mysql
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
##
21
global:
22
imageRegistry: ""
23
## E.g.
24
## imagePullSecrets:
25
## - myRegistryKeySecretName
26
##
27
imagePullSecrets: []
28
defaultStorageClass: ""
29
storageClass: ""
30
## Security parameters
31
##
32
security:
33
## @param global.security.allowInsecureImages Allows skipping image verification
34
allowInsecureImages: false
35
## Compatibility adaptations for Kubernetes platforms
36
##
37
compatibility:
38
## Compatibility adaptations for Openshift
39
##
40
openshift:
41
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
42
##
43
adaptSecurityContext: auto
44
org: ""
45
## @section Common parameters
46
##
47
48
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
49
##
50
kubeVersion: ""
51
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
52
##
53
nameOverride: ""
54
## @param fullnameOverride String to fully override common.names.fullname template
55
##
56
fullnameOverride: ""
57
## @param namespaceOverride String to fully override common.names.namespace
58
##
59
namespaceOverride: ""
60
## @param clusterDomain Cluster domain
61
##
62
clusterDomain: cluster.local
63
## @param commonAnnotations Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template
64
##
65
commonAnnotations: {}
66
## @param commonLabels Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template
67
##
68
commonLabels: {}
69
## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template
70
##
71
extraDeploy: []
72
## @param serviceBindings.enabled Create secret for service binding (Experimental)
73
## Ref: https://servicebinding.io/service-provider/
74
##
75
serviceBindings:
76
enabled: false
77
## Enable diagnostic mode in the deployment
78
##
79
diagnosticMode:
80
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
81
##
82
enabled: false
83
## @param diagnosticMode.command Command to override all containers in the deployment
84
##
85
command:
86
- sleep
87
## @param diagnosticMode.args Args to override all containers in the deployment
88
##
89
args:
90
- infinity
91
## @section MySQL common parameters
92
##
93
94
## Iamguarded MySQL image
95
## @param image.registry [default: REGISTRY_NAME] MySQL image registry
96
## @param image.repository [default: REPOSITORY_NAME/mysql] MySQL image repository
97
## @skip image.tag MySQL image tag (immutable tags are recommended)
98
## @param image.digest MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
99
## @param image.pullPolicy MySQL image pull policy
100
## @param image.pullSecrets Specify docker-registry secret names as an array
101
## @param image.debug Specify if debug logs should be enabled
102
##
103
image:
104
registry: cgr.dev
105
repository: chainguard-private/mysql-iamguarded
106
tag: 8.4.8
107
digest: ""
108
## Specify a imagePullPolicy
109
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
110
##
111
pullPolicy: IfNotPresent
112
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
113
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
114
## Example:
115
## pullSecrets:
116
## - myRegistryKeySecretName
117
##
118
pullSecrets: []
119
## Set to true if you would like to see extra information on logs
120
## It turns BASH and/or NAMI debugging in the image
121
##
122
debug: false
123
## @param architecture MySQL architecture (`standalone` or `replication`)
124
##
125
architecture: standalone
126
## MySQL Authentication parameters
127
##
128
auth:
129
## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided
130
##
131
rootPassword: ""
132
## @param auth.createDatabase Whether to create the .Values.auth.database or not
133
##
134
createDatabase: true
135
## @param auth.database Name for a custom database to create
136
##
137
database: "my_database"
138
## @param auth.username Name for a custom user to create
139
##
140
username: ""
141
## @param auth.password Password for the new user. Ignored if existing secret is provided
142
##
143
password: ""
144
## @param auth.replicationUser MySQL replication user
145
##
146
replicationUser: replicator
147
## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided
148
##
149
replicationPassword: ""
150
## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password`
151
## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored.
152
##
153
existingSecret: ""
154
## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
155
##
156
usePasswordFiles: true
157
## @param auth.customPasswordFiles Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication`
158
## Example:
159
## customPasswordFiles:
160
## root: /vault/secrets/mysql-root
161
## user: /vault/secrets/mysql-user
162
## replicator: /vault/secrets/mysql-replicator
163
##
164
customPasswordFiles: {}
165
## @param auth.authenticationPolicy Sets the authentication policy, by default it will use `* ,,`
166
## ref: https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_authentication_policy
167
##
168
authenticationPolicy: ""
169
## @param initdbScripts Dictionary of initdb scripts
170
## Specify dictionary of scripts to be run at first boot
171
## Example:
172
## initdbScripts:
173
## my_init_script.sh: |
174
## #!/bin/bash
175
## echo "Do something."
176
##
177
initdbScripts: {}
178
## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)
179
##
180
initdbScriptsConfigMap: ""
181
## @param startdbScripts Dictionary of startdb scripts
182
## Specify dictionary of scripts to be run every time the container is started
183
## Example:
184
## startdbScripts:
185
## my_start_script.sh: |
186
## #!/bin/bash
187
## echo "Do something."
188
##
189
startdbScripts: {}
190
## @param startdbScriptsConfigMap ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`)
191
##
192
startdbScriptsConfigMap: ""
193
## @section TLS/SSL parameters
194
##
195
## @param tls.enabled Enable TLS in MySQL
196
## @param tls.existingSecret Existing secret that contains TLS certificates
197
## @param tls.certFilename The secret key from the existingSecret if 'cert' key different from the default (tls.crt)
198
## @param tls.certKeyFilename The secret key from the existingSecret if 'key' key different from the default (tls.key)
199
## @param tls.certCAFilename The secret key from the existingSecret if 'ca' key different from the default (tls.crt)
200
## @param tls.ca CA certificate for TLS. Ignored if `tls.existingSecret` is set
201
## @param tls.cert TLS certificate for MySQL. Ignored if `tls.existingSecret` is set
202
## @param tls.key TLS key for MySQL. Ignored if `tls.existingSecret` is set
203
##
204
tls:
205
enabled: false
206
existingSecret: ""
207
certFilename: tls.crt
208
certKeyFilename: tls.key
209
certCAFilename: ""
210
ca: ""
211
cert: ""
212
key: ""
213
## @param tls.autoGenerated.enabled Enable automatic generation of certificates for TLS
214
## @param tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
215
autoGenerated:
216
enabled: true
217
engine: helm
218
## @param tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
219
## @param tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
220
## @param tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
221
## @param tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
222
## @param tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
223
## @param tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
224
certManager:
225
existingIssuer: ""
226
existingIssuerKind: ""
227
keySize: 2048
228
keyAlgorithm: RSA
229
duration: 2160h
230
renewBefore: 360h
231
## @section MySQL Primary parameters
232
##
233
primary:
234
## @param primary.name Name of the primary database (eg primary, master, leader, ...)
235
##
236
name: primary
237
## @param primary.command Override default container command on MySQL Primary container(s) (useful when using custom images)
238
##
239
command: []
240
## @param primary.args Override default container args on MySQL Primary container(s) (useful when using custom images)
241
##
242
args: []
243
## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup
244
##
245
lifecycleHooks: {}
246
## @param primary.automountServiceAccountToken Mount Service Account token in pod
247
##
248
automountServiceAccountToken: false
249
## @param primary.hostAliases Deployment pod host aliases
250
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
251
##
252
hostAliases: []
253
## @param primary.enableMySQLX Enable mysqlx port
254
## ref: https://dev.mysql.com/doc/dev/mysql-server/latest/mysqlx_protocol_xplugin.html
255
##
256
enableMySQLX: false
257
## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file
258
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
259
##
260
configuration: |-
261
[mysqld]
262
authentication_policy='{{- .Values.auth.authenticationPolicy | default "* ,," }}'
263
skip-name-resolve
264
explicit_defaults_for_timestamp
265
basedir=/opt/iamguarded/mysql
266
plugin_dir=/opt/iamguarded/mysql/lib/plugin
267
port={{ .Values.primary.containerPorts.mysql }}
268
mysqlx={{ ternary 1 0 .Values.primary.enableMySQLX }}
269
mysqlx_port={{ .Values.primary.containerPorts.mysqlx }}
270
socket=/opt/iamguarded/mysql/tmp/mysql.sock
271
datadir=/iamguarded/mysql/data
272
tmpdir=/opt/iamguarded/mysql/tmp
273
max_allowed_packet=16M
274
bind-address=*
275
pid-file=/opt/iamguarded/mysql/tmp/mysqld.pid
276
log-error=/opt/iamguarded/mysql/logs/mysqld.log
277
character-set-server=UTF8
278
slow_query_log=0
279
long_query_time=10.0
280
{{- if .Values.tls.enabled }}
281
ssl_cert=/opt/iamguarded/mysql/certs/{{ .Values.tls.certFilename }}
282
ssl_key=/opt/iamguarded/mysql/certs/{{ .Values.tls.certKeyFilename }}
283
{{- if (include "mysql.tlsCACert" .) }}
284
ssl_ca={{ include "mysql.tlsCACert" . }}
285
{{- end }}
286
{{- end }}
287
288
[client]
289
port={{ .Values.primary.containerPorts.mysql }}
290
socket=/opt/iamguarded/mysql/tmp/mysql.sock
291
default-character-set=UTF8
292
plugin_dir=/opt/iamguarded/mysql/lib/plugin
293
294
[manager]
295
port={{ .Values.primary.containerPorts.mysql }}
296
socket=/opt/iamguarded/mysql/tmp/mysql.sock
297
pid-file=/opt/iamguarded/mysql/tmp/mysqld.pid
298
## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration.
299
## NOTE: When it's set the 'configuration' parameter is ignored
300
##
301
existingConfigmap: ""
302
## @param primary.containerPorts.mysql Container port for mysql
303
## @param primary.containerPorts.mysqlx Container port for mysqlx
304
##
305
containerPorts:
306
mysql: 3306
307
mysqlx: 33060
308
## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset
309
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
310
##
311
updateStrategy:
312
type: RollingUpdate
313
## @param primary.podAnnotations Additional pod annotations for MySQL primary pods
314
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
315
##
316
podAnnotations: {}
317
## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
318
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
319
##
320
podAffinityPreset: ""
321
## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
322
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
323
##
324
podAntiAffinityPreset: soft
325
## MySQL Primary node affinity preset
326
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
327
##
328
nodeAffinityPreset:
329
## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
330
##
331
type: ""
332
## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set.
333
## E.g.
334
## key: "kubernetes.io/e2e-az-name"
335
##
336
key: ""
337
## @param primary.nodeAffinityPreset.values MySQL primary node label values to match. Ignored if `primary.affinity` is set.
338
## E.g.
339
## values:
340
## - e2e-az1
341
## - e2e-az2
342
##
343
values: []
344
## @param primary.affinity Affinity for MySQL primary pods assignment
345
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
346
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
347
##
348
affinity: {}
349
## @param primary.nodeSelector Node labels for MySQL primary pods assignment
350
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
351
##
352
nodeSelector: {}
353
## @param primary.tolerations Tolerations for MySQL primary pods assignment
354
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
355
##
356
tolerations: []
357
## @param primary.priorityClassName MySQL primary pods' priorityClassName
358
##
359
priorityClassName: ""
360
## @param primary.runtimeClassName MySQL primary pods' runtimeClassName
361
##
362
runtimeClassName: ""
363
## @param primary.schedulerName Name of the k8s scheduler (other than default)
364
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
365
##
366
schedulerName: ""
367
## @param primary.terminationGracePeriodSeconds In seconds, time the given to the MySQL primary pod needs to terminate gracefully
368
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
369
##
370
terminationGracePeriodSeconds: ""
371
## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment
372
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
373
## The value is evaluated as a template
374
##
375
topologySpreadConstraints: []
376
## @param primary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL primary pods
377
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
378
##
379
podManagementPolicy: ""
380
## MySQL primary Pod security context
381
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
382
## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods
383
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
384
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
385
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
386
## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
387
##
388
podSecurityContext:
389
enabled: true
390
fsGroupChangePolicy: Always
391
sysctls: []
392
supplementalGroups: []
393
fsGroup: 1001
394
## MySQL primary container security context
395
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
396
## @param primary.containerSecurityContext.enabled MySQL primary container securityContext
397
## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
398
## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container
399
## @param primary.containerSecurityContext.runAsGroup Group ID for the MySQL primary container
400
## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot
401
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
402
## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
403
## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile
404
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
405
##
406
containerSecurityContext:
407
enabled: true
408
seLinuxOptions: {}
409
runAsUser: 1001
410
runAsGroup: 1001
411
runAsNonRoot: true
412
allowPrivilegeEscalation: false
413
capabilities:
414
drop: ["ALL"]
415
seccompProfile:
416
type: "RuntimeDefault"
417
readOnlyRootFilesystem: true
418
## MySQL primary container's resource requests and limits
419
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
420
## We usually recommend not to specify default resources and to leave this as a conscious
421
## choice for the user. This also increases chances charts run on environments with little
422
## resources, such as Minikube. If you do want to specify resources, uncomment the following
423
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
424
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
425
## NOTE: The "nano" and "micro" presets allocate extremely low CPU/memory. These values may cause MySQL to fail during startup (e.g., OOMKilled, readiness/liveness probe failures)
426
##
427
resourcesPreset: "small"
428
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
429
## Example:
430
## resources:
431
## requests:
432
## cpu: 2
433
## memory: 512Mi
434
## limits:
435
## cpu: 3
436
## memory: 1024Mi
437
##
438
resources: {}
439
## Configure extra options for liveness probe
440
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
441
## @param primary.livenessProbe.enabled Enable livenessProbe
442
## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
443
## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe
444
## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
445
## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe
446
## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe
447
##
448
livenessProbe:
449
enabled: true
450
initialDelaySeconds: 5
451
periodSeconds: 10
452
timeoutSeconds: 1
453
failureThreshold: 3
454
successThreshold: 1
455
## Configure extra options for readiness probe
456
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
457
## @param primary.readinessProbe.enabled Enable readinessProbe
458
## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
459
## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe
460
## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
461
## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe
462
## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe
463
##
464
readinessProbe:
465
enabled: true
466
initialDelaySeconds: 5
467
periodSeconds: 10
468
timeoutSeconds: 1
469
failureThreshold: 3
470
successThreshold: 1
471
## Configure extra options for startupProbe probe
472
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
473
## @param primary.startupProbe.enabled Enable startupProbe
474
## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
475
## @param primary.startupProbe.periodSeconds Period seconds for startupProbe
476
## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe
477
## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe
478
## @param primary.startupProbe.successThreshold Success threshold for startupProbe
479
##
480
startupProbe:
481
enabled: true
482
initialDelaySeconds: 15
483
periodSeconds: 10
484
timeoutSeconds: 1
485
failureThreshold: 10
486
successThreshold: 1
487
## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers
488
##
489
customLivenessProbe: {}
490
## @param primary.customReadinessProbe Override default readiness probe for MySQL primary containers
491
##
492
customReadinessProbe: {}
493
## @param primary.customStartupProbe Override default startup probe for MySQL primary containers
494
##
495
customStartupProbe: {}
496
## @param primary.extraFlags MySQL primary additional command line flags
497
## Can be used to specify command line flags, for example:
498
## E.g.
499
## extraFlags: "--max-connect-errors=1000 --max_connections=155"
500
##
501
extraFlags: ""
502
## @param primary.extraEnvVars Extra environment variables to be set on MySQL primary containers
503
## E.g.
504
## extraEnvVars:
505
## - name: TZ
506
## value: "Europe/Paris"
507
##
508
extraEnvVars: []
509
## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers
510
##
511
extraEnvVarsCM: ""
512
## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers
513
##
514
extraEnvVarsSecret: ""
515
## @param primary.extraPodSpec Optionally specify extra PodSpec for the MySQL Primary pod(s)
516
##
517
extraPodSpec: {}
518
## @param primary.extraPorts Extra ports to expose
519
##
520
extraPorts: []
521
## Enable persistence using Persistent Volume Claims
522
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
523
##
524
persistence:
525
## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
526
##
527
enabled: true
528
## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas
529
## NOTE: When it's set the rest of persistence parameters are ignored
530
##
531
existingClaim: ""
532
## @param primary.persistence.subPath The name of a volume's sub path to mount for persistence
533
##
534
subPath: ""
535
## @param primary.persistence.storageClass MySQL primary persistent volume storage Class
536
## If defined, storageClassName: <storageClass>
537
## If set to "-", storageClassName: "", which disables dynamic provisioning
538
## If undefined (the default) or set to null, no storageClassName spec is
539
## set, choosing the default provisioner. (gp2 on AWS, standard on
540
## GKE, AWS & OpenStack)
541
##
542
storageClass: ""
543
## @param primary.persistence.annotations MySQL primary persistent volume claim annotations
544
##
545
annotations: {}
546
## @param primary.persistence.accessModes MySQL primary persistent volume access Modes
547
##
548
accessModes:
549
- ReadWriteOnce
550
## @param primary.persistence.size MySQL primary persistent volume size
551
##
552
size: 8Gi
553
## @param primary.persistence.selector Selector to match an existing Persistent Volume
554
## selector:
555
## matchLabels:
556
## app: my-app
557
##
558
selector: {}
559
## Primary Persistent Volume Claim Retention Policy
560
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
561
##
562
persistentVolumeClaimRetentionPolicy:
563
## @param primary.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Primary StatefulSet
564
##
565
enabled: false
566
## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
567
##
568
whenScaled: Retain
569
## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
570
##
571
whenDeleted: Retain
572
## @param primary.extraVolumes Optionally specify extra list of additional volumes to the MySQL Primary pod(s)
573
##
574
extraVolumes: []
575
## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s)
576
##
577
extraVolumeMounts: []
578
## @param primary.initContainers Add additional init containers for the MySQL Primary pod(s)
579
##
580
initContainers: []
581
## @param primary.enableDefaultInitContainers enables (or disables if false) the default init containers (logs-symlinks, volume permissions)
582
##
583
enableDefaultInitContainers: true
584
## @param primary.sidecars Add additional sidecar containers for the MySQL Primary pod(s)
585
##
586
sidecars: []
587
## MySQL Primary Service parameters
588
##
589
service:
590
## @param primary.service.type MySQL Primary K8s service type
591
##
592
type: ClusterIP
593
## @param primary.service.ports.mysql MySQL Primary K8s service port
594
## @param primary.service.ports.mysqlx MySQL Primary K8s service mysqlx port
595
##
596
ports:
597
mysql: 3306
598
mysqlx: 33060
599
## @param primary.service.nodePorts.mysql MySQL Primary K8s service node port
600
## @param primary.service.nodePorts.mysqlx MySQL Primary K8s service node port mysqlx
601
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
602
##
603
nodePorts:
604
mysql: ""
605
mysqlx: ""
606
## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP
607
## e.g:
608
## clusterIP: None
609
##
610
clusterIP: ""
611
## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer`
612
## Set the LoadBalancer service type to internal only
613
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
614
##
615
loadBalancerIP: ""
616
## @param primary.service.externalTrafficPolicy Enable client source IP preservation
617
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
618
##
619
externalIPs: []
620
## @param primary.service.externalIPs MySQL Primary K8s service externalIPs
621
## ref https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
622
##
623
externalTrafficPolicy: Cluster
624
## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL Primary service is LoadBalancer
625
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
626
## E.g.
627
## loadBalancerSourceRanges:
628
## - 10.10.10.0/24
629
##
630
loadBalancerSourceRanges: []
631
## @param primary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
632
##
633
extraPorts: []
634
## @param primary.service.annotations Additional custom annotations for MySQL primary service
635
##
636
annotations: {}
637
## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
638
## If "ClientIP", consecutive client requests will be directed to the same Pod
639
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
640
##
641
sessionAffinity: None
642
## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity
643
## sessionAffinityConfig:
644
## clientIP:
645
## timeoutSeconds: 300
646
##
647
sessionAffinityConfig: {}
648
## Headless service properties
649
##
650
headless:
651
## @param primary.service.headless.annotations Additional custom annotations for headless MySQL primary service.
652
##
653
annotations: {}
654
## MySQL primary Pod Disruption Budget configuration
655
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
656
##
657
pdb:
658
## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation for MySQL primary pods
659
##
660
create: true
661
## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled
662
##
663
minAvailable: ""
664
## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty.
665
##
666
maxUnavailable: ""
667
## @param primary.podLabels MySQL Primary pod label. If labels are same as commonLabels , this will take precedence
668
##
669
podLabels: {}
670
## @section MySQL Secondary parameters
671
##
672
secondary:
673
## @param secondary.name Name of the secondary database (eg secondary, slave, ...)
674
##
675
name: secondary
676
## @param secondary.replicaCount Number of MySQL secondary replicas
677
##
678
replicaCount: 1
679
## @param secondary.automountServiceAccountToken Mount Service Account token in pod
680
##
681
automountServiceAccountToken: false
682
## @param secondary.hostAliases Deployment pod host aliases
683
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
684
##
685
hostAliases: []
686
## @param secondary.command Override default container command on MySQL Secondary container(s) (useful when using custom images)
687
##
688
command: []
689
## @param secondary.args Override default container args on MySQL Secondary container(s) (useful when using custom images)
690
##
691
args: []
692
## @param secondary.lifecycleHooks for the MySQL Secondary container(s) to automate configuration before or after startup
693
##
694
lifecycleHooks: {}
695
## @param secondary.enableMySQLX Enable mysqlx port
696
## ref: https://dev.mysql.com/doc/dev/mysql-server/latest/mysqlx_protocol_xplugin.html
697
##
698
enableMySQLX: false
699
## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file
700
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
701
##
702
configuration: |-
703
[mysqld]
704
authentication_policy='{{- .Values.auth.authenticationPolicy | default "* ,," }}'
705
skip-name-resolve
706
explicit_defaults_for_timestamp
707
basedir=/opt/iamguarded/mysql
708
plugin_dir=/opt/iamguarded/mysql/lib/plugin
709
port={{ .Values.secondary.containerPorts.mysql }}
710
mysqlx={{ ternary 1 0 .Values.secondary.enableMySQLX }}
711
mysqlx_port={{ .Values.secondary.containerPorts.mysqlx }}
712
socket=/opt/iamguarded/mysql/tmp/mysql.sock
713
datadir=/iamguarded/mysql/data
714
tmpdir=/opt/iamguarded/mysql/tmp
715
max_allowed_packet=16M
716
bind-address=*
717
pid-file=/opt/iamguarded/mysql/tmp/mysqld.pid
718
log-error=/opt/iamguarded/mysql/logs/mysqld.log
719
character-set-server=UTF8
720
slow_query_log=0
721
long_query_time=10.0
722
{{- if .Values.tls.enabled }}
723
ssl_cert=/opt/iamguarded/mysql/certs/{{ .Values.tls.certFilename }}
724
ssl_key=/opt/iamguarded/mysql/certs/{{ .Values.tls.certKeyFilename }}
725
{{- if (include "mysql.tlsCACert" .) }}
726
ssl_ca={{ include "mysql.tlsCACert" . }}
727
{{- end }}
728
{{- end }}
729
730
[client]
731
port={{ .Values.secondary.containerPorts.mysql }}
732
socket=/opt/iamguarded/mysql/tmp/mysql.sock
733
default-character-set=UTF8
734
plugin_dir=/opt/iamguarded/mysql/lib/plugin
735
736
[manager]
737
port={{ .Values.secondary.containerPorts.mysql }}
738
socket=/opt/iamguarded/mysql/tmp/mysql.sock
739
pid-file=/opt/iamguarded/mysql/tmp/mysqld.pid
740
## @param secondary.existingConfigmap Name of existing ConfigMap with MySQL Secondary configuration.
741
## NOTE: When it's set the 'configuration' parameter is ignored
742
##
743
existingConfigmap: ""
744
## @param secondary.containerPorts.mysql Container port for mysql
745
## @param secondary.containerPorts.mysqlx Container port for mysqlx
746
##
747
containerPorts:
748
mysql: 3306
749
mysqlx: 33060
750
## @param secondary.updateStrategy.type Update strategy type for the MySQL secondary statefulset
751
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
752
##
753
updateStrategy:
754
type: RollingUpdate
755
## @param secondary.podAnnotations Additional pod annotations for MySQL secondary pods
756
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
757
##
758
podAnnotations: {}
759
## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`
760
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
761
##
762
podAffinityPreset: ""
763
## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`
764
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
765
## Allowed values: soft, hard
766
##
767
podAntiAffinityPreset: soft
768
## MySQL Secondary node affinity preset
769
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
770
##
771
nodeAffinityPreset:
772
## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`
773
##
774
type: ""
775
## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set.
776
## E.g.
777
## key: "kubernetes.io/e2e-az-name"
778
##
779
key: ""
780
## @param secondary.nodeAffinityPreset.values MySQL secondary node label values to match. Ignored if `secondary.affinity` is set.
781
## E.g.
782
## values:
783
## - e2e-az1
784
## - e2e-az2
785
##
786
values: []
787
## @param secondary.affinity Affinity for MySQL secondary pods assignment
788
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
789
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
790
##
791
affinity: {}
792
## @param secondary.nodeSelector Node labels for MySQL secondary pods assignment
793
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
794
##
795
nodeSelector: {}
796
## @param secondary.tolerations Tolerations for MySQL secondary pods assignment
797
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
798
##
799
tolerations: []
800
## @param secondary.priorityClassName MySQL secondary pods' priorityClassName
801
##
802
priorityClassName: ""
803
## @param secondary.runtimeClassName MySQL secondary pods' runtimeClassName
804
##
805
runtimeClassName: ""
806
## @param secondary.schedulerName Name of the k8s scheduler (other than default)
807
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
808
##
809
schedulerName: ""
810
## @param secondary.terminationGracePeriodSeconds In seconds, time the given to the MySQL secondary pod needs to terminate gracefully
811
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
812
##
813
terminationGracePeriodSeconds: ""
814
## @param secondary.topologySpreadConstraints Topology Spread Constraints for pod assignment
815
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
816
## The value is evaluated as a template
817
##
818
topologySpreadConstraints: []
819
## @param secondary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL secondary pods
820
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
821
##
822
podManagementPolicy: ""
823
## MySQL secondary Pod security context
824
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
825
## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods
826
## @param secondary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
827
## @param secondary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
828
## @param secondary.podSecurityContext.supplementalGroups Set filesystem extra groups
829
## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
830
##
831
podSecurityContext:
832
enabled: true
833
fsGroupChangePolicy: Always
834
sysctls: []
835
supplementalGroups: []
836
fsGroup: 1001
837
## MySQL secondary container security context
838
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
839
## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
840
## @param secondary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
841
## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container
842
## @param secondary.containerSecurityContext.runAsGroup Group ID for the MySQL secondary container
843
## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot
844
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
845
## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
846
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
847
## @param secondary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
848
##
849
containerSecurityContext:
850
enabled: true
851
seLinuxOptions: {}
852
runAsUser: 1001
853
runAsGroup: 1001
854
runAsNonRoot: true
855
allowPrivilegeEscalation: false
856
capabilities:
857
drop: ["ALL"]
858
seccompProfile:
859
type: "RuntimeDefault"
860
readOnlyRootFilesystem: true
861
## MySQL secondary container's resource requests and limits
862
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
863
## We usually recommend not to specify default resources and to leave this as a conscious
864
## choice for the user. This also increases chances charts run on environments with little
865
## resources, such as Minikube. If you do want to specify resources, uncomment the following
866
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
867
## @param secondary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production).
868
##
869
resourcesPreset: "small"
870
## @param secondary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
871
## Example:
872
## resources:
873
## requests:
874
## cpu: 2
875
## memory: 512Mi
876
## limits:
877
## cpu: 3
878
## memory: 1024Mi
879
##
880
resources: {}
881
## Configure extra options for liveness probe
882
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
883
## @param secondary.livenessProbe.enabled Enable livenessProbe
884
## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
885
## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe
886
## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
887
## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe
888
## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe
889
##
890
livenessProbe:
891
enabled: true
892
initialDelaySeconds: 5
893
periodSeconds: 10
894
timeoutSeconds: 1
895
failureThreshold: 3
896
successThreshold: 1
897
## Configure extra options for readiness probe
898
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
899
## @param secondary.readinessProbe.enabled Enable readinessProbe
900
## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
901
## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe
902
## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
903
## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe
904
## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe
905
##
906
readinessProbe:
907
enabled: true
908
initialDelaySeconds: 5
909
periodSeconds: 10
910
timeoutSeconds: 1
911
failureThreshold: 3
912
successThreshold: 1
913
## Configure extra options for startupProbe probe
914
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
915
## @param secondary.startupProbe.enabled Enable startupProbe
916
## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
917
## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe
918
## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe
919
## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe
920
## @param secondary.startupProbe.successThreshold Success threshold for startupProbe
921
##
922
startupProbe:
923
enabled: true
924
initialDelaySeconds: 15
925
periodSeconds: 10
926
timeoutSeconds: 1
927
failureThreshold: 15
928
successThreshold: 1
929
## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers
930
##
931
customLivenessProbe: {}
932
## @param secondary.customReadinessProbe Override default readiness probe for MySQL secondary containers
933
##
934
customReadinessProbe: {}
935
## @param secondary.customStartupProbe Override default startup probe for MySQL secondary containers
936
##
937
customStartupProbe: {}
938
## @param secondary.extraFlags MySQL secondary additional command line flags
939
## Can be used to specify command line flags, for example:
940
## E.g.
941
## extraFlags: "--max-connect-errors=1000 --max_connections=155"
942
##
943
extraFlags: ""
944
## @param secondary.extraEnvVars An array to add extra environment variables on MySQL secondary containers
945
## E.g.
946
## extraEnvVars:
947
## - name: TZ
948
## value: "Europe/Paris"
949
##
950
extraEnvVars: []
951
## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers
952
##
953
extraEnvVarsCM: ""
954
## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers
955
##
956
extraEnvVarsSecret: ""
957
## @param secondary.extraPodSpec Optionally specify extra PodSpec for the MySQL Secondary pod(s)
958
##
959
extraPodSpec: {}
960
## @param secondary.extraPorts Extra ports to expose
961
##
962
extraPorts: []
963
## Enable persistence using Persistent Volume Claims
964
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
965
##
966
persistence:
967
## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim`
968
##
969
enabled: true
970
## @param secondary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas
971
## NOTE: When it's set the rest of persistence parameters are ignored
972
##
973
existingClaim: ""
974
## @param secondary.persistence.subPath The name of a volume's sub path to mount for persistence
975
##
976
subPath: ""
977
## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class
978
## If defined, storageClassName: <storageClass>
979
## If set to "-", storageClassName: "", which disables dynamic provisioning
980
## If undefined (the default) or set to null, no storageClassName spec is
981
## set, choosing the default provisioner. (gp2 on AWS, standard on
982
## GKE, AWS & OpenStack)
983
##
984
storageClass: ""
985
## @param secondary.persistence.annotations MySQL secondary persistent volume claim annotations
986
##
987
annotations: {}
988
## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes
989
##
990
accessModes:
991
- ReadWriteOnce
992
## @param secondary.persistence.size MySQL secondary persistent volume size
993
##
994
size: 8Gi
995
## @param secondary.persistence.selector Selector to match an existing Persistent Volume
996
## selector:
997
## matchLabels:
998
## app: my-app
999
##
1000
selector: {}
1001
## Secondary Persistent Volume Claim Retention Policy
1002
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1003
##
1004
persistentVolumeClaimRetentionPolicy:
1005
## @param secondary.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for read only StatefulSet
1006
##
1007
enabled: false
1008
## @param secondary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1009
##
1010
whenScaled: Retain
1011
## @param secondary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1012
##
1013
whenDeleted: Retain
1014
## @param secondary.extraVolumes Optionally specify extra list of additional volumes to the MySQL secondary pod(s)
1015
##
1016
extraVolumes: []
1017
## @param secondary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s)
1018
##
1019
extraVolumeMounts: []
1020
## @param secondary.initContainers Add additional init containers for the MySQL secondary pod(s)
1021
##
1022
initContainers: []
1023
## @param secondary.enableDefaultInitContainers enables (or disables if false) the default init containers (logs-symlinks, volume permissions)
1024
##
1025
enableDefaultInitContainers: true
1026
## @param secondary.sidecars Add additional sidecar containers for the MySQL secondary pod(s)
1027
##
1028
sidecars: []
1029
## MySQL Secondary Service parameters
1030
##
1031
service:
1032
## @param secondary.service.type MySQL secondary Kubernetes service type
1033
##
1034
type: ClusterIP
1035
## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port
1036
## @param secondary.service.ports.mysqlx MySQL secondary Kubernetes service port mysqlx
1037
##
1038
ports:
1039
mysql: 3306
1040
mysqlx: 33060
1041
## @param secondary.service.nodePorts.mysql MySQL secondary Kubernetes service node port
1042
## @param secondary.service.nodePorts.mysqlx MySQL secondary Kubernetes service node port mysqlx
1043
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1044
##
1045
nodePorts:
1046
mysql: ""
1047
mysqlx: ""
1048
## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP
1049
## e.g:
1050
## clusterIP: None
1051
##
1052
clusterIP: ""
1053
## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer`
1054
## Set the LoadBalancer service type to internal only
1055
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1056
##
1057
loadBalancerIP: ""
1058
## @param secondary.service.externalTrafficPolicy Enable client source IP preservation
1059
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1060
##
1061
externalIPs: []
1062
## @param secondary.service.externalIPs MySQL Secondary K8s service externalIPs
1063
## ref https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
1064
##
1065
externalTrafficPolicy: Cluster
1066
## @param secondary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL secondary service is LoadBalancer
1067
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1068
## E.g.
1069
## loadBalancerSourceRanges:
1070
## - 10.10.10.0/24
1071
##
1072
loadBalancerSourceRanges: []
1073
## @param secondary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1074
##
1075
extraPorts: []
1076
## @param secondary.service.annotations Additional custom annotations for MySQL secondary service
1077
##
1078
annotations: {}
1079
## @param secondary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1080
## If "ClientIP", consecutive client requests will be directed to the same Pod
1081
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1082
##
1083
sessionAffinity: None
1084
## @param secondary.service.sessionAffinityConfig Additional settings for the sessionAffinity
1085
## sessionAffinityConfig:
1086
## clientIP:
1087
## timeoutSeconds: 300
1088
##
1089
sessionAffinityConfig: {}
1090
## Headless service properties
1091
##
1092
headless:
1093
## @param secondary.service.headless.annotations Additional custom annotations for headless MySQL secondary service.
1094
##
1095
annotations: {}
1096
## MySQL secondary Pod Disruption Budget configuration
1097
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1098
##
1099
pdb:
1100
## @param secondary.pdb.create Enable/disable a Pod Disruption Budget creation for MySQL secondary pods
1101
##
1102
create: true
1103
## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled
1104
##
1105
minAvailable: ""
1106
## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable. Defaults to `1` if both `secondary.pdb.minAvailable` and `secondary.pdb.maxUnavailable` are empty.
1107
##
1108
maxUnavailable: ""
1109
## @param secondary.podLabels Additional pod labels for MySQL secondary pods
1110
##
1111
podLabels: {}
1112
## @section RBAC parameters
1113
##
1114
1115
## MySQL pods ServiceAccount
1116
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1117
##
1118
serviceAccount:
1119
## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods
1120
##
1121
create: true
1122
## @param serviceAccount.name Name of the created ServiceAccount
1123
## If not set and create is true, a name is generated using the mysql.fullname template
1124
##
1125
name: ""
1126
## @param serviceAccount.annotations Annotations for MySQL Service Account
1127
##
1128
annotations: {}
1129
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1130
##
1131
automountServiceAccountToken: false
1132
## Role Based Access
1133
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
1134
##
1135
rbac:
1136
## @param rbac.create Whether to create & use RBAC resources or not
1137
##
1138
create: false
1139
## @param rbac.rules Custom RBAC rules to set
1140
## e.g:
1141
## rules:
1142
## - apiGroups:
1143
## - ""
1144
## resources:
1145
## - pods
1146
## verbs:
1147
## - get
1148
## - list
1149
##
1150
rules: []
1151
## @section Network Policy
1152
##
1153
1154
## Network Policy configuration
1155
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1156
##
1157
networkPolicy:
1158
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
1159
##
1160
enabled: true
1161
## @param networkPolicy.allowExternal The Policy model to apply
1162
## When set to false, only pods with the correct client label will have network access to the ports MySQL is
1163
## listening on. When true, MySQL will accept connections from any source (with the correct destination port).
1164
##
1165
allowExternal: true
1166
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1167
##
1168
allowExternalEgress: true
1169
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1170
## e.g:
1171
## extraIngress:
1172
## - ports:
1173
## - port: 1234
1174
## from:
1175
## - podSelector:
1176
## - matchLabels:
1177
## - role: frontend
1178
## - podSelector:
1179
## - matchExpressions:
1180
## - key: role
1181
## operator: In
1182
## values:
1183
## - frontend
1184
##
1185
extraIngress: []
1186
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1187
## e.g:
1188
## extraEgress:
1189
## - ports:
1190
## - port: 1234
1191
## to:
1192
## - podSelector:
1193
## - matchLabels:
1194
## - role: frontend
1195
## - podSelector:
1196
## - matchExpressions:
1197
## - key: role
1198
## operator: In
1199
## values:
1200
## - frontend
1201
##
1202
extraEgress: []
1203
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1204
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1205
##
1206
ingressNSMatchLabels: {}
1207
ingressNSPodMatchLabels: {}
1208
## @section Password update job
1209
##
1210
passwordUpdateJob:
1211
## @param passwordUpdateJob.enabled Enable password update job
1212
##
1213
enabled: false
1214
## @param passwordUpdateJob.backoffLimit set backoff limit of the job
1215
##
1216
backoffLimit: 10
1217
## @param passwordUpdateJob.command Override default container command on mysql Primary container(s) (useful when using custom images)
1218
##
1219
command: []
1220
## @param passwordUpdateJob.args Override default container args on mysql Primary container(s) (useful when using custom images)
1221
##
1222
args: []
1223
## @param passwordUpdateJob.extraCommands Extra commands to pass to the generation job
1224
##
1225
extraCommands: ""
1226
## @param passwordUpdateJob.previousPasswords.rootPassword Previous root password (set if the password secret was already changed)
1227
## @param passwordUpdateJob.previousPasswords.password Previous password (set if the password secret was already changed)
1228
## @param passwordUpdateJob.previousPasswords.replicationPassword Previous replication password (set if the password secret was already changed)
1229
## @param passwordUpdateJob.previousPasswords.existingSecret Name of a secret containing the previous passwords (set if the password secret was already changed)
1230
previousPasswords:
1231
rootPassword: ""
1232
password: ""
1233
replicationPassword: ""
1234
existingSecret: ""
1235
## Configure Container Security Context
1236
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1237
## @param passwordUpdateJob.containerSecurityContext.enabled Enabled containers' Security Context
1238
## @param passwordUpdateJob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1239
## @param passwordUpdateJob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1240
## @param passwordUpdateJob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1241
## @param passwordUpdateJob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1242
## @param passwordUpdateJob.containerSecurityContext.privileged Set container's Security Context privileged
1243
## @param passwordUpdateJob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1244
## @param passwordUpdateJob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1245
## @param passwordUpdateJob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1246
## @param passwordUpdateJob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1247
##
1248
containerSecurityContext:
1249
enabled: true
1250
seLinuxOptions: {}
1251
runAsUser: 1001
1252
runAsGroup: 1001
1253
runAsNonRoot: true
1254
privileged: false
1255
readOnlyRootFilesystem: true
1256
allowPrivilegeEscalation: false
1257
capabilities:
1258
drop: ["ALL"]
1259
seccompProfile:
1260
type: "RuntimeDefault"
1261
## Configure Pods Security Context
1262
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1263
## @param passwordUpdateJob.podSecurityContext.enabled Enabled credential init job pods' Security Context
1264
## @param passwordUpdateJob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1265
## @param passwordUpdateJob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1266
## @param passwordUpdateJob.podSecurityContext.supplementalGroups Set filesystem extra groups
1267
## @param passwordUpdateJob.podSecurityContext.fsGroup Set credential init job pod's Security Context fsGroup
1268
##
1269
podSecurityContext:
1270
enabled: true
1271
fsGroupChangePolicy: Always
1272
sysctls: []
1273
supplementalGroups: []
1274
fsGroup: 1001
1275
## @param passwordUpdateJob.extraEnvVars Array containing extra env vars to configure the credential init job
1276
## For example:
1277
## extraEnvVars:
1278
## - name: GF_DEFAULT_INSTANCE_NAME
1279
## value: my-instance
1280
##
1281
extraEnvVars: []
1282
## @param passwordUpdateJob.extraEnvVarsCM ConfigMap containing extra env vars to configure the credential init job
1283
##
1284
extraEnvVarsCM: ""
1285
## @param passwordUpdateJob.extraEnvVarsSecret Secret containing extra env vars to configure the credential init job (in case of sensitive data)
1286
##
1287
extraEnvVarsSecret: ""
1288
## @param passwordUpdateJob.extraVolumes Optionally specify extra list of additional volumes for the credential init job
1289
##
1290
extraVolumes: []
1291
## @param passwordUpdateJob.extraVolumeMounts Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with `extraVolumes`.
1292
##
1293
extraVolumeMounts: []
1294
## @param passwordUpdateJob.initContainers Add additional init containers for the mysql Primary pod(s)
1295
##
1296
initContainers: []
1297
## Container resource requests and limits
1298
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1299
## @param passwordUpdateJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if passwordUpdateJob.resources is set (passwordUpdateJob.resources is recommended for production).
1300
##
1301
resourcesPreset: "micro"
1302
## @param passwordUpdateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1303
## Example:
1304
## resources:
1305
## requests:
1306
## cpu: 2
1307
## memory: 512Mi
1308
## limits:
1309
## cpu: 3
1310
## memory: 1024Mi
1311
##
1312
resources: {}
1313
## @param passwordUpdateJob.customLivenessProbe Custom livenessProbe that overrides the default one
1314
##
1315
customLivenessProbe: {}
1316
## @param passwordUpdateJob.customReadinessProbe Custom readinessProbe that overrides the default one
1317
##
1318
customReadinessProbe: {}
1319
## @param passwordUpdateJob.customStartupProbe Custom startupProbe that overrides the default one
1320
##
1321
customStartupProbe: {}
1322
## @param passwordUpdateJob.automountServiceAccountToken Mount Service Account token in pod
1323
##
1324
automountServiceAccountToken: false
1325
## @param passwordUpdateJob.hostAliases Add deployment host aliases
1326
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1327
##
1328
hostAliases: []
1329
## @param passwordUpdateJob.annotations [object] Add annotations to the job
1330
##
1331
annotations: {}
1332
## @param passwordUpdateJob.podLabels Additional pod labels
1333
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1334
##
1335
podLabels: {}
1336
## @param passwordUpdateJob.podAnnotations Additional pod annotations
1337
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1338
##
1339
podAnnotations: {}
1340
## @section Volume Permissions parameters
1341
##
1342
1343
## Init containers parameters:
1344
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
1345
##
1346
volumePermissions:
1347
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
1348
##
1349
enabled: false
1350
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
1351
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
1352
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
1353
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1354
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
1355
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
1356
##
1357
image:
1358
registry: cgr.dev
1359
repository: chainguard-private/os-shell-iamguarded
1360
tag: 1.0.0
1361
digest: ""
1362
pullPolicy: IfNotPresent
1363
## Optionally specify an array of imagePullSecrets.
1364
## Secrets must be manually created in the namespace.
1365
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1366
## e.g:
1367
## pullSecrets:
1368
## - myRegistryKeySecretName
1369
##
1370
pullSecrets: []
1371
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
1372
##
1373
resourcesPreset: "nano"
1374
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1375
## Example:
1376
## resources:
1377
## requests:
1378
## cpu: 2
1379
## memory: 512Mi
1380
## limits:
1381
## cpu: 3
1382
## memory: 1024Mi
1383
##
1384
resources: {}
1385
## @section Metrics parameters
1386
##
1387
1388
## Mysqld Prometheus exporter parameters
1389
##
1390
metrics:
1391
## @param metrics.enabled Start a side-car prometheus exporter
1392
##
1393
enabled: false
1394
## @param metrics.image.registry [default: REGISTRY_NAME] Exporter image registry
1395
## @param metrics.image.repository [default: REPOSITORY_NAME/mysqld-exporter] Exporter image repository
1396
## @skip metrics.image.tag Exporter image tag (immutable tags are recommended)
1397
## @param metrics.image.digest Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1398
## @param metrics.image.pullPolicy Exporter image pull policy
1399
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
1400
##
1401
image:
1402
registry: cgr.dev
1403
repository: chainguard-private/prometheus-mysqld-exporter-iamguarded
1404
tag: 0.18.0
1405
digest: ""
1406
pullPolicy: IfNotPresent
1407
## Optionally specify an array of imagePullSecrets.
1408
## Secrets must be manually created in the namespace.
1409
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1410
## e.g:
1411
## pullSecrets:
1412
## - myRegistryKeySecretName
1413
##
1414
pullSecrets: []
1415
## MySQL metrics container security context
1416
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1417
## @param metrics.containerSecurityContext.enabled MySQL metrics container securityContext
1418
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1419
## @param metrics.containerSecurityContext.runAsUser User ID for the MySQL metrics container
1420
## @param metrics.containerSecurityContext.runAsGroup Group ID for the MySQL metrics container
1421
## @param metrics.containerSecurityContext.runAsNonRoot Set MySQL metrics container's Security Context runAsNonRoot
1422
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
1423
## @param metrics.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
1424
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1425
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
1426
##
1427
containerSecurityContext:
1428
enabled: true
1429
seLinuxOptions: {}
1430
runAsUser: 1001
1431
runAsGroup: 1001
1432
runAsNonRoot: true
1433
allowPrivilegeEscalation: false
1434
capabilities:
1435
drop: ["ALL"]
1436
seccompProfile:
1437
type: "RuntimeDefault"
1438
readOnlyRootFilesystem: true
1439
## @param metrics.containerPorts.http Container port for http
1440
##
1441
containerPorts:
1442
http: 9104
1443
## MySQL Prometheus exporter service parameters
1444
## Mysqld Prometheus exporter liveness and readiness probes
1445
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1446
## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter
1447
## @param metrics.service.clusterIP Kubernetes service clusterIP for MySQL Prometheus Exporter
1448
## @param metrics.service.port MySQL Prometheus Exporter service port
1449
## @param metrics.service.annotations [object] Prometheus exporter service annotations
1450
##
1451
service:
1452
type: ClusterIP
1453
port: 9104
1454
clusterIP: ""
1455
annotations:
1456
prometheus.io/scrape: "true"
1457
prometheus.io/port: "{{ .Values.metrics.service.port }}"
1458
## @param metrics.extraArgs.primary Extra args to be passed to mysqld_exporter on Primary pods
1459
## @param metrics.extraArgs.secondary Extra args to be passed to mysqld_exporter on Secondary pods
1460
## ref: https://github.com/prometheus/mysqld_exporter/
1461
## E.g.
1462
## - --collect.auto_increment.columns
1463
## - --collect.binlog_size
1464
## - --collect.engine_innodb_status
1465
## - --collect.engine_tokudb_status
1466
## - --collect.global_status
1467
## - --collect.global_variables
1468
## - --collect.info_schema.clientstats
1469
## - --collect.info_schema.innodb_metrics
1470
## - --collect.info_schema.innodb_tablespaces
1471
## - --collect.info_schema.innodb_cmp
1472
## - --collect.info_schema.innodb_cmpmem
1473
## - --collect.info_schema.processlist
1474
## - --collect.info_schema.processlist.min_time
1475
## - --collect.info_schema.query_response_time
1476
## - --collect.info_schema.tables
1477
## - --collect.info_schema.tables.databases
1478
## - --collect.info_schema.tablestats
1479
## - --collect.info_schema.userstats
1480
## - --collect.perf_schema.eventsstatements
1481
## - --collect.perf_schema.eventsstatements.digest_text_limit
1482
## - --collect.perf_schema.eventsstatements.limit
1483
## - --collect.perf_schema.eventsstatements.timelimit
1484
## - --collect.perf_schema.eventswaits
1485
## - --collect.perf_schema.file_events
1486
## - --collect.perf_schema.file_instances
1487
## - --collect.perf_schema.indexiowaits
1488
## - --collect.perf_schema.tableiowaits
1489
## - --collect.perf_schema.tablelocks
1490
## - --collect.perf_schema.replication_group_member_stats
1491
## - --collect.slave_status
1492
## - --collect.slave_hosts
1493
## - --collect.heartbeat
1494
## - --collect.heartbeat.database
1495
## - --collect.heartbeat.table
1496
##
1497
extraArgs:
1498
primary: []
1499
secondary: []
1500
## Mysqld Prometheus exporter resource requests and limits
1501
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1502
## We usually recommend not to specify default resources and to leave this as a conscious
1503
## choice for the user. This also increases chances charts run on environments with little
1504
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1505
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1506
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
1507
##
1508
resourcesPreset: "nano"
1509
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1510
## Example:
1511
## resources:
1512
## requests:
1513
## cpu: 2
1514
## memory: 512Mi
1515
## limits:
1516
## cpu: 3
1517
## memory: 1024Mi
1518
##
1519
resources: {}
1520
## Mysqld Prometheus exporter liveness probe
1521
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1522
## @param metrics.livenessProbe.enabled Enable livenessProbe
1523
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1524
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1525
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1526
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1527
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1528
##
1529
livenessProbe:
1530
enabled: true
1531
initialDelaySeconds: 120
1532
periodSeconds: 10
1533
timeoutSeconds: 1
1534
successThreshold: 1
1535
failureThreshold: 3
1536
## Mysqld Prometheus exporter readiness probe
1537
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1538
## @param metrics.readinessProbe.enabled Enable readinessProbe
1539
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1540
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1541
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1542
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1543
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1544
##
1545
readinessProbe:
1546
enabled: true
1547
initialDelaySeconds: 30
1548
periodSeconds: 10
1549
timeoutSeconds: 1
1550
successThreshold: 1
1551
failureThreshold: 3
1552
## Prometheus Service Monitor
1553
## ref: https://github.com/coreos/prometheus-operator
1554
##
1555
serviceMonitor:
1556
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
1557
##
1558
enabled: false
1559
## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created
1560
##
1561
namespace: ""
1562
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1563
##
1564
jobLabel: ""
1565
## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped
1566
##
1567
interval: 30s
1568
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
1569
## e.g:
1570
## scrapeTimeout: 30s
1571
##
1572
scrapeTimeout: ""
1573
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1574
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1575
##
1576
relabelings: []
1577
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1578
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1579
##
1580
metricRelabelings: []
1581
## @param metrics.serviceMonitor.selector ServiceMonitor selector labels
1582
##
1583
## selector:
1584
## prometheus: my-prometheus
1585
##
1586
selector: {}
1587
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
1588
##
1589
honorLabels: false
1590
## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
1591
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
1592
##
1593
labels: {}
1594
## @param metrics.serviceMonitor.annotations ServiceMonitor annotations
1595
##
1596
annotations: {}
1597
## Prometheus Operator prometheusRule configuration
1598
##
1599
prometheusRule:
1600
## @param metrics.prometheusRule.enabled Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
1601
##
1602
enabled: false
1603
## @param metrics.prometheusRule.namespace Namespace for the prometheusRule Resource (defaults to the Release Namespace)
1604
##
1605
namespace: ""
1606
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRule will be discovered by Prometheus
1607
##
1608
additionalLabels: {}
1609
## @param metrics.prometheusRule.rules Prometheus Rule definitions
1610
## - alert: Mysql-Down
1611
## expr: absent(up{job="mysql"} == 1)
1612
## for: 5m
1613
## labels:
1614
## severity: warning
1615
## service: mysql
1616
## annotations:
1617
## message: 'mysql instance {{`{{`}} $labels.instance {{`}}`}} is down'
1618
## summary: mysql instance is down
1619
##
1620
rules: []
1621