helm/mysql-innodbcluster/templates/deployment

{{- $disable_lookups:= .Values.disableLookups }} {{- $cluster_name := default "mycluster" .Release.Name }} {{- $use_self_signed := default false ((.Values.tls).useSelfSigned) }} {{- $minimalVersion := "8.0.28" }} {{- $forbiddenVersions := list "8.0.29" }} {{- $imagePullPolicies := list "ifnotpresent" "always" "never" }} {{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }} {{- $install_namespace := .Release.Namespace }} {{- if and ((.Values).routerInstances) (((.Values).router).instances) }} {{- if ne ((.Values).routerInstances) (((.Values).router).instances) }} {{- $err := printf "routerInstances and router.instances both are specified and have different values %d and %d. Use only one" ((.Values).routerInstances) (((.Values).router).instances) }} {{- fail $err }} {{- end }} {{- end }} {{- $routerInstances := coalesce ((.Values).routerInstances) (((.Values).router).instances) }} {{- if lt $serverVersion $minimalVersion }} {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }} {{- fail $err }} {{- end }} {{- if has $serverVersion $forbiddenVersions }} {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }} {{- fail $err }} {{- end }} {{- if (((.Values).image).pullPolicy) }} {{- if not (has (lower (((.Values).image).pullPolicy)) ($imagePullPolicies)) }} {{- $err := printf "Unknown image pull policy %s. Must be one of %v" (((.Values).image).pullPolicy) $imagePullPolicies }} {{- fail $err }} {{- end }} {{- else }} {{ fail "image.pullPolicy is required" }} {{- end }} apiVersion: mysql.oracle.com/v2 kind: InnoDBCluster metadata: name: {{ $cluster_name }} namespace: {{ $install_namespace }} spec: instances: {{ required "serverInstances is required" .Values.serverInstances }} tlsUseSelfSigned: {{ $use_self_signed }} router: instances: {{ required "router.instances is required" $routerInstances }} {{- if (((.Values).router).podSpec) }} podSpec: {{ toYaml (((.Values).router).podSpec) | nindent 6 }} {{- end }} {{- if (((.Values).router).options) }} options: {{ toYaml (((.Values).router).options) | nindent 6 }} {{- end }} {{- if (((.Values).router).bootstrapOptions) }} bootstrapOptions: {{ toYaml (((.Values).router).bootstrapOptions) | nindent 6 }} {{- end }} {{- if (((.Values).router).podLabels) }} podLabels: {{ toYaml (((.Values).router).podLabels) | nindent 6 }} {{- end }} {{- if (((.Values).router).podAnnotations) }} podAnnotations: {{ toYaml (((.Values).router).podAnnotations) | nindent 6 }} {{- end }} {{- if not $use_self_signed }} {{- if and (((.Values).tls).routerCertAndPKsecretName) (((.Values).router).certAndPKsecretName) }} {{- if ne (((.Values).tls).routerCertAndPKsecretName) (((.Values).router).certAndPKsecretName) }} {{- $err := printf "tls.routerCertAndPKsecretName and router.certAndPKsecretName are both specified and have different values %s and %s. Use only one" (((.Values).tls).routerCertAndPKsecretName) (((.Values).router).certAndPKsecretName) }} {{- fail $err }} {{- end }} {{- end }} {{- $default_secret_name := printf "%s-router-tls" $cluster_name }} {{- $secret_name := coalesce ((.Values.tls).routerCertAndPKsecretName) ((.Values.router).certAndPKsecretName) $default_secret_name}} {{- if and (not $disable_lookups) (not (lookup "v1" "Secret" $install_namespace $secret_name)) }} {{- $err := printf "tls.routerCertAndPKsecretName: secret '%s' not found in namespace '%s'" $secret_name $install_namespace }} {{- fail $err }} {{- end }} tlsSecretName: {{ $secret_name }} {{- end }} secretName: {{ .Release.Name }}-cluster-secret imagePullPolicy : {{ .Values.image.pullPolicy }} baseServerId: {{ required "baseServerId is required" .Values.baseServerId }} version: {{ .Values.serverVersion | default .Chart.AppVersion }} {{- if ((.Values).edition) }} edition: {{ .Values.edition | quote }} {{- end }} serviceAccountName: {{ .Release.Name }}-sa #imageRepository {{- if and (not (((.Values).image).registry)) (not (((.Values).image).repository)) }} ## Neither registry nor repository provided - OK {{- else if (((.Values).image).registry) }} ## registry provided {{- if (((.Values).image).repository) }} ## repository provided {{- end }} imageRepository: {{ trimSuffix "/" .Values.image.registry }}{{- if (((.Values).image).repository) }}/{{ trimSuffix "/" .Values.image.repository | trimPrefix "/" }}{{ end }} {{- else if (((.Values).image).repository) }} {{- fail "image.repository provided but image.registry is not or is empty" }} {{- end }} # imagePullSecrets {{- if ((((.Values).image).pullSecrets).enabled) }} imagePullSecrets: {{- $secret_name := .Values.image.pullSecrets.secretName }} {{- if not $secret_name }} {{- fail "image.pullSecrets.secretName is required when pull secrets are enabled" }} {{- end }} {{- if and (not $disable_lookups) (not (lookup "v1" "Secret" $install_namespace $secret_name)) }} {{- $err := printf "image.pullSecrets.secretName: secret '%s' not found in namespace '%s'" $secret_name $install_namespace }} {{- fail $err }} {{- end }} - name: {{ $secret_name }} {{- end }} # TLS {{- if not $use_self_signed }} {{- $default_secret_name := printf "%s-ca" $cluster_name }} {{- $secret_name := default $default_secret_name ((.Values.tls).caSecretName) }} {{- if and (not $disable_lookups) (not (lookup "v1" "Secret" $install_namespace $secret_name)) }} {{- $err := printf "tls.caSecretName: secret '%s' not found in namespace '%s'" $secret_name $install_namespace }} {{- fail $err }} {{- end }} tlsCASecretName: {{ $secret_name }} {{- $default_secret_name := printf "%s-tls" $cluster_name }} {{- $secret_name := default $default_secret_name ((.Values.tls).serverCertAndPKsecretName) }} {{- if and (not $disable_lookups) (not (lookup "v1" "Secret" $install_namespace $secret_name)) }} {{- $err := printf "tls.serverCertAndPKsecretName: secret '%s' not found in namespace '%s'" $secret_name $install_namespace }} {{- fail $err }} {{- end }} tlsSecretName: {{ $secret_name }} {{- end }} # mycnf {{- if ((.Values).serverConfig) }} {{- if (((.Values).serverConfig).mycnf) }} mycnf: | {{- if not (hasPrefix "[mysqld]" (((.Values).serverConfig).mycnf) ) }} [mysqld] {{- end }} {{ (((.Values).serverConfig).mycnf) | indent 4 }} {{- end }} {{- end }} # datadirVolumeClaimTemplate {{- if (.Values).datadirVolumeClaimTemplate }} {{- with .Values.datadirVolumeClaimTemplate }} datadirVolumeClaimTemplate: {{- if .storageClassName }} storageClassName: {{ .storageClassName | quote }} {{- end}} {{- if .accessModes }} accessModes: [ "{{ .accessModes }}" ] {{- end }} {{- if .resources.requests.storage }} resources: requests: storage: "{{ .resources.requests.storage }}" {{- end }} {{- end }} {{- end }} # datadirPermissions {{- if (.Values).datadirPermissions }} {{- with .Values.datadirPermissions }} datadirPermissions: {{- if hasKey . "setRightsUsingInitContainer" }} setRightsUsingInitContainer: {{ .setRightsUsingInitContainer }} {{- end}} {{- if .fsGroupChangePolicy }} fsGroupChangePolicy: "{{ .fsGroupChangePolicy }}" {{- end }} {{- end }} {{- end }} # Keyring {{- if (or (((.Values).keyring).file) (((.Values).keyring).encryptedFile) (((.Values).keyring).oci) ) }} keyring: {{- $keyringAlreadySpecified := "" }} {{- if (((.Values).keyring).file) }} {{- if $keyringAlreadySpecified }} {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified }} {{- fail $err }} {{- end }} {{- $keyringAlreadySpecified = "file" }} {{- with .Values.keyring.file }} file: fileName: {{ required "keyring.file.fileName is required" .fileName | quote }} {{- if .readOnly }} readOnly: {{ .readOnly }} {{- end }} storage: {{ toYaml .storage | nindent 8 }} {{- end }} {{- end }} {{- if (((.Values).keyring).encryptedFile) }} {{- if $keyringAlreadySpecified }} {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified | quote }} {{- fail $err }} {{- end }} {{- $keyringAlreadySpecified = "encryptedFile" }} {{- with .Values.keyring.encryptedFile }} encryptedFile: fileName: {{ required "keyring.encryptedFile.fileName is required" .fileName | quote }} {{- if .readOnly }} readOnly: {{ .readOnly }} {{- end }} password: {{ required "keyring.encryptedFile.password is required" .password | quote }} storage: {{ toYaml .storage | nindent 8 }} {{- end }} {{- end }} {{- if (((.Values).keyring).oci) }} {{- if $keyringAlreadySpecified }} {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified }} {{- fail $err }} {{- end }} {{- $keyringAlreadySpecified = "oci" }} {{- with .Values.keyring.oci }} oci: user: {{ required "keyring.oci.user is required" .user | quote}} keySecret: {{ required "keyring.oci.keySecret is required" .keySecret | quote}} keyFingerprint: {{ required "keyring.oci.keyFingerprint is required" .keyFingerprint | quote }} tenancy: {{ required "keyring.oci.tenancy is required" .tenancy | quote}} {{- if .compartment}} compartment: {{ .compartment | quote }} {{- end }} {{- if .virtualVault}} virtualVault: {{ .virtualVault | quote}} {{- end }} {{- if .masterKey}} masterKey: {{ .masterKey | quote}} {{- end }} {{- if .caCertificate}} caCertificate: {{ .caCertificate | quote}} {{- end }} {{- if .endpoints}} endpoints: {{- if ((.endpoints).encryption) }} encryption: {{ ((.endpoints).encryption) | quote}} {{- end }} {{- if ((.endpoints).management) }} management: {{ ((.endpoints).management) | quote}} {{- end }} {{- if ((.endpoints).vaults) }} vaults: {{ ((.endpoints).vaults) | quote}} {{- end }} {{- if ((.endpoints).secrets) }} secrets: {{ ((.endpoints).secrets) | quote}} {{- end }} {{- end }} {{- end }} {{- end }} {{- end }} # InitDB {{- if (.Values).initDB }} ## InitDB {{- if and (and (and .Values.initDB.dump .Values.initDB.dump.name) (and .Values.initDB.clone .Values.initDB.clone.donorUrl)) }} {{- fail "Dump and Clone are mutually exclusive for initDB" }} {{- end }} ## Clone {{- if (((.Values).initDB).clone) }} {{- with .Values.initDB.clone }} initDB: clone: donorUrl: {{ required "initDB.clone.donorUrl is required" .donorUrl }} rootUser: {{ .rootUser | default "root" }} secretKeyRef: name: {{ required "initDB.clone.credentials is required" .credentials }} {{- end }} {{- end }} ## Dump {{- if (((.Values).initDB).dump) }} {{- with .Values.initDB.dump }} {{- if and .name (or .ociObjectStorage .s3 .azure .persistentVolumeClaim .options) }} initDB: dump: {{- if .name }} name: {{ .name | quote }} {{- end }} {{- if .path }} path: {{ .path | quote }} {{- end }} {{- if .options }} options: {{ toYaml .options | nindent 8 }} {{- end }} storage: {{- if .ociObjectStorage }} ociObjectStorage: prefix: {{ required "initDB.dump.ociObjectStorage.prefix is required" .ociObjectStorage.prefix }} bucketName: {{ required "initDB.dump.ociObjectStorage.bucketName is required" .ociObjectStorage.bucketName }} credentials: {{ required "initDB.dump.ociObjectStorage.credentials is required" .ociObjectStorage.credentials }} {{- end }} {{- if .s3 }} s3: prefix: {{ required "initDB.dump.s3.prefix is required" .s3.prefix }} bucketName: {{ required "initDB.dump.s3.bucketName is required" .s3.bucketName }} config: {{ required "initDB.dump.s3.config is required" .s3.config }} {{- if .s3.profile }} profile: {{ .s3.profile }} {{- end }} {{- if .s3.endpoint }} endpoint: {{ .s3.endpoint }} {{- end }} {{- end }} {{- if .azure }} azure: prefix: {{ required "initDB.dump.azure.prefix is required" .azure.prefix }} containerName: {{ required "initDB.dump.azure.containerName is required" .azure.containerName }} config: {{ required "initDB.dump.azure.config is required" .azure.config }} {{- end }} {{- if .persistentVolumeClaim }} persistentVolumeClaim: {{ toYaml .persistentVolumeClaim | nindent 10}} {{- end }} {{- end }} {{- end }} {{- end }} {{- end }} # Backup Profiles {{- if (.Values).backupProfiles }} backupProfiles: {{- $isDumpInstance := false }} {{- $isSnapshot := false }} {{- range $_, $profile := .Values.backupProfiles }} {{- if $profile.name }} - name: {{ $profile.name | quote -}} {{- if hasKey $profile "podAnnotations" }} podAnnotations: {{ toYaml $profile.podAnnotations | nindent 6 }} {{- end }} {{- if hasKey $profile "podLabels" }} podLabels: {{ toYaml $profile.podLabels | nindent 6 }} {{- end }} {{- $isDumpInstance = hasKey $profile "dumpInstance" }} {{- $isSnapshot = hasKey $profile "snapshot" }} {{- if or $isDumpInstance $isSnapshot }} {{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }} {{- if $isDumpInstance }} dumpInstance: {{- else if $isSnapshot }} snapshot: {{- else }} {{- fail "Impossible backup type" }} {{- end }} {{- if not (hasKey $backupProfile "storage") }} {{- fail "backup profile $profile.name has no storage section" }} {{- else if hasKey $backupProfile.storage "ociObjectStorage" }} storage: ociObjectStorage: {{- if $backupProfile.storage.ociObjectStorage.prefix }} prefix: {{ $backupProfile.storage.ociObjectStorage.prefix }} {{- end }} bucketName: {{ required "bucketName is required" $backupProfile.storage.ociObjectStorage.bucketName }} credentials: {{ required "credentials is required" $backupProfile.storage.ociObjectStorage.credentials }} {{- else if hasKey $backupProfile.storage "s3" }} storage: s3: {{- if $backupProfile.storage.s3.prefix }} prefix: {{ $backupProfile.storage.s3.prefix }} {{- end }} bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }} config: {{ required "config is required" $backupProfile.storage.s3.config }} {{- if $backupProfile.storage.s3.profile }} profile: {{ $backupProfile.storage.s3.profile }} {{- end }} {{- if $backupProfile.storage.s3.endpoint }} endpoint: {{ $backupProfile.storage.s3.endpoint }} {{- end }} {{- else if hasKey $backupProfile.storage "azure" }} storage: azure: {{- if $backupProfile.storage.azure.prefix }} prefix: {{ $backupProfile.storage.azure.prefix }} {{- end }} containerName: {{ required "containerName is required" $backupProfile.storage.azure.containerName }} config: {{ required "config is required" $backupProfile.storage.azure.config }} {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }} storage: persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}} {{- else -}} {{- fail "dumpInstance backup profile $profile.name has empty storage section - neither ociObjectStorage nor persistentVolumeClaim defined" }} {{- end -}} {{- else }} {{- fail "One of dumpInstance or snapshot must be methods of a backupProfile" }} {{- end }} {{- end }} {{- end }} {{- end }} # Backup Schedules {{- if (.Values).backupSchedules }} backupSchedules: {{- $isDumpInstance := false }} {{- $isSnapshot := false }} {{- range $_, $schedule := .Values.backupSchedules }} - name: {{ $schedule.name | quote }} schedule: {{ quote $schedule.schedule }} {{- if ($schedule).timeZone }} timeZone: {{ quote $schedule.timeZone }} {{- end }} deleteBackupData: {{ $schedule.deleteBackupData }} enabled: {{ $schedule.enabled }} {{- if hasKey $schedule "backupProfileName" }} backupProfileName: {{ $schedule.backupProfileName }} {{- else if hasKey $schedule "backupProfile" }} {{- $isDumpInstance = hasKey $schedule.backupProfile "dumpInstance" }} {{- $isSnapshot = hasKey $schedule.backupProfile "snapshot" }} {{- if or $isDumpInstance $isSnapshot }} {{- $backupProfile := ternary $schedule.backupProfile.dumpInstance $schedule.backupProfile.snapshot $isDumpInstance }} backupProfile: {{- if hasKey $schedule.backupProfile "podAnnotations" }} podAnnotations: {{ toYaml $schedule.backupProfile.podAnnotations | nindent 8 }} {{- end }} {{- if hasKey $schedule.backupProfile "podLabels" }} podLabels: {{ toYaml $schedule.backupProfile.podLabels | nindent 8 }} {{- end }} {{- if $isDumpInstance }} dumpInstance: {{- else if $isSnapshot }} snapshot: {{- end }} {{- if not (hasKey $backupProfile "storage") }} {{- fail "schedule backup profile $schedule.name has no storage section" }} {{- else if hasKey $backupProfile.storage "ociObjectStorage" }} storage: ociObjectStorage: {{- if $backupProfile.storage.ociObjectStorage.prefix }} prefix: {{ $backupProfile.storage.ociObjectStorage.prefix }} {{- end }} bucketName: {{ required "bucketName is required" $backupProfile.storage.ociObjectStorage.bucketName }} credentials: {{ required "credentials is required" $backupProfile.storage.ociObjectStorage.credentials }} {{- else if hasKey $backupProfile.storage "s3" }} storage: s3: {{- if $backupProfile.storage.s3.prefix }} prefix: {{ $backupProfile.storage.s3.prefix }} {{- end }} bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }} config: {{ required "config is required" $backupProfile.storage.s3.config }} {{- if $backupProfile.storage.s3.profile }} profile: {{ $backupProfile.storage.s3.profile }} {{- end }} {{- if $backupProfile.storage.s3.endpoint }} endpoint: {{ $backupProfile.storage.s3.endpoint }} {{- end }} {{- else if hasKey $backupProfile.storage "azure" }} storage: azure: {{- if $backupProfile.storage.azure.prefix }} prefix: {{ $backupProfile.storage.azure.prefix }} {{- end }} containerName: {{ required "containerName is required" $backupProfile.storage.azure.containerName }} config: {{ required "config is required" $backupProfile.storage.azure.config }} {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }} storage: persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}} {{- else -}} {{- fail "dumpInstance backup profile $profile.name has empty storage section - neither ociObjectStorage nor persistentVolumeClaim defined" }} {{- end -}} {{- else }} {{- fail "Impossible backup type for a schedule" }} {{- end }} {{- else }} {{- fail "Neither backupProfileName nor backupProfile provided for a schedule" }} {{- end }} {{- end }} {{- end }} # Pod Spec {{- if ((.Values).podSpec) }} podSpec: {{ toYaml ((.Values).podSpec) | nindent 4 }} {{- end }} # Pod Labels {{- if ((.Values).podLabels) }} podLabels: {{ toYaml ((.Values).podLabels) | nindent 4 }} {{- end }} # Pod Annotations {{- if ((.Values).podAnnotations) }} podAnnotations: {{ toYaml ((.Values).podAnnotations) | nindent 4 }} {{- end }} # Logs {{- if ((.Values).logs) }} logs: {{ toYaml ((.Values).logs) | nindent 4 }} {{- end }} # Instance Service {{- if ((.Values).instanceService) }} instanceService: {{ toYaml ((.Values).instanceService) | nindent 4 }} {{- end }} # Service {{- if ((.Values).service) }} service: {{ toYaml ((.Values).service) | nindent 4 }} {{- end }} # Metrics {{- if ((.Values).metrics) }} metrics: {{ toYaml ((.Values).metrics) | nindent 4 }} {{- end }} # Read Replicas {{- if ((.Values).readReplicas) }} readReplicas: {{- range $_, $replica := ((.Values).readReplicas) }} - name: {{ $replica.name | quote }} {{- if hasKey $replica "version" }} version: {{ $replica.version | quote }} {{- end }} baseServerId: {{ $replica.baseServerId }} {{- if hasKey $replica "datadirVolumeClaimTemplate" }} {{- with $replica.datadirVolumeClaimTemplate }} datadirVolumeClaimTemplate: {{- if .storageClassName }} storageClassName: {{ .storageClassName | quote }} {{- end}} {{- if .accessModes }} accessModes: [ "{{ .accessModes }}" ] {{- end }} {{- if .resources.requests.storage }} resources: requests: storage: "{{ .resources.requests.storage }}" {{- end }} {{- end }} {{- end }} {{- if hasKey $replica "mycnf" }} mycnf: | {{- if not (hasPrefix "[mysqld]" (($replica).mycnf) ) }}{{- "[mysqld]" | nindent 6 }}{{- end }}{{ (($replica).mycnf) | nindent 6 }}{{- end }} {{- if hasKey $replica "instances" }} instances: {{ $replica.instances }} {{- end }} {{- if hasKey $replica "podSpec" }} podSpec: {{ toYaml $replica.podSpec | nindent 6 }} {{- end }} {{- if (($replica).podAnnotations) }} podAnnotations: {{ toYaml $replica.podAnnotations | nindent 6 }} {{- end }} {{- if (($replica).podLabels) }} podLabels: {{ toYaml $replica.podLabels | nindent 6 }} {{- end }} {{- end }} {{- end }} {{- if ((.Values).serviceFqdnTemplate) }} serviceFqdnTemplate: {{ (.Values).serviceFqdnTemplate | quote }} {{- end }}

helm/mysql-innodbcluster/templates/deployment_cluster.yaml (496 lines of code) (raw):