From 5af370be4b49f6d5f348fa5dbe5fb0a0e1ba08bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= Date: Thu, 16 Jan 2025 09:24:14 +0100 Subject: [PATCH 1/5] Add mariadb operator helm chart and values --- .../configuration/mariadb-operator/upgrade.sh | 14 + .../mariadb-operator/values.yaml | 304 ++++++++++++++++++ 2 files changed, 318 insertions(+) create mode 100644 infrastructure/environments/dplplat01/configuration/mariadb-operator/upgrade.sh create mode 100644 infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/upgrade.sh b/infrastructure/environments/dplplat01/configuration/mariadb-operator/upgrade.sh new file mode 100644 index 00000000..9efa8a4c --- /dev/null +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/upgrade.sh @@ -0,0 +1,14 @@ +#!/bin/env bash + +helm repo add mariadb-operator https://helm.mariadb.com/mariadb-operator + +helm upgrade mariadb-operator-crds mariadb-operator/mariadb-operator-crds \ + --install \ + --version 0.36.0 + +helm upgrade mariadb-operator mariadb-operator/mariadb-operator \ + --namespace mariadb-operator \ + --create-namespace \ + --install \ + --version 0.36.0 \ + -f values.yaml diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml new file mode 100644 index 00000000..f679d550 --- /dev/null +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml @@ -0,0 +1,304 @@ +nameOverride: "" +fullnameOverride: "" + +# --- CRDs +crds: + # -- Whether the helm chart should create and update the CRDs. It is false by default, which implies that the CRDs must be + # managed independently with the mariadb-operator-crds helm chart. + # **WARNING** This should only be set to true during the initial deployment. If this chart manages the CRDs + # and is later uninstalled, all MariaDB instances will be DELETED. + enabled: false + +image: + repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + # Setting a digest will override any tag + # digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060 +imagePullSecrets: [] + +# -- Controller log level +logLevel: INFO + +# -- Cluster DNS name +clusterName: cluster.local + +# -- Whether the operator should watch CRDs only in its own namespace or not. +currentNamespaceOnly: false + +ha: + # -- Enable high availability of the controller. + # If you enable it we recommend to set `affinity` and `pdb` + enabled: false + # -- Number of replicas + replicas: 3 + +metrics: + # -- Enable operator internal metrics. Prometheus must be installed in the cluster + enabled: true + serviceMonitor: + # -- Enable controller ServiceMonitor + enabled: true + # -- Labels to be added to the controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + +serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + +rbac: + # -- Specifies whether RBAC resources should be created + enabled: true + + aggregation: + + # -- Specifies whether the cluster roles aggrate to view and edit predefinied roles + enabled: true + +# -- Extra arguments to be passed to the controller entrypoint +extrArgs: [] + +# -- Extra environment variables to be passed to the controller +extraEnv: [] + +# -- Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom +extraEnvFrom: [] + +# -- Extra volumes to pass to pod. +extraVolumes: [] + +# -- Extra volumes to mount to the container. +extraVolumeMounts: [] + +# -- Annotations to add to controller Pod +podAnnotations: {} + +# -- Security context to add to controller Pod +podSecurityContext: {} + +# -- Security context to add to controller container +securityContext: {} + +# -- Resources to add to controller container +resources: {} +# requests: +# cpu: 10m +# memory: 32Mi + +# -- Node selectors to add to controller Pod +nodeSelector: {} + +# -- Tolerations to add to controller Pod +tolerations: [] + +# -- Affinity to add to controller Pod +affinity: {} + # Sample on how to create an antiAffinity rule that place + # the pods on different nodes, to be used together with `ha.enabled: true` + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - mariadb-operator + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - mariadb-operator + # topologyKey: kubernetes.io/hostname + +pdb: + # -- Enable PodDisruptionBudget for the controller. + enabled: false + # -- Maximum number of unavailable Pods. You may also give a percentage, like `50%` + maxUnavailable: 1 + +webhook: + # -- Specifies whether the webhook should be created. + enabled: true + image: + repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + # Setting a digest will override any tag + # digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060 + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + cert: + certManager: + # -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. + enabled: true + # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. + issuerRef: {} + # -- Duration to be used in the Certificate resource, + duration: "" + # -- Renew before duration to be used in the Certificate resource. + renewBefore: "" + # -- The maximum number of CertificateRequest revisions that are maintained in the Certificate’s history. + revisionHistoryLimit: 3 + # -- Annotatioms to be added to webhook TLS secret. + secretAnnotations: {} + # -- Labels to be added to webhook TLS secret. + secretLabels: {} + ca: + # -- Path that contains the full CA trust chain. + path: "" + # -- File under 'ca.path' that contains the full CA trust chain. + key: "" + # -- Path where the certificate will be mounted. 'tls.crt' and 'tls.key' certificates files should be under this path. + path: /tmp/k8s-webhook-server/serving-certs + # -- Port to be used by the webhook server + port: 9443 + # -- Expose the webhook server in the host network + hostNetwork: false + serviceMonitor: + # -- Enable webhook ServiceMonitor. Metrics must be enabled + enabled: true + # -- Labels to be added to the webhook ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Annotations for webhook configurations. + annotations: {} + # -- Extra arguments to be passed to the webhook entrypoint + extrArgs: [] + # -- Extra volumes to pass to webhook Pod + extraVolumes: [] + # -- Extra volumes to mount to webhook container + extraVolumeMounts: [] + # -- Annotations to add to webhook Pod + podAnnotations: {} + # -- Security context to add to webhook Pod + podSecurityContext: {} + # -- Security context to add to webhook container + securityContext: {} + # -- Resources to add to webhook container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod + tolerations: [] + # -- Affinity to add to controller Pod + affinity: {} + +certController: + # -- Specifies whether the cert-controller should be created. + enabled: false + image: + repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + # Setting a digest will override any tag + # digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060 + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + # -- CA certificate validity. It must be greater than certValidity. + caValidity: 35064h + # -- Certificate validity. + certValidity: 8766h + # -- Duration used to verify whether a certificate is valid or not. + lookaheadValidity: 2160h + # -- Requeue duration to ensure that certificate gets renewed. + requeueDuration: 5m + serviceMonitor: + # -- Enable cert-controller ServiceMonitor. Metrics must be enabled + enabled: true + # -- Labels to be added to the cert-controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Extra arguments to be passed to the cert-controller entrypoint + extrArgs: [] + # -- Extra volumes to pass to cert-controller Pod + extraVolumes: [] + # -- Extra volumes to mount to cert-controller container + extraVolumeMounts: [] + # -- Annotations to add to cert-controller Pod + podAnnotations: {} + # -- Security context to add to cert-controller Pod + podSecurityContext: {} + # -- Security context to add to cert-controller container + securityContext: {} + # -- Resources to add to cert-controller container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod + tolerations: + - key: noderole.dplplatform + operator: Equal + value: prod + effect: NoSchedule + # -- Affinity to add to controller Pod + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: noderole.dplplatform + operator: In + values: + - prod From 380f0ab598e4251bc3766cd8915da5fa7a06cb1a Mon Sep 17 00:00:00 2001 From: ITViking Date: Thu, 16 Jan 2025 12:37:19 +0100 Subject: [PATCH 2/5] we want to run this on the system nodes --- .../dplplat01/configuration/mariadb-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml index f679d550..8a46ad31 100644 --- a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml @@ -301,4 +301,4 @@ certController: - key: noderole.dplplatform operator: In values: - - prod + - system From 7efc64491dbe15498b41d753dbcb5d8995f73081 Mon Sep 17 00:00:00 2001 From: ITViking Date: Thu, 16 Jan 2025 12:41:37 +0100 Subject: [PATCH 3/5] move affinity and tolerations to root of values --- .../mariadb-operator/values.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml index 8a46ad31..af113e7a 100644 --- a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml @@ -104,10 +104,22 @@ resources: {} nodeSelector: {} # -- Tolerations to add to controller Pod -tolerations: [] +tolerations: + - key: noderole.dplplatform + operator: Equal + value: prod + effect: NoSchedule # -- Affinity to add to controller Pod -affinity: {} +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: noderole.dplplatform + operator: In + values: + - system # Sample on how to create an antiAffinity rule that place # the pods on different nodes, to be used together with `ha.enabled: true` # podAntiAffinity: @@ -287,18 +299,6 @@ certController: # -- Node selectors to add to controller Pod nodeSelector: {} # -- Tolerations to add to controller Pod - tolerations: - - key: noderole.dplplatform - operator: Equal - value: prod - effect: NoSchedule + tolerations: [] # -- Affinity to add to controller Pod - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: noderole.dplplatform - operator: In - values: - - system + affinity: {} From 39c11b7693bb649bd16d27cc2083c840dda4b85a Mon Sep 17 00:00:00 2001 From: ITViking Date: Thu, 16 Jan 2025 14:54:24 +0100 Subject: [PATCH 4/5] We're going to start with a single one for now --- .../dplplat01/configuration/mariadb-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml index af113e7a..bba263bd 100644 --- a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml @@ -32,7 +32,7 @@ ha: # If you enable it we recommend to set `affinity` and `pdb` enabled: false # -- Number of replicas - replicas: 3 + replicas: 1 metrics: # -- Enable operator internal metrics. Prometheus must be installed in the cluster From cf0cc2deaa3c2afc9f0037d53d3795ffbfbc5c15 Mon Sep 17 00:00:00 2001 From: ITViking Date: Thu, 16 Jan 2025 14:56:33 +0100 Subject: [PATCH 5/5] undo that last one - it's the DBS' we only want a single of for starters --- .../dplplat01/configuration/mariadb-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml index bba263bd..af113e7a 100644 --- a/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml +++ b/infrastructure/environments/dplplat01/configuration/mariadb-operator/values.yaml @@ -32,7 +32,7 @@ ha: # If you enable it we recommend to set `affinity` and `pdb` enabled: false # -- Number of replicas - replicas: 1 + replicas: 3 metrics: # -- Enable operator internal metrics. Prometheus must be installed in the cluster