rancher-partner-charts/charts/percona/pxc-db/values.yaml

# Default values for pxc-cluster.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

finalizers:
  - delete-pxc-pods-in-order
## Set this if you want to delete proxysql persistent volumes on cluster deletion
#  - delete-proxysql-pvc
## Set this if you want to delete database persistent volumes on cluster deletion
#  - delete-pxc-pvc
## Set this if you want to delete cert manager certificates on cluster deletion
#  - delete-ssl

nameOverride: ""
fullnameOverride: ""

operatorImageRepository: percona/percona-xtradb-cluster-operator

crVersion: 1.13.0
ignoreAnnotations: []
  # - iam.amazonaws.com/role
ignoreLabels: []
  # - rack
pause: false
initImage: ""
allowUnsafeConfigurations: false
updateStrategy: SmartUpdate
upgradeOptions:
  versionServiceEndpoint: https://check.percona.com
  apply: disabled
  schedule: "0 4 * * *"
enableCRValidationWebhook: false
tls: {}
  # SANs:
  #   - pxc-1.example.com
  #   - pxc-2.example.com
  #   - pxc-3.example.com
  # issuerConf:
  #   name: special-selfsigned-issuer
  #   kind: ClusterIssuer
  #   group: cert-manager.io

pxc:
  size: 3
  image:
    repository: percona/percona-xtradb-cluster
    tag: 8.0.32-24.2
  # imagePullPolicy: Always
  autoRecovery: true
  # expose:
  #   enabled: true
  #   type: LoadBalancer
  #   trafficPolicy: Local
  #   loadBalancerSourceRanges:
  #   - 10.0.0.0/8
  #   annotations:
  #     networking.gke.io/load-balancer-type: "Internal"
  # replicationChannels:
  # - name: pxc1_to_pxc2
  #   isSource: true
  # - name: pxc2_to_pxc1
  #   isSource: false
  #   configuration:
  #     sourceRetryCount: 3
  #     sourceConnectRetry: 60
  #     ssl: false
  #     sslSkipVerify: true
  #     ca: '/etc/mysql/ssl/ca.crt'
  #   sourcesList:
  #   - host: 10.95.251.101
  #     port: 3306
  #     weight: 100
  # schedulerName: mycustom-scheduler
  imagePullSecrets: []
  # - name: private-registry-credentials
  annotations: {}
  #  iam.amazonaws.com/role: role-arn
  labels: {}
  #  rack: rack-22
  # priorityClassName: high-priority
  readinessDelaySec: 15
  livenessDelaySec: 300
  ## Uncomment to pass in a mysql config file
  # configuration: |
  #   [mysqld]
  #   wsrep_debug=ON
  #   wsrep_provider_options="gcache.size=1G; gcache.recover=yes"
  # envVarsSecret: my-env-var-secrets
  resources:
    requests:
      memory: 1G
      cpu: 600m
    limits: {}
      # memory: 1G
      # cpu: 600m
  # runtimeClassName: image-rc
  sidecars: []
  sidecarVolumes: []
  sidecarPVCs: []
  sidecarResources:
    requests: {}
    limits: {}
  nodeSelector: {}
  #  disktype: ssd
  affinity:
    antiAffinityTopologyKey: "kubernetes.io/hostname"
    # advanced:
    #   nodeAffinity:
    #     requiredDuringSchedulingIgnoredDuringExecution:
    #       nodeSelectorTerms:
    #       - matchExpressions:
    #         - key: kubernetes.io/e2e-az-name
    #           operator: In
    #           values:
    #           - e2e-az1
    #           - e2e-az2
  tolerations: []
    # - key: "node.alpha.kubernetes.io/unreachable"
    #   operator: "Exists"
    #   effect: "NoExecute"
    #   tolerationSeconds: 6000
  gracePeriod: 600
  podDisruptionBudget:
    # only one of maxUnavailable or minAvaliable can be set
    maxUnavailable: 1
    # minAvailable: 0
  persistence:
    enabled: true
    ## percona data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"
    accessMode: ReadWriteOnce
    size: 8Gi

  # If you set this to true the cluster will be created without TLS
  disableTLS: false

  # disable Helm creating TLS certificates if you want to let the operator
  # request certificates from cert-manager
  certManager: false

  # If this is set will not create secrets from values and will instead try to use
  # a pre-existing secret of the same name.
  # clusterSecretName: cluster1-secrets
  readinessProbes:
    initialDelaySeconds: 15
    timeoutSeconds: 15
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 5
  livenessProbes:
    initialDelaySeconds: 300
    timeoutSeconds: 5
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  # A custom Kubernetes Security Context for a Container to be used instead of the default one
  # containerSecurityContext:
  #   privileged: false
  # A custom Kubernetes Security Context for a Pod to be used instead of the default one
  # podSecurityContext:
  #   fsGroup: 1001
  #   supplementalGroups:
  #   - 1001
  # serviceAccountName: percona-xtradb-cluster-operator-workload

haproxy:
  enabled: true
  size: 3
  image: ""
  # imagePullPolicy: Always
  imagePullSecrets: []
  # - name: private-registry-credentials
#  configuration: |
#
#  the actual default configuration file can be found here https://github.com/percona/percona-docker/blob/main/haproxy/dockerdir/etc/haproxy/haproxy-global.cfg
#
#    global
#      maxconn 2048
#      external-check
#      insecure-fork-wanted
#      stats socket /etc/haproxy/pxc/haproxy.sock mode 600 expose-fd listeners level admin
#
#    defaults
#      default-server init-addr last,libc,none
#      log global
#      mode tcp
#      retries 10
#      timeout client 28800s
#      timeout connect 100500
#      timeout server 28800s
#
#    frontend galera-in
#      bind *:3309 accept-proxy
#      bind *:3306
#      mode tcp
#      option clitcpka
#      default_backend galera-nodes
#
#    frontend galera-admin-in
#      bind *:33062
#      mode tcp
#      option clitcpka
#      default_backend galera-admin-nodes
#
#    frontend galera-replica-in
#      bind *:3307
#      mode tcp
#      option clitcpka
#      default_backend galera-replica-nodes
#
#    frontend galera-mysqlx-in
#      bind *:33060
#      mode tcp
#      option clitcpka
#      default_backend galera-mysqlx-nodes
#
#    frontend stats
#      bind *:8404
#      mode http
#      option http-use-htx
#      http-request use-service prometheus-exporter if { path /metrics }
  annotations: {}
  #  iam.amazonaws.com/role: role-arn
  labels: {}
  #  rack: rack-22
  # serviceType: ClusterIP
  # externalTrafficPolicy: Cluster
  # runtimeClassName: image-rc
  # loadBalancerSourceRanges:
  #   - 10.0.0.0/8
  # loadBalancerIP: 127.0.0.1
  # serviceAnnotations:
  #   service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
  # serviceLabels:
  #   rack: rack-23
  replicasServiceEnabled: true
  # replicasLoadBalancerSourceRanges:
  #   - 10.0.0.0/8
  # replicasLoadBalancerIP: 127.0.0.1
  # replicasServiceType: ClusterIP
  # replicasExternalTrafficPolicy: Cluster
  # replicasServiceAnnotations:
  #   service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
  # replicasServiceLabels:
  #   rack: rack-23
  # priorityClassName: high-priority
  # schedulerName: mycustom-scheduler
  readinessDelaySec: 15
  livenessDelaySec: 300
  # envVarsSecret: my-env-var-secrets
  resources:
    requests:
      memory: 1G
      cpu: 600m
    limits: {}
      # memory: 1G
      # cpu: 600m
  sidecars: []
  sidecarVolumes: []
  sidecarPVCs: []
  sidecarResources:
    requests: {}
    limits: {}
  nodeSelector: {}
  #  disktype: ssd
  # serviceAccountName: percona-xtradb-cluster-operator-workload
  affinity:
    antiAffinityTopologyKey: "kubernetes.io/hostname"
    # advanced:
    #   nodeAffinity:
    #     requiredDuringSchedulingIgnoredDuringExecution:
    #       nodeSelectorTerms:
    #       - matchExpressions:
    #         - key: kubernetes.io/e2e-az-name
    #           operator: In
    #           values:
    #           - e2e-az1
    #           - e2e-az2
  tolerations: []
    # - key: "node.alpha.kubernetes.io/unreachable"
    #   operator: "Exists"
    #   effect: "NoExecute"
    #   tolerationSeconds: 6000
  gracePeriod: 30
  # only one of `maxUnavailable` or `minAvailable` can be set.
  podDisruptionBudget:
    maxUnavailable: 1
    # minAvailable: 0
  readinessProbes:
    initialDelaySeconds: 15
    timeoutSeconds: 1
    periodSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  livenessProbes:
    initialDelaySeconds: 60
    timeoutSeconds: 5
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 4
  # A custom Kubernetes Security Context for a Container to be used instead of the default one
  # containerSecurityContext:
  #   privileged: false
  # A custom Kubernetes Security Context for a Pod to be used instead of the default one
  # podSecurityContext:
  #   fsGroup: 1001
  #   supplementalGroups:
  #   - 1001

proxysql:
  enabled: false
  size: 3
  image: ""
  # imagePullPolicy: Always
  imagePullSecrets: []
#  configuration: |
#    datadir="/var/lib/proxysql"
#
#    admin_variables =
#    {
#      admin_credentials="proxyadmin:admin_password"
#      mysql_ifaces="0.0.0.0:6032"
#      refresh_interval=2000
#
#      cluster_username="proxyadmin"
#      cluster_password="admin_password"
#      checksum_admin_variables=false
#      checksum_ldap_variables=false
#      checksum_mysql_variables=false
#      cluster_check_interval_ms=200
#      cluster_check_status_frequency=100
#      cluster_mysql_query_rules_save_to_disk=true
#      cluster_mysql_servers_save_to_disk=true
#      cluster_mysql_users_save_to_disk=true
#      cluster_proxysql_servers_save_to_disk=true
#      cluster_mysql_query_rules_diffs_before_sync=1
#      cluster_mysql_servers_diffs_before_sync=1
#      cluster_mysql_users_diffs_before_sync=1
#      cluster_proxysql_servers_diffs_before_sync=1
#    }
#
#    mysql_variables=
#    {
#      monitor_password="monitor"
#      monitor_galera_healthcheck_interval=1000
#      threads=2
#      max_connections=2048
#      default_query_delay=0
#      default_query_timeout=10000
#      poll_timeout=2000
#      interfaces="0.0.0.0:3306"
#      default_schema="information_schema"
#      stacksize=1048576
#      connect_timeout_server=10000
#      monitor_history=60000
#      monitor_connect_interval=20000
#      monitor_ping_interval=10000
#      ping_timeout_server=200
#      commands_stats=true
#      sessions_sort=true
#      have_ssl=true
#      ssl_p2s_ca="/etc/proxysql/ssl-internal/ca.crt"
#      ssl_p2s_cert="/etc/proxysql/ssl-internal/tls.crt"
#      ssl_p2s_key="/etc/proxysql/ssl-internal/tls.key"
#      ssl_p2s_cipher="ECDHE-RSA-AES128-GCM-SHA256"
#    }
  # - name: private-registry-credentials
  annotations: {}
  #  iam.amazonaws.com/role: role-arn
  labels: {}
  #  rack: rack-22
  # serviceType: ClusterIP
  # externalTrafficPolicy: Cluster
  # runtimeClassName: image-rc
  # loadBalancerSourceRanges:
  #   - 10.0.0.0/8
  # loadBalancerIP: 127.0.0.1
  # serviceAnnotations:
  #   service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
  # serviceLabels:
  #   rack: rack-23
  # priorityClassName: high-priority
  # schedulerName: mycustom-scheduler
  readinessDelaySec: 15
  livenessDelaySec: 300
  # envVarsSecret: my-env-var-secrets
  resources:
    requests:
      memory: 1G
      cpu: 600m
    limits: {}
      # memory: 1G
      # cpu: 600m
  sidecars: []
  sidecarVolumes: []
  sidecarPVCs: []
  sidecarResources:
    requests: {}
    limits: {}
  nodeSelector: {}
  #  disktype: ssd
  # serviceAccountName: percona-xtradb-cluster-operator-workload
  affinity:
    antiAffinityTopologyKey: "kubernetes.io/hostname"
    # advanced:
    #   nodeAffinity:
    #     requiredDuringSchedulingIgnoredDuringExecution:
    #       nodeSelectorTerms:
    #       - matchExpressions:
    #         - key: kubernetes.io/e2e-az-name
    #           operator: In
    #           values:
    #           - e2e-az1
    #           - e2e-az2
  tolerations: []
    # - key: "node.alpha.kubernetes.io/unreachable"
    #   operator: "Exists"
    #   effect: "NoExecute"
    #   tolerationSeconds: 6000
  gracePeriod: 30
  # only one of `maxUnavailable` or `minAvailable` can be set.
  podDisruptionBudget:
    maxUnavailable: 1
    # minAvailable: 0
  persistence:
    enabled: true
    ## Percona data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"
    accessMode: ReadWriteOnce
    size: 8Gi
  # A custom Kubernetes Security Context for a Container to be used instead of the default one
  # containerSecurityContext:
  #   privileged: false
  # A custom Kubernetes Security Context for a Pod to be used instead of the default one
  # podSecurityContext:
  #   fsGroup: 1001
  #   supplementalGroups:
  #   - 1001

logcollector:
  enabled: true
  image: ""
  # imagePullPolicy: Always
  imagePullSecrets: []
  # configuration: |
  #   [OUTPUT]
  #         Name  es
  #         Match *
  #         Host  192.168.2.3
  #         Port  9200
  #         Index my_index
  #         Type  my_type
  resources:
    requests:
      memory: 100M
      cpu: 200m
    limits: {}

pmm:
  enabled: false
  image:
    repository: percona/pmm-client
    tag: 2.38.0
  # imagePullPolicy: Always
  imagePullSecrets: []
  serverHost: monitoring-service
  serverUser: admin
  resources:
    requests:
      memory: 150M
      cpu: 300m
    limits: {}

backup:
  enabled: true
  # allowParallel: true
  image:
    repository: percona/percona-xtradb-cluster-operator
    tag: 1.13.0-pxc8.0-backup-pxb8.0.32
  # backoffLimit: 6
  # serviceAccountName: percona-xtradb-cluster-operator
  # imagePullPolicy: Always
  imagePullSecrets: []
  # - name: private-registry-credentials
  pitr:
    enabled: false
    storageName: s3-us-west-binlogs
    timeBetweenUploads: 60
    resources:
      requests: {}
      limits: {}
  storages: {}
    # fs-pvc:
    #   type: filesystem
    #   volume:
    #     persistentVolumeClaim:
    #       storageClassName: standard
    #       accessModes: ["ReadWriteOnce"]
    #       resources:
    #         requests:
    #           storage: 6Gi
    # s3-us-west:
    #   type: s3
    #   verifyTLS: true
    #   nodeSelector:
    #     storage: tape
    #     backupWorker: 'True'
    #   resources:
    #     requests:
    #       memory: 1G
    #       cpu: 600m
    #   affinity:
    #     nodeAffinity:
    #       requiredDuringSchedulingIgnoredDuringExecution:
    #         nodeSelectorTerms:
    #         - matchExpressions:
    #           - key: backupWorker
    #             operator: In
    #             values:
    #             - 'True'
    #   tolerations:
    #     - key: "backupWorker"
    #       operator: "Equal"
    #       value: "True"
    #       effect: "NoSchedule"
    #   annotations:
    #     testName: scheduled-backup
    #   labels:
    #     backupWorker: 'True'
    #   schedulerName: 'default-scheduler'
    #   priorityClassName: 'high-priority'
    #   containerSecurityContext:
    #     privileged: true
    #   podSecurityContext:
    #     fsGroup: 1001
    #     supplementalGroups: [1001, 1002, 1003]
    #   s3:
    #     bucket: S3-BACKUP-BUCKET-NAME-HERE
    #     # Use credentialsSecret OR credentialsAccessKey/credentialsSecretKey
    #     credentialsSecret: my-cluster-name-backup-s3
    #     #credentialsAccessKey: REPLACE-WITH-AWS-ACCESS-KEY
    #     #credentialsSecretKey: REPLACE-WITH-AWS-SECRET-KEY
    #     region: us-west-2
    #     endpointUrl: https://sfo2.digitaloceanspaces.com
    # s3-us-west-binlogs:
    #   type: s3
    #   s3:
    #     bucket: S3-BACKUP-BUCKET-NAME-HERE/DIRECTORY
    #     credentialsSecret: my-cluster-name-backup-s3
    #     region: us-west-2
    #     endpointUrl: https://sfo2.digitaloceanspaces.com
    # azure-blob:
    #   type: azure
    #   azure:
    #     credentialsSecret: azure-secret
    #     container: test
    #     endpointUrl: https://accountName.blob.core.windows.net
    #     storageClass: Hot

  schedule: []
    # - name: "daily-backup"
    #   schedule: "0 0 * * *"
    #   keep: 5
    #   storageName: fs-pvc
    # - name: "sat-night-backup"
    #   schedule: "0 0 * * 6"
    #   keep: 3
    #   storageName: s3-us-west

secrets:
  ## You should be overriding these with your own or specify name for clusterSecretName.
  # passwords:
  #  root: insecure-root-password
  #  xtrabackup: insecure-xtrabackup-password
  #  monitor: insecure-monitor-password
  #  clustercheck: insecure-clustercheck-password
  #  proxyadmin: insecure-proxyadmin-password
  #  pmmserver: insecure-pmmserver-password
  #  # If pmmserverkey is set in that case pmmserver pass will not be included
  #  # pmmserverkey: set-pmmserver-api-key
  #  operator: insecure-operator-password
  #  replication: insecure-replication-password
  ## If you are using `cert-manager` you can skip this next section.
  tls: {}
    # This should be the name of a secret that contains certificates.
    # it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
    # If not set the Helm chart will attempt to create certificates
    # for you [not recommended for prod]:
    # cluster:

    # This should be the name of a secret that contains certificates.
    # it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
    # If not set the Helm chart will attempt to create certificates
    # for you [not recommended for prod]:
    # internal:
  # logCollector: cluster1-log-collector-secrets
  # vault: keyring-secret-vault