Merge branch 'main' into support/improve-mysql-addon

addons/kafka-cluster/Chart.yaml

@@ -8,7 +8,7 @@ dependencies:
     alias: extra
 
 type: application
-version: 0.8.0
+version: 0.8.1
 appVersion: 3.3.2
 
 home: https://github.com/apecloud/kubeblocks/tree/main/deploy/kafka-cluster

addons/kafka-cluster/templates/cluster.yaml

@@ -5,7 +5,7 @@ metadata:
   labels: {{ include "kblib.clusterLabels" . | nindent 4 }}
   annotations:
     "kubeblocks.io/extra-env": '{"KB_KAFKA_ENABLE_SASL":"{{ $.Values.saslEnable }}","KB_KAFKA_BROKER_HEAP":"{{ $.Values.brokerHeap }}","KB_KAFKA_CONTROLLER_HEAP":"{{ $.Values.controllerHeap }}","KB_KAFKA_PUBLIC_ACCESS":"{{ $.Values.extra.publiclyAccessible }}", "KB_KAFKA_BROKER_NODEPORT": "{{ $.Values.nodePortEnabled }}"}'
-    {{ include "kafka-cluster.brokerAddrFeatureGate" . | nindent 4 }}
+    {{- include "kafka-cluster.brokerAddrFeatureGate" . | nindent 4 }}
 spec:
   clusterDefinitionRef: kafka # ref clusterdefinition.name
   clusterVersionRef: {{ .Values.version }}
@@ -16,7 +16,11 @@ spec:
       serviceName: bootstrap
       componentSelector: broker
       spec:
+        {{- if .Values.nodePortEnabled }}
+        type: NodePort
+        {{- else }}
         type: ClusterIP
+        {{- end }}
         ports:
           - name: kafka-client
             targetPort: 9092

addons/mogdb-cluster/templates/rbac.yaml

@@ -1,15 +1,28 @@
+{{- include "kblib.rbac" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  name: kubeblocks-switchover-pod-role
+  name: {{ printf "%s-switchover-role" (include "kblib.clusterName" .) }}
   labels:
-    app.kubernetes.io/instance: kubeblocks
-    app.kubernetes.io/name: kubeblocks
+    {{- include "kblib.clusterLabels" . | nindent 4 }}
     app.kubernetes.io/required-by: pod
 rules:
   - apiGroups: [""]
     resources: ["pods/exec"]
     verbs: ["create"]
 ---
-{{- include "kblib.rbac" . }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ printf "%s-switchover" (include "kblib.clusterName" .) }}
+  labels:
+    {{- include "kblib.clusterLabels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ printf "%s-switchover-role" (include "kblib.clusterName" .) }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ printf "kb-%s" (include "kblib.clusterName" .) }}
+    namespace: {{ .Release.Namespace }}

addons/mogdb-cluster/values.schema.json

@@ -27,8 +27,8 @@
         "number",
         "string"
       ],
-      "default": 0.5,
-      "minimum": 0.5,
+      "default": 1,
+      "minimum": 1,
       "maximum": 64,
       "multipleOf": 0.5
     },
@@ -39,8 +39,8 @@
         "number",
         "string"
       ],
-      "default": 0.5,
-      "minimum": 0.5,
+      "default": 1,
+      "minimum": 1,
       "maximum": 1000
     },
     "storage": {

addons/mogdb-cluster/values.yaml

@@ -8,19 +8,19 @@ version: mogdb-5.0.5
 
 ## @param mode postgresql cluster topology mode, standalone, replication
 ##
-mode: standalone
+mode: replication
 
 ## @param replicas specify cluster replicas
 ##
-replicas: 1
+replicas: 2
 
 ## @param cpu
 ##
-cpu: 0.5
+cpu: 1
 
 ## @param memory, the unit is Gi
 ##
-memory: 0.5
+memory: 1
 
 ## @param requests.cpu if not set, use cpu
 ## @param requests.memory, if not set, use memory
@@ -31,6 +31,4 @@ requests:
 
 ## @param storage size, the unit is Gi
 ##
-storage: 20
-
-customRBAC: true
+storage: 20

addons/mogdb/scripts/switchover.sh

@@ -5,7 +5,7 @@ set -x
 # do switchover
 echo "INFO: doing switchover.."
 echo "INFO: candidate: ${candidate}"
-kubectl exec -it mc-mogdb-1 -c mogdb -- gosu omm gs_ctl switchover
+kubectl exec -it ${candidate} -c mogdb -- gosu omm gs_ctl switchover
 
 # check if switchover successfully.
 echo "INFO: start to check if switchover successfully, timeout is 60s"
@@ -15,7 +15,7 @@ while true; do
   if [ ! -z ${candidate} ]; then
      # if candidate specified, only check it
      role=$(kubectl get pod ${candidate} -ojson | jq -r '.metadata.labels["kubeblocks.io/role"]')
-     if [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
+     if [ "$role" == "Primary" ] || [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
         echo "INFO: switchover successfully, ${candidate} is ${role}"
         exit 0
      fi
@@ -25,7 +25,7 @@ while true; do
     for podName in ${pods}; do
        if [ "${podName}" != "${primary}" ];then
          role=$(kubectl get pod ${podName} -ojson | jq -r '.metadata.labels["kubeblocks.io/role"]')
-         if [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
+         if [ "$role" == "Primary" ] || [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
             echo "INFO: switchover successfully, ${podName} is ${role}"
             exit 0
          fi

addons/mogdb/templates/clusterdefinition.yaml

@@ -17,25 +17,25 @@ spec:
       workloadType: Stateful
       rsmSpec:
         roles:
-          - name: primary
+          - name: Primary
             accessMode: ReadWrite
             isLeader: true
-          - name: standby
+          - name: Standby
             accessMode: Readonly
             isLeader: false
         roleProbe:
           customHandler:
             - image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
               command:
+                - /bin/bash
+                - -c
                 - |
-                  original_role=$(su -l omm -c "gsql -h 127.0.0.1 -p 26000  -U ${KB_RSM_USERNAME} -W \"${KB_RSM_PASSWORD}\" -dpostgres -t -c 'select local_role from pg_stat_get_wal_senders() limit 1'")
-                  if [ -z "$original_role" ]; then
-                    original_role=$(su -l omm -c "gsql -h 127.0.0.1 -p 26000  -U ${KB_RSM_USERNAME} -W \"${KB_RSM_PASSWORD}\" -dpostgres -t -c 'select local_role from pg_stat_get_wal_receiver() limit 1'")
+                  role=$(gsql -h 127.0.0.1 -p 26000  -U ${MOGDB_USER} -W "${MOGDB_PASSWORD}" -dpostgres -t -c "select local_role from pg_stat_get_stream_replications() limit 1" | xargs echo -n)
+                  if [ "$role"x == "Normal"x ]; then
+                    echo -n "Primary"
+                  else
+                    echo -n $role
                   fi
-                
-                  role=$(echo ${original_role} | tr 'A-Z' 'a-z')
-                  echo -n "$role"
-
       characterType: mogdb
       configSpecs:
         - name: mogdb-configuration
@@ -98,47 +98,47 @@ spec:
                 set -ex
                 MogDB_Role=
                 REPL_CONN_INFO=
-  
+
                 cat >>/home/omm/.profile <<-EOF
                 export OG_SUBNET="0.0.0.0/0"
                 export PGHOST="/var/lib/mogdb/tmp"
                 export PGPORT="$PGPORT"
                 EOF
                 [[ -d "$PGHOST" ]] || (mkdir -p $PGHOST && chown omm $PGHOST)
-  
+
                 hostname=`hostname`
                 [[ "$hostname" =~ -([0-9]+)$ ]] || exit 1
-                ordinal=${BASH_REMATCH[1]}                
+                ordinal=${BASH_REMATCH[1]}
                 if [[ $ordinal -eq 0 ]];then
                   MogDB_Role="primary"
                 else
                   MogDB_Role="standby"
-                  
+
                   if [ -n "$PGPORT" ];then
                     ha_port=$(expr $PGPORT + 1)
                     ha_service_port=$(expr $PGPORT + 2)
                   else
                     ha_port=$(expr 5432 + 1)
-                    ha_service_port=$(expr 5432 + 2)                    
+                    ha_service_port=$(expr 5432 + 2)
                   fi
-                  
+
                   cat >/tmp/replconninfo.conf
                   for ((i=0; i<$ordinal; i++)); do
                     echo "$hostname $PodIP" |ncat --send-only ${KB_CLUSTER_COMP_NAME}-${i}.${KB_CLUSTER_COMP_NAME}-headless 6543
                     remote_ip=`ping ${KB_CLUSTER_COMP_NAME}-${i}.${KB_CLUSTER_COMP_NAME}-headless -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
-                
+
                     echo "replconninfo$((i+1)) = 'localhost=$PodIP localport=${ha_port} localservice=${ha_service_port} remotehost=$remote_ip remoteport=${ha_port} remoteservice=${ha_service_port}'" >> /tmp/replconninfo.conf
                   done
-                
+
                   #echo "$hostname $PodIP" |ncat --send-only ${KB_CLUSTER_COMP_NAME}-0.${KB_CLUSTER_COMP_NAME}-headless 6543
                   #remote_ip=`ping ${KB_CLUSTER_COMP_NAME}-0.${KB_CLUSTER_COMP_NAME}-headless -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
-              
+
                   # REPL_CONN_INFO="replconninfo${ordinal} = 'localhost=$PodIP localport=${ha_port} localservice=${ha_service_port} remotehost=$remote_ip remoteport=${ha_port} remoteservice=${ha_service_port}'"
                 fi
-  
+
                 [[ -n "$REPL_CONN_INFO" ]] && export REPL_CONN_INFO
                 source /home/omm/.profile
-           
+
                 cp /home/omm/conf/* /tmp/
                 chmod 777 /tmp/postgresql.conf /tmp/pg_hba.conf
                 exec bash /kb-scripts/setup.sh -M "$MogDB_Role"
@@ -177,6 +177,18 @@ spec:
                   fieldRef:
                     apiVersion: v1
                     fieldPath: status.podIP
+              - name: MOGDB_USER
+                valueFrom:
+                  secretKeyRef:
+                    name: $(CONN_CREDENTIAL_SECRET_NAME)
+                    key: username
+                    optional: false
+              - name: MOGDB_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: $(CONN_CREDENTIAL_SECRET_NAME)
+                    key: password
+                    optional: false
             volumeMounts:
               - name: data
                 mountPath: /var/lib/mogdb

addons/mogdb/templates/swithover.yaml

@@ -18,7 +18,7 @@ spec:
           type: string
         candidate:
           description: |
-            candidate instance name(pod Name). if candidate is not empty, will promote it to primary. 
+            candidate instance name(pod Name). if candidate is not empty, will promote it to primary.
             otherwise promote a randomly selected pod to primary.
           type: string
       type: object
@@ -31,13 +31,44 @@ spec:
             image: docker.io/apecloud/kubeblocks-tools:latest
             imagePullPolicy: IfNotPresent
             command:
-              - sh
-              - /scripts/switchover.sh
-            volumeMounts:
-              - name: scripts
-                mountPath: /scripts
-        volumes:
-          - name: scripts
-            configMap:
-              name: mogdb-scripts
-              defaultMode: 0777
+              - /bin/sh
+              - -c
+              - |
+                set -x
+                # do switchover
+                echo "INFO: doing switchover.."
+                echo "INFO: candidate: ${candidate}"
+                kubectl exec -it ${candidate} -c mogdb -- gosu omm gs_ctl switchover
+
+                # check if switchover successfully.
+                echo "INFO: start to check if switchover successfully, timeout is 60s"
+                executedUnix=$(date +%s)
+                while true; do
+                  sleep 5
+                  if [ ! -z ${candidate} ]; then
+                    # if candidate specified, only check it
+                    role=$(kubectl get pod ${candidate} -ojson | jq -r '.metadata.labels["kubeblocks.io/role"]')
+                    if [ "$role" == "Primary" ] || [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
+                        echo "INFO: switchover successfully, ${candidate} is ${role}"
+                        exit 0
+                    fi
+                  else
+                    # check if the candidate instance has been promote to primary
+                    pods=$(kubectl get pod -l apps.kubeblocks.io/component-name=${KB_COMP_NAME},app.kubernetes.io/instance=${KB_CLUSTER_NAME} | awk 'NR > 1 {print $1}')
+                    for podName in ${pods}; do
+                      if [ "${podName}" != "${primary}" ];then
+                        role=$(kubectl get pod ${podName} -ojson | jq -r '.metadata.labels["kubeblocks.io/role"]')
+                        if [ "$role" == "Primary" ] || [ "$role" == "primary" ] || [ "$role" == "leader" ] || [ "$role" == "master" ]; then
+                            echo "INFO: switchover successfully, ${podName} is ${role}"
+                            exit 0
+                        fi
+                      fi
+                    done
+                  fi
+                  currentUnix=$(date +%s)
+                  diff_time=$((${currentUnix}-${executedUnix}))
+                  if [ ${diff_time} -ge 60 ]; then
+                    echo "ERROR: switchover failed."
+                    exit 1
+                  fi
+                done

addons/mysql/Chart.yaml

@@ -11,7 +11,7 @@ version: 0.9.0
 # From a user's perspective, the version number of the frontend
 # proxy of the MySQL being used is not relevant.
 # appVersion: "8.0.33"
-appVersion: "5.7.42"
+appVersion: "5.7.44"
 
 home: https://kubeblocks.io/
 icon: https://kubeblocks.io/img/logo.png

addons/mysql/config/mysql5.7-config.tpl

@@ -127,6 +127,15 @@ max_binlog_size=134217728
 # binlog_transaction_dependency_tracking=WRITESET    #Default Commit Order, Aws not set
 log_slave_updates=ON
 
+# audit log
+loose_audit_log_handler=FILE # FILE, SYSLOG
+loose_audit_log_file={{ $data_root }}/auditlog/audit.log
+loose_audit_log_buffer_size=1Mb
+loose_audit_log_policy=ALL # ALL, LOGINS, QUERIES, NONE
+loose_audit_log_strategy=ASYNCHRONOUS
+loose_audit_log_rotate_on_size=10485760
+loose_audit_log_rotations=5
+
 # replay log
 # relay_log_info_repository=TABLE
 # From mysql8.0.23 is deprecated.

addons/mysql/config/mysql8.0-config.tpl

@@ -166,6 +166,20 @@ relay_log_recovery=ON
 relay_log=relay-bin
 relay_log_index=relay-bin.index
 
+# audit log
+loose_audit_log_handler=FILE # FILE, SYSLOG
+loose_audit_log_file={{ $data_root }}/auditlog/audit.log
+loose_audit_log_buffer_size=1Mb
+loose_audit_log_policy=ALL # ALL, LOGINS, QUERIES, NONE
+loose_audit_log_strategy=ASYNCHRONOUS
+loose_audit_log_rotate_on_size=10485760
+loose_audit_log_rotations=5
+
+# semi sync, it works
+# loose_rpl-semi-sync-source-enabled = 1
+# loose_rpl_semi_sync_source_timeout = 0
+# loose_rpl-semi-sync-replica-enabled = 1
+
 pid-file=/var/run/mysqld/mysqld.pid
 socket=/var/run/mysqld/mysqld.sock
 

addons/mysql/templates/_helpers.tpl

@@ -153,10 +153,3 @@ service:
     metrics:
       receivers: [ apecloudmysql, prometheus ]
 {{- end }}
-
-{{/*
-mysql container command
-*/}}
-{{- define "mysql.command" -}}
-{{- printf "/scripts/docker-entrypoint.sh mysqld --server-id $(( ${KB_POD_NAME##*-} + 1)) --plugin-load-add=rpl_semi_sync_master=semisync_master.so --plugin-load-add=rpl_semi_sync_slave=semisync_slave.so --log-bin=%s/binlog/$(KB_POD_NAME)-bin" .Values.dataMountPath }}
-{{- end }}

addons/mysql/templates/clusterdefinition.yaml

@@ -64,7 +64,9 @@ spec:
           - command:
               - bash 
               - -c
-              - "mkdir -p /var/lib/mysql/{log,binlog}; chown -R mysql:root /var/lib/mysql;"
+              - |
+                mkdir -p {{ .Values.dataMountPath }}/{log,binlog,auditlog}
+                cp /usr/lib/mysql/plugin/ {{ .Values.dataMountPath }}/plugin -r
             imagePullPolicy: Always
             name: init-data
             volumeMounts: