1.23,1.24,1.25,1.26,1.27** |
+| **11.1.7** | **1.23,1.24,1.25,1.26,1.27,1.28,1.29** |
## Usage Example
@@ -180,12 +180,12 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.0.29-debian-11-r9"` | no |
+| [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.4.1-debian-12-r1"` | no |
| [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no |
| [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no |
| [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
| [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"gcs"` | no |
-| [chart\_version](#input\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"9.2.0"` | no |
+| [chart\_version](#input\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"11.1.7"` | no |
| [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
| [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
| [custom\_user\_password](#input\_custom\_user\_password) | custom user password for MongoDB | `string` | `""` | no |
diff --git a/examples/complete/aws/helm/values.yaml b/examples/complete/aws/helm/values.yaml
index 10c3425..8a2e502 100644
--- a/examples/complete/aws/helm/values.yaml
+++ b/examples/complete/aws/helm/values.yaml
@@ -100,4 +100,4 @@ restorejob:
cpu: 100m
limits:
memory: 500Mi
- cpu: 200m
\ No newline at end of file
+ cpu: 200m
diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf
index b5acc13..cd0a4e6 100644
--- a/examples/complete/aws/main.tf
+++ b/examples/complete/aws/main.tf
@@ -7,7 +7,7 @@ locals {
Expires = "Never"
Department = "Engineering"
}
- create_namespace = false
+ create_namespace = true
namespace = "mysql"
store_password_to_secret_manager = false
mysqldb_custom_credentials_enabled = true
@@ -43,7 +43,7 @@ module "mysql" {
mysqldb_config = {
name = local.name
values_yaml = file("./helm/values.yaml")
- app_version = "8.0.29-debian-11-r9"
+ app_version = "8.4.1-debian-12-r1"
environment = local.environment
architecture = "replication"
custom_database = "test_db"
diff --git a/helm/values/mysqldb/values.yaml b/helm/values/mysqldb/values.yaml
index a0817c4..6d6e6f8 100644
--- a/helm/values/mysqldb/values.yaml
+++ b/helm/values/mysqldb/values.yaml
@@ -1,3 +1,5 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
@@ -15,6 +17,15 @@ global:
##
imagePullSecrets: []
storageClass: "${storage_class_name}"
+ ## Compatibility adaptations for Kubernetes platforms
+ ##
+ compatibility:
+ ## Compatibility adaptations for Openshift
+ ##
+ openshift:
+ ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
+ ##
+ adaptSecurityContext: auto
mysql_metrics_exporter:
password: ${metrics_exporter_password}
@@ -35,7 +46,7 @@ fullnameOverride: ""
namespaceOverride: ""
## @param clusterDomain Cluster domain
##
-clusterDomain: cluster.loterrcal
+clusterDomain: cluster.local
## @param commonAnnotations Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations:
@@ -48,7 +59,11 @@ commonLabels:
## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template
##
extraDeploy: []
-
+## @param serviceBindings.enabled Create secret for service binding (Experimental)
+## Ref: https://servicebinding.io/service-provider/
+##
+serviceBindings:
+ enabled: false
## Enable diagnostic mode in the deployment
##
diagnosticMode:
@@ -68,9 +83,10 @@ diagnosticMode:
## Bitnami MySQL image
## ref: https://hub.docker.com/r/bitnami/mysql/tags/
-## @param image.registry MySQL image registry
-## @param image.repository MySQL image repository
-## @param image.tag MySQL image tag (immutable tags are recommended)
+## @param image.registry [default: REGISTRY_NAME] MySQL image registry
+## @param image.repository [default: REPOSITORY_NAME/mysql] MySQL image repository
+## @skip image.tag MySQL image tag (immutable tags are recommended)
+## @param image.digest MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy MySQL image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
@@ -79,9 +95,10 @@ image:
registry: docker.io
repository: bitnami/mysql
tag: ${app_version}
+ digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -102,26 +119,26 @@ architecture: ${architecture}
##
auth:
## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided
- ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#setting-the-root-password-on-first-run
##
rootPassword: "${mysqldb_root_password}"
- ## @param auth.createDatabase Wheter to create the .Values.auth.database or not
- ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run
+ ## @param auth.createDatabase Whether to create the .Values.auth.database or not
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-on-first-run
##
createDatabase: true
## @param auth.database Name for a custom database to create
- ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-on-first-run
##
database: ${custom_database}
## @param auth.username Name for a custom user to create
- ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-user-on-first-run
##
username: "${custom_user_username}"
## @param auth.password Password for the new user. Ignored if existing secret is provided
##
password: "${custom_user_password}"
## @param auth.replicationUser MySQL replication user
- ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#setting-up-a-replication-cluster
##
replicationUser: replicator
## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided
@@ -142,6 +159,10 @@ auth:
## replicator: /vault/secrets/mysql-replicator
##
customPasswordFiles: {}
+ ## @param auth.authenticationPolicy Sets the authentication policy, by default it will use `* ,,`
+ ## ref: https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_authentication_policy
+ ##
+ authenticationPolicy: ""
## @param initdbScripts Dictionary of initdb scripts
## Specify dictionary of scripts to be run at first boot
## Example:
@@ -151,23 +172,31 @@ auth:
## echo "Do something."
##
initdbScripts: {}
- # init.sql: |
- # CREATE DATABASE ratings DEFAULT CHARACTER SET 'utf8';
- # USE ratings;
- # CREATE TABLE ratings (sku varchar(80) NOT NULL,
- # avg_rating DECIMAL(3, 2) NOT NULL,
- # rating_count INT NOT NULL,
- # PRIMARY KEY (sku)
- # ) ENGINE=InnoDB;
## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)
##
initdbScriptsConfigMap: ""
+## @param startdbScripts Dictionary of startdb scripts
+## Specify dictionary of scripts to be run every time the container is started
+## Example:
+## startdbScripts:
+## my_start_script.sh: |
+## #!/bin/bash
+## echo "Do something."
+##
+startdbScripts: {}
+## @param startdbScriptsConfigMap ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`)
+##
+startdbScriptsConfigMap: ""
+## @section MySQL Primary parameters
+##
## @section MySQL Primary parameters
primary:
## @param primary.command Override default container command on MySQL Primary container(s) (useful when using custom images)
##
+ name: primary
+
command: []
## @param primary.args Override default container args on MySQL Primary container(s) (useful when using custom images)
##
@@ -175,48 +204,62 @@ primary:
## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
+
+ automountServiceAccountToken: true
+
## @param primary.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
+
+ ## @param primary.enableMySQLX Enable mysqlx port
+ ## ref: https://dev.mysql.com/doc/dev/mysql-server/latest/mysqlx_protocol_xplugin.html
+ ##
+ enableMySQLX: false
## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
##
configuration: |-
[mysqld]
- default_authentication_plugin=mysql_native_password
+ authentication_policy='{{- .Values.auth.authenticationPolicy | default "* ,," }}'
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
plugin_dir=/opt/bitnami/mysql/lib/plugin
- port=3306
+ port={{ .Values.primary.containerPorts.mysql }}
+ mysqlx={{ ternary 1 0 .Values.primary.enableMySQLX }}
+ mysqlx_port={{ .Values.primary.containerPorts.mysqlx }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
datadir=/bitnami/mysql/data
tmpdir=/opt/bitnami/mysql/tmp
max_allowed_packet=16M
- bind-address=0.0.0.0
+ bind-address=*
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
- log_error=/opt/bitnami/mysql/logs/mysqld.log
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
character-set-server=UTF8
- collation-server=utf8_general_ci
- slow_query_log=1
- slow_query_log_file=/bitnami/mysql/slow-log.log
+ slow_query_log=0
long_query_time=10.0
[client]
- port=3306
+ port={{ .Values.primary.containerPorts.mysql }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mysql/lib/plugin
[manager]
- port=3306
+ port={{ .Values.primary.containerPorts.mysql }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration.
## NOTE: When it's set the 'configuration' parameter is ignored
##
existingConfigmap: ""
+ ## @param primary.containerPorts.mysql Container port for mysql
+ ## @param primary.containerPorts.mysqlx Container port for mysqlx
+ ##
+ containerPorts:
+ mysql: 3306
+ mysqlx: 33060
## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
@@ -269,7 +312,7 @@ primary:
# values:
# - "true"
## @param primary.nodeSelector Node labels for MySQL primary pods assignment
- ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param primary.tolerations Tolerations for MySQL primary pods assignment
@@ -279,6 +322,11 @@ primary:
## @param primary.priorityClassName MySQL primary pods' priorityClassName
##
priorityClassName: ""
+
+ ## @param primary.runtimeClassName MySQL primary pods' runtimeClassName
+ ##
+ runtimeClassName: ""
+
## @param primary.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
@@ -299,30 +347,53 @@ primary:
## MySQL primary Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods
+ ## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ ## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
+ ## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
##
podSecurityContext:
enabled: true
+ fsGroupChangePolicy: Always
+ sysctls: []
+ supplementalGroups: []
fsGroup: 1001
## MySQL primary container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param primary.containerSecurityContext.enabled MySQL primary container securityContext
+ ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container
+ ## @param primary.containerSecurityContext.runAsGroup Group ID for the MySQL primary container
## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot
+ ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ ## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ ## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile
+ ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
##
containerSecurityContext:
enabled: true
+ seLinuxOptions: {}
runAsUser: 1001
+ runAsGroup: 1001
runAsNonRoot: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ readOnlyRootFilesystem: true
## MySQL primary container's resource requests and limits
- ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param primary.resources.limits The resources limits for MySQL primary containers
- ## @param primary.resources.requests The requested resources for MySQL primary containers
+ ## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
+
+ resourcesPreset: "small"
+
resources:
## Example:
## limits:
@@ -414,8 +485,15 @@ primary:
## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers
##
extraEnvVarsSecret: ""
+
+ ## @param primary.extraPodSpec Optionally specify extra PodSpec for the MySQL Primary pod(s)
+ ##
+ extraPodSpec: {}
+ ## @param primary.extraPorts Extra ports to expose
+ ##
+ extraPorts: []
## Enable persistence using Persistent Volume Claims
- ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
+ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
@@ -425,6 +503,9 @@ primary:
## NOTE: When it's set the rest of persistence parameters are ignored
##
existingClaim: ""
+ ## @param primary.persistence.subPath The name of a volume's sub path to mount for persistence
+ ##
+ subPath: ""
## @param primary.persistence.storageClass MySQL primary persistent volume storage Class
## If defined, storageClassName:
## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -449,6 +530,20 @@ primary:
## app: my-app
##
selector: {}
+
+ ## Primary Persistent Volume Claim Retention Policy
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
+ ##
+ persistentVolumeClaimRetentionPolicy:
+ ## @param primary.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Primary StatefulSet
+ ##
+ enabled: false
+ ## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
+ ##
+ whenScaled: Retain
+ ## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
+ ##
+ whenDeleted: Retain
## @param primary.extraVolumes Optionally specify extra list of additional volumes to the MySQL Primary pod(s)
##
extraVolumes: []
@@ -490,11 +585,14 @@ primary:
##
ports:
mysql: 3306
+ mysqlx: 33060
+
## @param primary.service.nodePorts.mysql MySQL Primary K8s service node port
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
mysql: ""
+ mysqlx: ""
## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP
## e.g:
## clusterIP: None
@@ -533,6 +631,12 @@ primary:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param primary.service.headless.annotations Additional custom annotations for headless MySQL primary service.
+ ##
+ annotations: {}
## MySQL primary Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
@@ -553,9 +657,15 @@ primary:
## @section MySQL Secondary parameters
secondary:
+ ## @param secondary.name Name of the secondary database (eg secondary, slave, ...)
+ ##
+ name: secondary
## @param secondary.replicaCount Number of MySQL secondary replicas
##
replicaCount: ${secondary_pod_replica_count}
+
+ automountServiceAccountToken: false
+
## @param secondary.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -569,44 +679,54 @@ secondary:
## @param secondary.lifecycleHooks for the MySQL Secondary container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
+ ## @param secondary.enableMySQLX Enable mysqlx port
+ ## ref: https://dev.mysql.com/doc/dev/mysql-server/latest/mysqlx_protocol_xplugin.html
+ ##
+ enableMySQLX: false
## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
##
configuration: |-
[mysqld]
- default_authentication_plugin=mysql_native_password
+ authentication_policy='{{- .Values.auth.authenticationPolicy | default "* ,," }}'
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
plugin_dir=/opt/bitnami/mysql/lib/plugin
- port=3306
+ port={{ .Values.secondary.containerPorts.mysql }}
+ mysqlx={{ ternary 1 0 .Values.secondary.enableMySQLX }}
+ mysqlx_port={{ .Values.secondary.containerPorts.mysqlx }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
datadir=/bitnami/mysql/data
tmpdir=/opt/bitnami/mysql/tmp
max_allowed_packet=16M
- bind-address=0.0.0.0
+ bind-address=*
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
- log_error=/opt/bitnami/mysql/logs/mysqld.log
+ log-error=/opt/bitnami/mysql/logs/mysqld.log
character-set-server=UTF8
- collation-server=utf8_general_ci
- slow_query_log=1
- slow_query_log_file=/bitnami/mysql/slow-log.log
+ slow_query_log=0
long_query_time=10.0
[client]
- port=3306
+ port={{ .Values.secondary.containerPorts.mysql }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mysql/lib/plugin
[manager]
- port=3306
+ port={{ .Values.secondary.containerPorts.mysql }}
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
## @param secondary.existingConfigmap Name of existing ConfigMap with MySQL Secondary configuration.
## NOTE: When it's set the 'configuration' parameter is ignored
##
existingConfigmap: ""
+ ## @param secondary.containerPorts.mysql Container port for mysql
+ ## @param secondary.containerPorts.mysqlx Container port for mysqlx
+ ##
+ containerPorts:
+ mysql: 3306
+ mysqlx: 33060
## @param secondary.updateStrategy.type Update strategy type for the MySQL secondary statefulset
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
@@ -660,7 +780,7 @@ secondary:
# values:
# - "true"
## @param secondary.nodeSelector Node labels for MySQL secondary pods assignment
- ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param secondary.tolerations Tolerations for MySQL secondary pods assignment
@@ -670,6 +790,9 @@ secondary:
## @param secondary.priorityClassName MySQL secondary pods' priorityClassName
##
priorityClassName: ""
+ ## @param secondary.runtimeClassName MySQL secondary pods' runtimeClassName
+ ##
+ runtimeClassName: ""
## @param secondary.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
@@ -690,30 +813,51 @@ secondary:
## MySQL secondary Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods
+ ## @param secondary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ ## @param secondary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
+ ## @param secondary.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
##
podSecurityContext:
enabled: true
+ fsGroupChangePolicy: Always
+ sysctls: []
+ supplementalGroups: []
fsGroup: 1001
## MySQL secondary container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
+ ## @param secondary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container
+ ## @param secondary.containerSecurityContext.runAsGroup Group ID for the MySQL secondary container
## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot
+ ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ ## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ## @param secondary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
##
containerSecurityContext:
enabled: true
+ seLinuxOptions: {}
runAsUser: 1001
+ runAsGroup: 1001
runAsNonRoot: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ readOnlyRootFilesystem: true
## MySQL secondary container's resource requests and limits
- ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param secondary.resources.limits The resources limits for MySQL secondary containers
- ## @param secondary.resources.requests The requested resources for MySQL secondary containers
+ ## @param secondary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
+ resourcesPreset: "small"
resources:
## Example:
## limits:
@@ -805,13 +949,34 @@ secondary:
## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers
##
extraEnvVarsSecret: ""
+ ## @param secondary.extraPodSpec Optionally specify extra PodSpec for the MySQL Secondary pod(s)
+ ##
+ extraPodSpec: {}
+ ## @param secondary.extraPorts Extra ports to expose
+ ##
+ extraPorts: []
## Enable persistence using Persistent Volume Claims
- ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
+ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim`
##
enabled: true
+ ## @param secondary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas
+ ## NOTE: When it's set the rest of persistence parameters are ignored
+ ##
+ existingClaim: ""
+ ## @param secondary.persistence.subPath The name of a volume's sub path to mount for persistence
+ ##
+ subPath: ""
+ ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+
## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class
## If defined, storageClassName:
## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -836,6 +1001,22 @@ secondary:
## app: my-app
##
selector: {}
+ ## Secondary Persistent Volume Claim Retention Policy
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
+ ##
+ persistentVolumeClaimRetentionPolicy:
+ ## @param secondary.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for read only StatefulSet
+ ##
+ enabled: false
+ ## @param secondary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
+ ##
+ whenScaled: Retain
+ ## @param secondary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
+ ##
+ whenDeleted: Retain
+ ## @param secondary.extraVolumes Optionally specify extra list of additional volumes to the MySQL secondary pod(s)
+ ##
+
## @param secondary.extraVolumes Optionally specify extra list of additional volumes to the MySQL secondary pod(s)
##
extraVolumes: []
@@ -872,14 +1053,18 @@ secondary:
##
type: ClusterIP
## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port
+ ## @param secondary.service.ports.mysqlx MySQL secondary Kubernetes service port mysqlx
##
ports:
mysql: 3306
+ mysqlx: 33060
## @param secondary.service.nodePorts.mysql MySQL secondary Kubernetes service node port
+ ## @param secondary.service.nodePorts.mysqlx MySQL secondary Kubernetes service node port mysqlx
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
mysql: ""
+ mysqlx: ""
## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP
## e.g:
## clusterIP: None
@@ -918,6 +1103,16 @@ secondary:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param secondary.service.headless.annotations Additional custom annotations for headless MySQL secondary service.
+ ##
+ annotations: {}
+ ## MySQL secondary Pod Disruption Budget configuration
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+ ##
+
## MySQL secondary Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
@@ -983,13 +1178,52 @@ networkPolicy:
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
##
enabled: false
- ## @param networkPolicy.allowExternal The Policy model to apply.
- ## When set to false, only pods with the correct
- ## client label will have network access to the port MySQL is listening
- ## on. When true, MySQL will accept connections from any source
- ## (with the correct destination port).
- ##
+ ## @param networkPolicy.allowExternal The Policy model to apply
+ ## When set to false, only pods with the correct client label will have network access to the ports MySQL is
+ ## listening on. When true, MySQL will accept connections from any source (with the correct destination port).
allowExternal: true
+ ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+ ##
+ allowExternalEgress: true
+ ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+ ## e.g:
+ ## extraIngress:
+ ## - ports:
+ ## - port: 1234
+ ## from:
+ ## - podSelector:
+ ## - matchLabels:
+ ## - role: frontend
+ ## - podSelector:
+ ## - matchExpressions:
+ ## - key: role
+ ## operator: In
+ ## values:
+ ## - frontend
+ ##
+ extraIngress: []
+ ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
+ ## e.g:
+ ## extraEgress:
+ ## - ports:
+ ## - port: 1234
+ ## to:
+ ## - podSelector:
+ ## - matchLabels:
+ ## - role: frontend
+ ## - podSelector:
+ ## - matchExpressions:
+ ## - key: role
+ ## operator: In
+ ## values:
+ ## - frontend
+ ##
+ extraEgress: []
+ ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+ ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+ ##
+ ingressNSMatchLabels: {}
+ ingressNSPodMatchLabels: {}
## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL
## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
## and that match other criteria, the ones that have the good label, can reach the DB.
@@ -1014,16 +1248,18 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
##
enabled: false
- ## @param volumePermissions.image.registry Init container volume-permissions image registry
- ## @param volumePermissions.image.repository Init container volume-permissions image repository
- ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
+ ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
+ ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
+ ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
+ ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
- repository: bitnami/bitnami-shell
- tag: 11-debian-11-r10
+ repository: bitnami/os-shell
+ tag: 12-debian-12-r24
+ digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@@ -1033,7 +1269,20 @@ volumePermissions:
## - myRegistryKeySecretName
##
pullSecrets: []
- ## @param volumePermissions.resources Init container volume-permissions resources
+ ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "nano"
+
+ ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
##
resources: {}
@@ -1045,16 +1294,18 @@ metrics:
## @param metrics.enabled Start a side-car prometheus exporter
##
enabled: ${mysqldb_exporter_enabled}
- ## @param metrics.image.registry Exporter image registry
- ## @param metrics.image.repository Exporter image repository
- ## @param metrics.image.tag Exporter image tag (immutable tags are recommended)
+ ## @param metrics.image.registry [default: REGISTRY_NAME] Exporter image registry
+ ## @param metrics.image.repository [default: REPOSITORY_NAME/mysqld-exporter] Exporter image repository
+ ## @skip metrics.image.tag Exporter image tag (immutable tags are recommended)
+ ## @param metrics.image.digest Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy Exporter image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r9
+ tag: 0.15.1-debian-12-r25
+ digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@@ -1064,6 +1315,34 @@ metrics:
## - myRegistryKeySecretName
##
pullSecrets: []
+ ## MySQL metrics container security context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param metrics.containerSecurityContext.enabled MySQL metrics container securityContext
+ ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+ ## @param metrics.containerSecurityContext.runAsUser User ID for the MySQL metrics container
+ ## @param metrics.containerSecurityContext.runAsGroup Group ID for the MySQL metrics container
+ ## @param metrics.containerSecurityContext.runAsNonRoot Set MySQL metrics container's Security Context runAsNonRoot
+ ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ ## @param metrics.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
+ ##
+ containerSecurityContext:
+ enabled: true
+ seLinuxOptions: {}
+ runAsUser: 1001
+ runAsGroup: 1001
+ runAsNonRoot: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ readOnlyRootFilesystem: true
+ ## @param metrics.containerPorts.http Container port for http
+ ##
+ containerPorts:
+ http: 9104
## MySQL Prometheus exporter service parameters
## Mysqld Prometheus exporter liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
@@ -1074,9 +1353,10 @@ metrics:
service:
type: ClusterIP
port: 9104
+ clusterIP: ""
annotations:
prometheus.io/scrape: "true"
- prometheus.io/path: "/metrics"
+ # prometheus.io/path: "/metrics"
prometheus.io/port: "{{ .Values.metrics.service.port }}"
## @param metrics.extraArgs.primary Extra args to be passed to mysqld_exporter on Primary pods
## @param metrics.extraArgs.secondary Extra args to be passed to mysqld_exporter on Secondary pods
@@ -1187,6 +1467,8 @@ metrics:
## @param metrics.resources.limits The resources limits for MySQL prometheus exporter containers
## @param metrics.resources.requests The requested resources for MySQL prometheus exporter containers
##
+ resourcesPreset: "nano"
+
resources:
## Example:
## limits:
@@ -1260,7 +1542,7 @@ metrics:
##
metricRelabelings: []
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
- ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
##
## selector:
## prometheus: my-prometheus
diff --git a/modules/backup/templates/cronjob.yaml b/modules/backup/templates/cronjob.yaml
index 4a94b24..714f0b1 100644
--- a/modules/backup/templates/cronjob.yaml
+++ b/modules/backup/templates/cronjob.yaml
@@ -13,7 +13,7 @@ spec:
spec:
template:
spec:
- affinity:
+ affinity:
{{- toYaml .Values.affinity | nindent 12 }}
restartPolicy: OnFailure
imagePullSecrets:
@@ -44,5 +44,5 @@ spec:
value: "s3"
- name: AWS_DEFAULT_REGION
value: {{ .Values.backup.aws_default_region }}
- resources:
+ resources:
{{- toYaml .Values.backupjob.resources | nindent 14 }}
diff --git a/variables.tf b/variables.tf
index c45bbf6..847805c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,13 +39,13 @@ variable "mysqldb_custom_credentials_config" {
variable "app_version" {
type = string
- default = "8.0.29-debian-11-r9"
+ default = "8.4.1-debian-12-r1"
description = "Version of the MySQL application that will be deployed."
}
variable "chart_version" {
type = string
- default = "9.2.0"
+ default = "11.1.7"
description = "Version of the Mysql chart that will be used to deploy MySQL application."
}