-
Notifications
You must be signed in to change notification settings - Fork 139
Expand file tree
/
Copy pathvalues.yaml
More file actions
428 lines (403 loc) · 16.8 KB
/
values.yaml
File metadata and controls
428 lines (403 loc) · 16.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
## @section Global parameters
global:
## @param global.imageRegistry Global Docker Image registry
imageRegistry: ""
## @param global.imagePullSecrets Global Docker registry secret names as an array
imagePullSecrets: []
## @section Common parameters
## @param nameOverride String to partially override mariadb.fullname
nameOverride: ""
## @param fullnameOverride String to fully override mariadb.fullname
fullnameOverride: ""
## @param namespaceOverride String to override the namespace for all resources
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
commonAnnotations: {}
## @section MariaDB image parameters
image:
## @param image.registry MariaDB image registry
registry: docker.io
## @param image.repository MariaDB image repository
repository: mariadb
## @param image.tag MariaDB image tag (immutable tags are recommended)
tag: "12.2.2@sha256:e0236fc6386e7eacd9359e59d0a078bd7aa0d18280d36d13061121bedeaee903"
## @param image.pullPolicy MariaDB image pull policy
imagePullPolicy: Always
## @section MariaDB Authentication parameters
auth:
## @param auth.enabled MariaDB authentication enabled or disabled
enabled: true
## @param auth.rootPassword MariaDB root password
rootPassword: ""
## @param auth.database MariaDB custom database
database: ""
## @param auth.username MariaDB custom user name
username: ""
## @param auth.password MariaDB custom user password
password: ""
## @param auth.existingSecret Name of existing secret to use for MariaDB credentials
existingSecret: ""
## @param auth.allowEmptyRootPassword Allow the root user of MariaDB to have no password set
allowEmptyRootPassword: ""
## @param auth.secretKeys.rootPasswordKey Name of key in existing secret to use for root password
## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for user password
secretKeys:
rootPasswordKey: mariadb-root-password
userPasswordKey: mariadb-password
## @section MariaDB configuration parameters
config:
## @param config.customConfiguration Custom configuration for MariaDB
customConfiguration: ""
## @param config.existingConfigMap Name of existing ConfigMap with MariaDB configuration
existingConfigMap: ""
## @section Galera Cluster parameters
galera:
## @param galera.enabled Enable Galera Cluster mode
enabled: false
## @param galera.name Galera cluster name
name: "galera"
## @param galera.bootstrap.enabled Enable bootstrap mode for the first node in the cluster
bootstrap:
enabled: true
## @param galera.replicaCount Number of nodes in the Galera cluster
replicaCount: 3
## @param galera.wsrepProvider Path to wsrep provider library
wsrepProvider: "/usr/lib/galera/libgalera_smm.so"
## @param galera.wsrepMethod Method for state snapshot transfers
## Options: mariabackup, mysqldump, rsync
wsrepMethod: "mariabackup"
## @param galera.forceSafeToBootstrap Force safe_to_bootstrap=1 in grastate.dat
forceSafeToBootstrap: false
## @param galera.wsrepSlaveThreads Number of slave threads for applying writesets
wsrepSlaveThreads: 1
## @param galera.wsrepCertifyNonPK Require primary key for replication
wsrepCertifyNonPK: true
## @param galera.wsrepMaxWsRows Maximum number of rows in writeset
wsrepMaxWsRows: 0
## @param galera.wsrepMaxWsSize Maximum size of writeset in bytes
wsrepMaxWsSize: "1073741824"
## @param galera.wsrepDebug Enable wsrep debugging
wsrepDebug: false
## @param galera.wsrepRetryAutocommit Number of times to retry autocommit
wsrepRetryAutocommit: 1
## @param galera.wsrepAutoIncrementControl Enable auto increment control
wsrepAutoIncrementControl: true
## @param galera.wsrepDrupalHack Enable Drupal compatibility hack
wsrepDrupalHack: false
## @param galera.wsrepLogConflicts Log conflicts to error log
wsrepLogConflicts: false
## @param galera.innodb.flushLogAtTrxCommit InnoDB flush log at transaction commit
innodb:
flushLogAtTrxCommit: 0
## @param galera.innodb.bufferPoolSize InnoDB buffer pool size
bufferPoolSize: "128M"
## @param galera.sst SST specific configuration
sst:
## @param galera.sst.user SST user for authentication
user: ""
## @param galera.sst.password SST password for authentication
password: ""
## @param galera.sst.existingSecret Existing secret containing SST credentials
existingSecret: ""
## @param galera.sst.secretKeys.userKey Secret key for SST user
## @param galera.sst.secretKeys.passwordKey Secret key for SST password
secretKeys:
userKey: sst-user
passwordKey: sst-password
## @param galera.recovery Enable Galera recovery options
recovery:
## @param galera.recovery.enabled Enable automatic recovery
enabled: true
## @param galera.recovery.clusterBootstrap Enable cluster bootstrap in recovery
clusterBootstrap: true
## @section MariaDB service parameters
service:
## @param service.type MariaDB service type
type: ClusterIP
## @param service.port MariaDB service port
port: 3306
## @param service.nodePort Node port for MariaDB service
nodePort: ""
## @param service.clusterIP Static cluster IP or "None" for headless service
clusterIP: ""
## @param service.annotations Additional custom annotations for MariaDB service
annotations: {}
## @section Persistence parameters
persistence:
## @param persistence.enabled Enable MariaDB data persistence using PVC
enabled: true
## @param persistence.existingClaim Name of an existing PersistentVolumeClaim to use for MariaDB data volume
existingClaim: ""
## @param persistence.storageClass PVC Storage Class for MariaDB data volume
storageClass: ""
## @param persistence.accessModes PVC Access modes
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for MariaDB data volume
size: 8Gi
## @param persistence.annotations Additional custom annotations for the PVC
annotations: {}
## @param persistence.labels Labels for persistent volume claims
labels: {}
## @param persistence.selector Additional labels for the PVC
selector: {}
## @section MariaDB Pod Security Context
podSecurityContext:
## @param podSecurityContext.fsGroup Set MariaDB pod's Security Context fsGroup
fsGroup: 999
## @section MariaDB Container Security Context
containerSecurityContext:
## @param containerSecurityContext.runAsUser Set MariaDB container's Security Context runAsUser
runAsUser: 999
## @param containerSecurityContext.runAsNonRoot Set MariaDB container's Security Context runAsNonRoot
runAsNonRoot: true
## @param containerSecurityContext.allowPrivilegeEscalation Set MariaDB container's privilege escalation
allowPrivilegeEscalation: false
## @param containerSecurityContext.readOnlyRootFilesystem Set MariaDB container's Security Context readOnlyRootFilesystem
readOnlyRootFilesystem: false
## @param priorityClassName Priority class for the MariaDB instance
priorityClassName: ""
## @section Resources parameters
resources:
{}
## @param resources.limits The resources limits for the MariaDB containers
## limits:
## memory: 300Mi
## @param resources.requests The requested resources for the MariaDB containers
## requests:
## memory: 300Mi
## cpu: 100m
## @section Service Account
serviceAccount:
## @param serviceAccount.create Specifies whether a service account should be created
create: false
## @param serviceAccount.annotations Annotations to add to the service account
annotations: {}
## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the `fullname` template.
name: ""
## @param serviceAccount.automountServiceAccountToken whether to automount the SA token inside the pod
automountServiceAccountToken: false
## @section Extra Configs
## @param extraEnvVars Additional environment variables to set
extraEnvVars: []
# - name: CUSTOM_VAR
# value: "custom-value"
# - name: SECRET_VAR
# valueFrom:
# secretKeyRef:
# name: my-secret
# key: secret-key
## @param command Override default container command (useful for custom initialization or maintenance tasks)
command: []
# - /bin/bash
# - -c
# - sleep infinity
## @param args Override default container args (if command is also set)
args: []
## @param extraSecrets A list of additional existing secrets that will be mounted into the container
extraSecrets: []
## - name: secret
## defaultMode: 0440
## mountPath: /mnt/secret
## @param extraConfigs A list of additional existing configMaps that will be mounted into the container
extraConfigs: []
## - name: config
## defaultMode: 0440
## mountPath: /mnt/config
## @param extraVolumes A list of additional existing volumes that will be mounted into the container
extraVolumes: []
## - name: volume
## mountPath: /mnt/tmp
## pvcName: pvc-001
## @section Initialization scripts
## @param initdbScriptsConfigMap Name of a ConfigMap with initialization scripts
## The ConfigMap should contain one or more keys ending in .sql, .sql.gz or .sh
## Example:
## apiVersion: v1
## kind: ConfigMap
## metadata:
## name: mariadb-initdb
## data:
## 01-init.sql: |
## CREATE DATABASE mydb;
## CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypassword';
## GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'@'%';
initdbScriptsConfigMap: ""
## @section MariaDB container's liveness probe parameters
livenessProbe:
## @param livenessProbe.enabled Enable livenessProbe on MariaDB containers
enabled: true
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
initialDelaySeconds: 30
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
periodSeconds: 10
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
timeoutSeconds: 1
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
failureThreshold: 3
## @param livenessProbe.successThreshold Success threshold for livenessProbe
successThreshold: 1
## @section MariaDB container's readiness probe parameters
readinessProbe:
## @param readinessProbe.enabled Enable readinessProbe on MariaDB containers
enabled: true
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
initialDelaySeconds: 5
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
periodSeconds: 10
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
timeoutSeconds: 1
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
failureThreshold: 3
## @param readinessProbe.successThreshold Success threshold for readinessProbe
successThreshold: 1
## @section MariaDB container's startup probe parameters
startupProbe:
## @param startupProbe.enabled Enable startupProbe on MariaDB containers
enabled: false
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
initialDelaySeconds: 30
## @param startupProbe.periodSeconds Period seconds for startupProbe
periodSeconds: 10
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
timeoutSeconds: 1
## @param startupProbe.failureThreshold Failure threshold for startupProbe
failureThreshold: 15
## @param startupProbe.successThreshold Success threshold for startupProbe
successThreshold: 1
## @section MariaDB healthcheck parameters
## @param healthcheckExtraArgs Extra arguments to pass to healthcheck.sh script in probes (e.g., --datadir=/custom/path)
healthcheckExtraArgs: ""
## @section Pod Disruption Budget configuration
podDisruptionBudget:
## @param podDisruptionBudget.enabled Enable a Pod Disruption Budget creation
enabled: false
## @param podDisruptionBudget.minAvailable Min number of pods that must still be available after the eviction
minAvailable: 1
## @param podDisruptionBudget.maxUnavailable Max number of pods that can be unavailable after the eviction
maxUnavailable: ""
## @section Ingress parameters
ingress:
## @param ingress.enabled Enable ingress record generation for MariaDB
enabled: false
## @param ingress.className IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
className: ""
## @param ingress.annotations Additional annotations for the Ingress resource
annotations:
kubernetes.io/hostname: mariadb.local
## @param ingress.hosts An array with hosts and paths
hosts:
- host: mariadb.local
paths:
- path: /
pathType: Prefix
## @param ingress.tls TLS configuration for the Ingress
tls: []
## @section Gateway API parameters
## TLS termination happens at the Gateway listener level, not at the backend service.
## To serve traffic from an HTTPS listener, set sectionName to the listener's name:
##
## parentRefs:
## - name: my-gateway
## sectionName: https # matches the HTTPS listener defined in the Gateway resource
##
## The backend always receives plain HTTP traffic regardless of the listener protocol.
gatewayAPI:
httpRoute:
## @param gatewayAPI.httpRoute.enabled Enable Gateway API HTTPRoute generation for MariaDB
enabled: false
## @param gatewayAPI.httpRoute.annotations Additional annotations for the HTTPRoute resource
annotations: {}
## @param gatewayAPI.httpRoute.parentRefs References to the parent Gateways
parentRefs:
- name: gateway
namespace: ""
sectionName: ""
## @param gatewayAPI.httpRoute.hostnames List of hostnames to match
hostnames:
- mariadb.local
## @param gatewayAPI.httpRoute.rules HTTPRoute rules
rules:
- matches:
- path:
type: PathPrefix
value: /
## @section Network Policy configuration
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
allowExternal: true
## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces
ingressNSMatchLabels: {}
## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces
ingressNSPodMatchLabels: {}
## @section Pod configuration
podAnnotations: {}
podLabels: {}
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: {}
## @param extraObjects Array of extra objects to deploy with the release
extraObjects: []
## @section Metrics
metrics:
## @param metrics.enabled Enable metrics exporter sidecar
enabled: false
## @param metrics.image.registry Metrics exporter image registry
## @param metrics.image.repository Metrics exporter image repository
## @param metrics.image.tag Metrics exporter image tag (immutable tags are recommended)
## @param metrics.image.pullPolicy Metrics exporter image pull policy
image:
registry: docker.io
repository: prom/mysqld-exporter
tag: "v0.18.0@sha256:2598c0571f383708e19016d119bb45c06128a9ebc962c9f49483278ac5a94c41"
pullPolicy: Always
## @param metrics.port Metrics exporter port
port: 9104
## @param metrics.containerSecurityContext Security context for metrics container
containerSecurityContext:
runAsUser: 65534
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
## @param metrics.resources Resource limits and requests for metrics container
resources: {}
# limits:
# memory: 64Mi
# requests:
# memory: 64Mi
# cpu: 10m
## @param metrics.extraEnvVars Additional environment variables for metrics exporter
extraEnvVars: []
# - name: CUSTOM_VAR
# value: "custom-value"
## @param metrics.livenessProbe.enabled Enable livenessProbe for metrics container
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param metrics.readinessProbe.enabled Enable readinessProbe for metrics container
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1