andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI (#993)

pull/996/head
Adam Pickering 2024-03-26 09:04:31 -06:00 committed by GitHub
parent a5820e5da9
commit a6875456ee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
321 changed files with 9427 additions and 8579 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-6.7.2.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-6.7.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-18.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-11.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-17.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-10.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-15.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-19.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-9.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.17.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-21.0.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-13.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.59.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-operator-1.5.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-isilon-2.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-powermax-2.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-powerstore-2.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-unity-2.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-vxflexos-2.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/f5-bigip-ctlr-0.0.2901.tgz Normal file
View File

Binary file not shown.

BIN
assets/gluu/gluu-5.0.25.tgz
View File

Binary file not shown.

BIN
assets/gluu/gluu-5.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.38.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.14.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-5.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.5.901.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.3.3.tgz
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.3.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-crds-2024.3.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/loft/loft-3.4.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/minio/minio-operator-5.0.14.tgz Normal file
View File

Binary file not shown.

BIN
assets/ngrok/kubernetes-ingress-controller-0.12.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/percona/psmdb-operator-1.15.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/percona/pxc-db-1.14.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.7.35.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.1.12.tgz Normal file
View File

Binary file not shown.

6
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: Bump argo-cd to v2.10.3
description: Bump argo-cd to v2.10.4
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.10.3
appVersion: v2.10.4
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 6.7.2
version: 6.7.3

8
charts/bitnami/airflow/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.19.2
version: 19.0.1
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.3.3
version: 15.1.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:ef8c5318de55f20f28fd5f98a2201bf883baab63e2faf37ef4b4d05ec14a0635
generated: "2024-03-13T11:46:34.191714+01:00"
digest: sha256:ceffc811afc3d5ac340c12d70dda145292a6aa7bb7dba0ab199b2ae0d3dc2b76
generated: "2024-03-20T13:24:56.373795727+01:00"

6
charts/bitnami/airflow/Chart.yaml
View File

@ -24,11 +24,11 @@ dependencies:
- condition: redis.enabled
name: redis
repository: file://./charts/redis
version: 18.x.x
version: 19.x.x
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 14.x.x
version: 15.x.x
- name: common
repository: file://./charts/common
tags:
@ -50,4 +50,4 @@ maintainers:
name: airflow
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 17.2.4
version: 18.0.0

1121
charts/bitnami/airflow/README.md
View File

File diff suppressed because it is too large Load Diff

2
charts/bitnami/airflow/charts/postgresql/Chart.yaml
View File

@ -34,4 +34,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 14.3.3
version: 15.1.0

1044
charts/bitnami/airflow/charts/postgresql/README.md
View File

File diff suppressed because it is too large Load Diff

28
charts/bitnami/airflow/charts/postgresql/templates/backup/networkpolicy.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.backup.cronjob.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: pg_dumpall
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.backup.cronjob.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: pg_dumpall
policyTypes:
- Egress
egress:
- ports:
- port: 5432
protocol: TCP
{{- end }}

42
charts/bitnami/airflow/charts/postgresql/values.yaml
View File

@ -50,7 +50,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -448,7 +448,7 @@ primary:
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -489,12 +489,12 @@ primary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -885,7 +885,7 @@ readReplicas:
## @param readReplicas.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if readReplicas.resources is set (readReplicas.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param readReplicas.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -926,12 +926,12 @@ readReplicas:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1279,12 +1279,12 @@ backup:
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1308,7 +1308,7 @@ backup:
## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory
## Example:
resources: {}
@ -1319,6 +1319,10 @@ backup:
## limits:
## cpu: 2
## memory: 1024Mi
networkPolicy:
## @param backup.cronjob.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
storage:
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
## If defined, PVC must be created manually before volume will be bound
@ -1395,7 +1399,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1417,7 +1421,7 @@ volumePermissions:
## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container
##
containerSecurityContext:
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
@ -1542,12 +1546,12 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1615,7 +1619,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

2
charts/bitnami/airflow/charts/redis/Chart.yaml
View File

@ -35,4 +35,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.19.2
version: 19.0.1

1247
charts/bitnami/airflow/charts/redis/README.md
View File

File diff suppressed because it is too large Load Diff

8
charts/bitnami/airflow/charts/redis/templates/podmonitor.yaml
View File

@ -28,8 +28,8 @@ spec:
{{- if .Values.metrics.podMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.podMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml .Values.metrics.podMonitor.relabellings | nindent 6 }}
{{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.metrics.podMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
@ -45,8 +45,8 @@ spec:
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

8
charts/bitnami/airflow/charts/redis/templates/servicemonitor.yaml
View File

@ -28,8 +28,8 @@ spec:
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
{{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
@ -45,8 +45,8 @@ spec:
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

50
charts/bitnami/airflow/charts/redis/values.yaml
View File

@ -30,7 +30,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -275,7 +275,7 @@ master:
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -315,12 +315,12 @@ master:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -737,7 +737,7 @@ replica:
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -777,12 +777,12 @@ replica:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1306,7 +1306,7 @@ sentinel:
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1332,12 +1332,12 @@ sentinel:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1708,12 +1708,12 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1729,7 +1729,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1812,7 +1812,10 @@ metrics:
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
##
relabelings: []
## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
##
relabellings: []
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@ -1866,7 +1869,10 @@ metrics:
## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
##
scrapeTimeout: ""
## @param metrics.podMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
##
relabelings: []
## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
##
relabellings: []
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@ -1988,7 +1994,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -2009,7 +2015,7 @@ volumePermissions:
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 0
## Kubectl InitContainer
@ -2096,7 +2102,7 @@ sysctl:
## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

81
charts/bitnami/airflow/values.yaml
View File

@ -26,7 +26,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
## @param kubeVersion Override Kubernetes version
@ -300,7 +300,7 @@ web:
## @param web.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "medium"
## @param web.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -341,13 +341,13 @@ web:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -590,7 +590,7 @@ scheduler:
enabled: true
initialDelaySeconds: 180
periodSeconds: 20
timeoutSeconds: 5
timeoutSeconds: 15
failureThreshold: 6
successThreshold: 1
## @param scheduler.readinessProbe.enabled Enable readinessProbe on Airflow scheduler containers
@ -604,7 +604,7 @@ scheduler:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
timeoutSeconds: 15
failureThreshold: 6
successThreshold: 1
## @param scheduler.customLivenessProbe Custom livenessProbe that overrides the default one
@ -621,7 +621,7 @@ scheduler:
## @param scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if scheduler.resources is set (scheduler.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param scheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -662,13 +662,13 @@ scheduler:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -960,7 +960,7 @@ worker:
## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "large"
## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1001,13 +1001,13 @@ worker:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -1309,7 +1309,7 @@ git:
## @param git.clone.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if git.clone.resources is set (git.clone.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## Properties for the Sync sidecar container
## @param git.sync.interval Interval in seconds to pull the git repository containing the plugins and/or DAG files
## @param git.sync.command Override cmd
@ -1330,7 +1330,7 @@ git:
## @param git.sync.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if git.sync.resources is set (git.sync.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param git.sync.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1629,7 +1629,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1672,17 +1672,17 @@ metrics:
## enabled: true
## capabilities:
## drop: ["NET_RAW"]
## readOnlyRootFilesystem: false
## readOnlyRootFilesystem: true
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -1882,6 +1882,24 @@ postgresql:
database: bitnami_airflow
existingSecret: ""
architecture: standalone
primary:
## PostgreSQL Primary resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param postgresql.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param postgresql.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
@ -1919,6 +1937,25 @@ redis:
password: ""
existingSecret: ""
architecture: standalone
master:
## Redis® master resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## External Redis® configuration
## All of these values are only used when redis.enabled is set to false
## @param externalRedis.host Redis® host

6
charts/bitnami/cassandra/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T13:26:26.829438105+01:00"
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-08T11:22:27.097159506+01:00"

2
charts/bitnami/cassandra/Chart.yaml
View File

@ -35,4 +35,4 @@ maintainers:
name: cassandra
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.12.1
version: 11.0.0

219
charts/bitnami/cassandra/README.md
View File

@ -42,26 +42,110 @@ These commands deploy one node with Apache Cassandra on the Kubernetes cluster i
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
## Configuration and installation details
To uninstall/delete the `my-release` release:
### Resource requests and limits
```console
helm delete my-release
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Enable TLS
This chart supports TLS between client and server and between nodes, as explained below:
- For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`.
- For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`.
In both cases, it is also necessary to create a secret containing the keystore and truststore certificates and their corresponding protection passwords. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time, as shown below:
```text
tls.internodeEncryption=all
tls.clientEncryption=true
tls.existingSecret=my-exisiting-stores
tls.passwordsSecret=my-stores-password
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
> TIP: The secret may be created in the standard way with the `--from-file=./keystore`, `--from-file=./truststore`, `--from-literal=keystore-password=KEYSTORE_PASSWORD` and `--from-literal=truststore-password=TRUSTSTORE_PASSWORD` options. This assumes that the stores are in the current working directory and the KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD placeholders are replaced with the correct keystore and truststore passwords respectively. Example:
```console
kubectl create secret generic my-exisiting-stores --from-file=./keystore --from-file=./truststore
kubectl create secret generic my-stores-password --from-literal=keystore-password=KEYSTORE_PASSWORD --from-literal=truststore-password=TRUSTSTORE_PASSWORD
```
Keystore and Truststore files can be dinamycally created from the certificates files. In this case a secret with the tls.crt, tls.key and ca.crt in pem format is required. The following example shows how the secret can be created and assumes that all certificate files are in the working directory:
```console
kubectl create secret tls my-certs --cert ./tls.crt --key ./tls.key
kubectl patch secret my-certs -p="{\"data\":{\"ca.crt\": \"$(cat ./ca.crt | base64 )\"}}"
```
To enable this feature `tls.autoGenerated` must be set and the new secret should be set in `tls.certificateSecret`:
```text
tls.internodeEncryption=all
tls.clientEncryption=true
tls.autoGenerated=true
tls.certificatesSecret=my-certs
tls.passwordsSecret=my-stores-password
```
### Initialize the database
The [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary `.sh` or `.cql` scripts and passing this ConfigMap to the chart via the `initDBConfigMap` parameter.
### Use a custom configuration file
This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). Here is an example of deploying the chart with a custom configuration file stored in a ConfigMap named `cassandra-configuration`:
```text
existingConfiguration=cassandra-configuration
```
> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart.
### Backup and restore
Refer to our detailed tutorial on [backing up and restoring Bitnami Apache Cassandra deployments on Kubernetes](https://docs.bitnami.com/tutorials/backup-restore-data-cassandra-kubernetes/).
### Set pod affinity
This chart allows you to set custom pod affinity using the `XXX.affinity` parameter(s). Find more information about pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
## Persistence
The [Bitnami Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image stores the Apache Cassandra data at the `/bitnami/cassandra` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
### Adjust permissions of persistent volume mountpoint
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this:
- Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions.
- Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
@ -141,16 +225,16 @@ The command removes all the Kubernetes components associated with the chart and
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set Cassandra containers' Security Context runAsGroup | `0` |
| `containerSecurityContext.runAsGroup` | Set Cassandra containers' Security Context runAsGroup | `1001` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `true` |
| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `large` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
@ -253,9 +337,9 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters
@ -268,7 +352,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
@ -304,7 +388,7 @@ The command removes all the Kubernetes components associated with the chart and
| `tls.passwordsSecret` | Secret containing the Keystore and Truststore passwords if needed | `""` |
| `tls.keystorePassword` | Password for the keystore, if needed. | `""` |
| `tls.truststorePassword` | Password for the truststore, if needed. | `""` |
| `tls.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). | `none` |
| `tls.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). | `nano` |
| `tls.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` |
| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` |
@ -330,100 +414,6 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassa
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/cassandra/values.yaml)
## Configuration and installation details
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Enable TLS
This chart supports TLS between client and server and between nodes, as explained below:
- For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`.
- For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`.
In both cases, it is also necessary to create a secret containing the keystore and truststore certificates and their corresponding protection passwords. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time, as shown below:
```text
tls.internodeEncryption=all
tls.clientEncryption=true
tls.existingSecret=my-exisiting-stores
tls.passwordsSecret=my-stores-password
```
> TIP: The secret may be created in the standard way with the `--from-file=./keystore`, `--from-file=./truststore`, `--from-literal=keystore-password=KEYSTORE_PASSWORD` and `--from-literal=truststore-password=TRUSTSTORE_PASSWORD` options. This assumes that the stores are in the current working directory and the KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD placeholders are replaced with the correct keystore and truststore passwords respectively. Example:
```console
kubectl create secret generic my-exisiting-stores --from-file=./keystore --from-file=./truststore
kubectl create secret generic my-stores-password --from-literal=keystore-password=KEYSTORE_PASSWORD --from-literal=truststore-password=TRUSTSTORE_PASSWORD
```
Keystore and Truststore files can be dinamycally created from the certificates files. In this case a secret with the tls.crt, tls.key and ca.crt in pem format is required. The following example shows how the secret can be created and assumes that all certificate files are in the working directory:
```console
kubectl create secret tls my-certs --cert ./tls.crt --key ./tls.key
kubectl patch secret my-certs -p="{\"data\":{\"ca.crt\": \"$(cat ./ca.crt | base64 )\"}}"
```
To enable this feature `tls.autoGenerated` must be set and the new secret should be set in `tls.certificateSecret`:
```text
tls.internodeEncryption=all
tls.clientEncryption=true
tls.autoGenerated=true
tls.certificatesSecret=my-certs
tls.passwordsSecret=my-stores-password
```
### Initialize the database
The [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image supports the use of custom scripts to initialize a fresh instance. This may be done by creating a Kubernetes ConfigMap that includes the necessary `.sh` or `.cql` scripts and passing this ConfigMap to the chart via the `initDBConfigMap` parameter.
### Use a custom configuration file
This chart also supports mounting custom configuration file(s) for Apache Cassandra. This is achieved by setting the `existingConfiguration` parameter with the name of a ConfigMap that includes the custom configuration file(s). Here is an example of deploying the chart with a custom configuration file stored in a ConfigMap named `cassandra-configuration`:
```text
existingConfiguration=cassandra-configuration
```
> NOTE: This ConfigMap will override other Apache Cassandra configuration variables set in the chart.
### Set pod affinity
This chart allows you to set custom pod affinity using the `XXX.affinity` parameter(s). Find more information about pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
## Persistence
The [Bitnami Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image stores the Apache Cassandra data at the `/bitnami/cassandra` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
### Adjust permissions of persistent volume mountpoint
As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this:
- Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions.
- Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`.
## Backup and restore
Refer to our detailed tutorial on [backing up and restoring Bitnami Apache Cassandra deployments on Kubernetes](https://docs.bitnami.com/tutorials/backup-restore-data-cassandra-kubernetes/).
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@ -440,6 +430,17 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra --set dbUs
| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes.
### To 10.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 9.0.0
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.

4
charts/bitnami/cassandra/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.18.0
appVersion: 2.19.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.18.0
version: 2.19.0

4
charts/bitnami/cassandra/charts/common/templates/_compatibility.tpl
View File

@ -28,6 +28,10 @@ Usage:
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

2
charts/bitnami/cassandra/templates/statefulset.yaml
View File

@ -446,6 +446,8 @@ spec:
{{- end }}
{{- if .Values.resources }}
resources: {{ toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data

18
charts/bitnami/cassandra/values.yaml
View File

@ -27,7 +27,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -310,9 +310,9 @@ podSecurityContext:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
@ -320,7 +320,7 @@ containerSecurityContext:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
## Cassandra pods' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## Minimum memory for development is 4GB and 2 CPU cores
@ -334,7 +334,7 @@ containerSecurityContext:
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "large"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -698,7 +698,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -723,7 +723,7 @@ volumePermissions:
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
##
securityContext:
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 0
## @section Metrics parameters
##
@ -766,7 +766,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -949,7 +949,7 @@ tls:
truststorePassword: ""
certificatesSecret: ""
tlsEncryptionSecretName: ""
resourcesPreset: "none"
resourcesPreset: "nano"
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following

6
charts/bitnami/mariadb/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T14:35:54.482130622+01:00"
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-08T11:25:32.224991562+01:00"

2
charts/bitnami/mariadb/Chart.yaml
View File

@ -37,4 +37,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 16.5.0
version: 17.0.1

765
charts/bitnami/mariadb/README.md
View File

@ -44,388 +44,6 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `global.imageRegistry` | Global Docker Image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global storage class for dynamic provisioning | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
### Common parameters
| Name | Description | Value |
| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override mariadb.fullname | `""` |
| `fullnameOverride` | String to fully override mariadb.fullname | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `image.registry` | MariaDB image registry | `REGISTRY_NAME` |
| `image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.containerPorts.mysql` | Container port for mysql | `3306` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB primary container | `0` |
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `none` |
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.containerPorts.mysql` | Container port for mysql | `3306` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB secondary container | `0` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `none` |
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | -------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` |
| `serviceAccount.name` | Name of the created ServiceAccount | `""` |
| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
| `rbac.create` | Whether to create and use RBAC resources or not | `false` |
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Metrics parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Exporter image repository | `REPOSITORY_NAME/mysqld-exporter` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerPorts.http` | Container port for http | `9104` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MariaDB metrics container | `0` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------- | ------ |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
| `networkPolicy.allowExternal` | The Policy model to apply | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mariadb/values.yaml)
## Configuration and installation details
### Resource requests and limits
@ -522,6 +140,378 @@ By default, the chart is configured to use Kubernetes Security Context to automa
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker Image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global storage class for dynamic provisioning | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
| Name | Description | Value |
| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override mariadb.fullname | `""` |
| `fullnameOverride` | String to fully override mariadb.fullname | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `image.registry` | MariaDB image registry | `REGISTRY_NAME` |
| `image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.containerPorts.mysql` | Container port for mysql | `3306` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` |
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.containerPorts.mysql` | Container port for mysql | `3306` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `micro` |
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | -------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` |
| `serviceAccount.name` | Name of the created ServiceAccount | `""` |
| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
| `rbac.create` | Whether to create and use RBAC resources or not | `false` |
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Metrics parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Exporter image repository | `REPOSITORY_NAME/mysqld-exporter` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerPorts.http` | Container port for http | `9104` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------- | ------ |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
| `networkPolicy.allowExternal` | The Policy model to apply | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mariadb/values.yaml)
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@ -538,6 +528,17 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb --set auth.r
| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
### To 17.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 16.0.0
This section enables NetworkPolicies by default to increase security of the application. It also adapts the values in the `networkPolicy` section to the current Bitnami standards. The removed sections are `networkPolicy.metrics.*`, `networkPolicy.ingressRules.*` and `networkPolicy.egressRules.*`. Check the Parameters table for the new structure.

4
charts/bitnami/mariadb/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.18.0
appVersion: 2.19.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.18.0
version: 2.19.0

4
charts/bitnami/mariadb/charts/common/templates/_compatibility.tpl
View File

@ -28,6 +28,10 @@ Usage:
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

2
charts/bitnami/mariadb/templates/primary/statefulset.yaml
View File

@ -251,6 +251,8 @@ spec:
{{- end }}
{{- if .Values.primary.resources }}
resources: {{ toYaml .Values.primary.resources | nindent 12 }}
{{- else if ne .Values.primary.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data

2
charts/bitnami/mariadb/templates/secondary/statefulset.yaml
View File

@ -238,6 +238,8 @@ spec:
{{- end }}
{{- if .Values.secondary.resources }}
resources: {{ toYaml .Values.secondary.resources | nindent 12 }}
{{- else if ne .Values.secondary.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.secondary.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data

28
charts/bitnami/mariadb/values.yaml
View File

@ -27,7 +27,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -350,13 +350,13 @@ primary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -370,7 +370,7 @@ primary:
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "micro"
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -769,13 +769,13 @@ secondary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
@ -789,7 +789,7 @@ secondary:
## @param secondary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "micro"
## @param secondary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1066,7 +1066,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1185,10 +1185,10 @@ metrics:
enabled: false
privileged: false
runAsNonRoot: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
readOnlyRootFilesystem: false
runAsGroup: 1001
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1203,7 +1203,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

6
charts/bitnami/mysql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T15:00:17.224052059+01:00"
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-08T11:23:56.170052821+01:00"

2
charts/bitnami/mysql/Chart.yaml
View File

@ -36,4 +36,4 @@ maintainers:
name: mysql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.23.0
version: 10.1.0

231
charts/bitnami/mysql/README.md
View File

@ -42,26 +42,111 @@ These commands deploy MySQL on the Kubernetes cluster in the default configurati
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
## Configuration and installation details
To uninstall/delete the `my-release` deployment:
### Resource requests and limits
```console
helm delete my-release
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Use a different MySQL version
To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter.
### Customize a new MySQL instance
The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter.
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files.
When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below:
```yaml
initdbScripts:
my_init_script.sh: |
#!/bin/sh
if [[ $(hostname) == *master* ]]; then
echo "Master node"
mysql -P 3306 -uroot -prandompassword -e "create database new_database";
else
echo "No master node"
fi
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
### Sidecars and Init Containers
If you have a need for additional containers to run within the same pod as MySQL, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
Similarly, you can add extra init containers using the `initContainers` parameter.
```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
### Network Policy config
To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
```console
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 3306.
For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to MySQL.
This label will be displayed in the output of a successful install.
### Pod affinity
This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
## Persistence
The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container.
The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
@ -142,15 +227,15 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MySQL primary container | `0` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MySQL primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `none` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `small` |
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
@ -247,15 +332,15 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MySQL secondary container | `0` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MySQL secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `none` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `small` |
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
@ -349,7 +434,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Metrics parameters
@ -363,14 +448,14 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.containerSecurityContext.enabled` | MySQL metrics container securityContext | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MySQL metrics container | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MySQL metrics container | `0` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MySQL metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set MySQL metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `true` |
| `metrics.containerPorts.http` | Container port for http | `9104` |
| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` |
| `metrics.service.clusterIP` | Kubernetes service clusterIP for MySQL Prometheus Exporter | `""` |
@ -378,7 +463,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` |
| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` |
| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
@ -433,101 +518,6 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mysql
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mysql/values.yaml)
## Configuration and installation details
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Use a different MySQL version
To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter.
### Customize a new MySQL instance
The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter.
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files.
When using a `.sh` script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below:
```yaml
initdbScripts:
my_init_script.sh: |
#!/bin/sh
if [[ $(hostname) == *master* ]]; then
echo "Master node"
mysql -P 3306 -uroot -prandompassword -e "create database new_database";
else
echo "No master node"
fi
```
### Sidecars and Init Containers
If you have a need for additional containers to run within the same pod as MySQL, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
Similarly, you can add extra init containers using the `initContainers` parameter.
```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
## Persistence
The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container.
The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose.
If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
## Network Policy config
To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
```console
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 3306.
For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to MySQL.
This label will be displayed in the output of a successful install.
## Pod affinity
This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@ -544,6 +534,17 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mysql --set auth.roo
| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
### To 10.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 9.0.0
This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository.

4
charts/bitnami/mysql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.18.0
appVersion: 2.19.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.18.0
version: 2.19.0

4
charts/bitnami/mysql/charts/common/templates/_compatibility.tpl
View File

@ -28,6 +28,10 @@ Usage:
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

20
charts/bitnami/mysql/templates/networkpolicy.yaml
View File

@ -50,6 +50,26 @@ spec:
{{- if .Values.metrics.enabled }}
- port: {{ .Values.metrics.containerPorts.http }}
{{- end }}
{{- if .Values.primary.extraPorts }}
{{- range $value := .Values.primary.extraPorts }}
- port: {{ $value.containerPort }}
{{- end }}
{{- end }}
{{- if .Values.primary.service.extraPorts }}
{{- range $value := .Values.primary.service.extraPorts }}
- port: {{ $value.port }}
{{- end }}
{{- end }}
{{- if .Values.secondary.extraPorts }}
{{- range $value := .Values.secondary.extraPorts }}
- port: {{ $value.containerPort }}
{{- end }}
{{- end }}
{{- if .Values.secondary.service.extraPorts }}
{{- range $value := .Values.secondary.service.extraPorts }}
- port: {{ $value.port }}
{{- end }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:

26
charts/bitnami/mysql/templates/primary/statefulset.yaml
View File

@ -78,6 +78,32 @@ spec:
terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
- name: preserve-logs-symlinks
image: {{ include "mysql.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.primary.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.primary.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.primary.resources }}
resources: {{ toYaml .Values.primary.resources | nindent 12 }}
{{- else if ne .Values.primary.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.primary.resourcesPreset) | nindent 12 }}
{{- end }}
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
. /opt/bitnami/scripts/libfs.sh
# We copy the logs folder because it has symlinks to stdout and stderr
if ! is_dir_empty /opt/bitnami/mysql/logs; then
cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir
fi
volumeMounts:
- name: empty-dir
mountPath: /emptydir
{{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }}
- name: volume-permissions
image: {{ include "mysql.volumePermissions.image" . }}

26
charts/bitnami/mysql/templates/secondary/statefulset.yaml
View File

@ -79,6 +79,32 @@ spec:
terminationGracePeriodSeconds: {{ .Values.secondary.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
- name: preserve-logs-symlinks
image: {{ include "mysql.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.secondary.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.secondary.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.secondary.resources }}
resources: {{ toYaml .Values.secondary.resources | nindent 12 }}
{{- else if ne .Values.secondary.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.secondary.resourcesPreset) | nindent 12 }}
{{- end }}
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
. /opt/bitnami/scripts/libfs.sh
# We copy the logs folder because it has symlinks to stdout and stderr
if ! is_dir_empty /opt/bitnami/mysql/logs; then
cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir
fi
volumeMounts:
- name: empty-dir
mountPath: /emptydir
{{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }}
- name: volume-permissions
image: {{ include "mysql.volumePermissions.image" . }}

28
charts/bitnami/mysql/values.yaml
View File

@ -27,7 +27,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -345,16 +345,16 @@ primary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
## MySQL primary container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -364,7 +364,7 @@ primary:
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -762,16 +762,16 @@ secondary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
## MySQL secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -781,7 +781,7 @@ secondary:
## @param secondary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param secondary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1143,7 +1143,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1199,16 +1199,16 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
## @param metrics.containerPorts.http Container port for http
##
containerPorts:
@ -1279,7 +1279,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

6
charts/bitnami/postgresql/Chart.yaml
View File

@ -6,11 +6,11 @@ annotations:
category: Database
images: |
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r16
image: docker.io/bitnami/os-shell:12-debian-12-r17
- name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-12-r14
- name: postgresql
image: docker.io/bitnami/postgresql:16.2.0-debian-12-r8
image: docker.io/bitnami/postgresql:16.2.0-debian-12-r10
licenses: Apache-2.0
apiVersion: v2
appVersion: 16.2.0
@ -38,4 +38,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 14.3.3
version: 15.1.4

1047
charts/bitnami/postgresql/README.md
View File

File diff suppressed because it is too large Load Diff

17
charts/bitnami/postgresql/templates/backup/cronjob.yaml
View File

@ -83,15 +83,20 @@ spec:
command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
- name: raw-certificates
mountPath: /tmp/certs
{{- end }}
{{- if .Values.backup.cronjob.storage.enabled }}
- name: datadir
mountPath: {{ .Values.backup.cronjob.storage.mountPath }}
subPath: {{ .Values.backup.cronjob.storage.subPath }}
{{- end }}
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.backup.cronjob.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.extraVolumeMounts "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.backup.cronjob.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 14 }}
{{- end }}
@ -108,8 +113,10 @@ spec:
volumes:
{{- if .Values.tls.enabled }}
- name: raw-certificates
emptyDir: /tmp/certs
secret:
secretName: {{ include "postgresql.v1.tlsSecretName" . }}
{{- end }}
{{- if .Values.backup.cronjob.storage.enabled }}
{{- if .Values.backup.cronjob.storage.existingClaim }}
- name: datadir
persistentVolumeClaim:
@ -119,6 +126,10 @@ spec:
persistentVolumeClaim:
claimName: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall
{{- end }}
{{- end }}
- name: empty-dir
emptyDir: {}
{{- if .Values.backup.cronjob.extraVolumes }}
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.extraVolumes "context" $ ) | nindent 12 }}
{{- end }}
{{- end }}

28
charts/bitnami/postgresql/templates/backup/networkpolicy.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.backup.enabled .Values.backup.cronjob.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: pg_dumpall
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.backup.cronjob.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: pg_dumpall
policyTypes:
- Egress
egress:
- ports:
- port: 5432
protocol: TCP
{{- end }}

2
charts/bitnami/postgresql/templates/backup/pvc.yaml
View File

@ -3,7 +3,7 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.backup.enabled (not .Values.backup.cronjob.storage.existingClaim) -}}
{{- if and .Values.backup.enabled .Values.backup.cronjob.storage.enabled (not .Values.backup.cronjob.storage.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:

55
charts/bitnami/postgresql/values.yaml
View File

@ -50,7 +50,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -105,7 +105,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 16.2.0-debian-12-r8
tag: 16.2.0-debian-12-r10
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -448,7 +448,7 @@ primary:
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -489,12 +489,12 @@ primary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -885,7 +885,7 @@ readReplicas:
## @param readReplicas.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if readReplicas.resources is set (readReplicas.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param readReplicas.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -926,12 +926,12 @@ readReplicas:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1279,12 +1279,12 @@ backup:
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1308,7 +1308,7 @@ backup:
## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory
## Example:
resources: {}
@ -1319,7 +1319,14 @@ backup:
## limits:
## cpu: 2
## memory: 1024Mi
networkPolicy:
## @param backup.cronjob.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
storage:
## @param backup.cronjob.storage.enabled Enable using a `PersistentVolumeClaim` as backup data volume
##
enabled: true
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
## If defined, PVC must be created manually before volume will be bound
##
@ -1359,6 +1366,12 @@ backup:
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
##
selector: {}
## @param backup.cronjob.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the backup container
##
extraVolumeMounts: []
## @param backup.cronjob.extraVolumes Optionally specify extra list of additional volumes for the backup container
##
extraVolumes: []
## @section Volume Permissions parameters
##
@ -1379,7 +1392,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r16
tag: 12-debian-12-r17
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1395,7 +1408,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1417,7 +1430,7 @@ volumePermissions:
## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container
##
containerSecurityContext:
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
@ -1542,12 +1555,12 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -1615,7 +1628,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

2
charts/bitnami/redis/Chart.yaml
View File

@ -39,4 +39,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.19.2
version: 19.0.1

1247
charts/bitnami/redis/README.md
View File

File diff suppressed because it is too large Load Diff

8
charts/bitnami/redis/templates/podmonitor.yaml
View File

@ -28,8 +28,8 @@ spec:
{{- if .Values.metrics.podMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.podMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml .Values.metrics.podMonitor.relabellings | nindent 6 }}
{{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.metrics.podMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
@ -45,8 +45,8 @@ spec:
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

8
charts/bitnami/redis/templates/servicemonitor.yaml
View File

@ -28,8 +28,8 @@ spec:
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
{{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
@ -45,8 +45,8 @@ spec:
{{- if .honorLabels }}
honorLabels: {{ .honorLabels }}
{{- end }}
{{- if .relabellings }}
relabelings: {{- toYaml .relabellings | nindent 6 }}
{{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
relabelings: {{- toYaml . | nindent 6 }}
{{- end }}
{{- if .metricRelabelings }}
metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

50
charts/bitnami/redis/values.yaml
View File

@ -30,7 +30,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -275,7 +275,7 @@ master:
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -315,12 +315,12 @@ master:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -737,7 +737,7 @@ replica:
## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -777,12 +777,12 @@ replica:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1306,7 +1306,7 @@ sentinel:
## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1332,12 +1332,12 @@ sentinel:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1708,12 +1708,12 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
@ -1729,7 +1729,7 @@ metrics:
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -1812,7 +1812,10 @@ metrics:
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
##
relabelings: []
## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
##
relabellings: []
## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@ -1866,7 +1869,10 @@ metrics:
## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
##
scrapeTimeout: ""
## @param metrics.podMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
##
relabelings: []
## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
##
relabellings: []
## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@ -1988,7 +1994,7 @@ volumePermissions:
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -2009,7 +2015,7 @@ volumePermissions:
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
seLinuxOptions: null
seLinuxOptions: {}
runAsUser: 0
## Kubectl InitContainer
@ -2096,7 +2102,7 @@ sysctl:
## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "nano"
## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

2
charts/bitnami/spark/Chart.yaml
View File

@ -30,4 +30,4 @@ maintainers:
name: spark
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spark
version: 8.9.1
version: 9.0.0

29
charts/bitnami/spark/README.md
View File

@ -58,11 +58,11 @@ The command removes all the Kubernetes components associated with the chart and
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
@ -119,10 +119,10 @@ The command removes all the Kubernetes components associated with the chart and
| `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
| `master.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `master.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `master.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
@ -147,7 +147,7 @@ The command removes all the Kubernetes components associated with the chart and
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` |
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
| `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` |
| `master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `none` |
| `master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `small` |
| `master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `master.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
@ -210,10 +210,10 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `worker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
| `worker.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
@ -239,7 +239,7 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` |
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` |
| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `none` |
| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `small` |
| `worker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `worker.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
@ -293,7 +293,7 @@ The command removes all the Kubernetes components associated with the chart and
| `security.ssl.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates | `false` |
| `security.ssl.keystorePassword` | Set the password of the JKS Keystore | `""` |
| `security.ssl.truststorePassword` | Truststore password. | `""` |
| `security.ssl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if security.ssl.resources is set (security.ssl.resources is recommended for production). | `none` |
| `security.ssl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if security.ssl.resources is set (security.ssl.resources is recommended for production). | `small` |
| `security.ssl.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Traffic Exposure parameters
@ -492,6 +492,17 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
### To 9.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 6.0.0
This chart major version standarizes the chart templates and values, modifying some existing parameters names and adding several more. These parameter modifications can be sumarised in the following:

16
charts/bitnami/spark/values.yaml
View File

@ -27,7 +27,7 @@ global:
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
adaptSecurityContext: auto
## @section Common parameters
##
@ -207,10 +207,10 @@ master:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -315,7 +315,7 @@ master:
## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -559,10 +559,10 @@ worker:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 0
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
@ -671,7 +671,7 @@ worker:
## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
@ -889,7 +889,7 @@ security:
## @param security.ssl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if security.ssl.resources is set (security.ssl.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
resourcesPreset: "small"
## @param security.ssl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:

6
charts/bitnami/tomcat/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T15:53:43.135308944+01:00"
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-15T01:41:57.021991384Z"

4
charts/bitnami/tomcat/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r16
- name: tomcat
image: docker.io/bitnami/tomcat:10.1.19-debian-12-r0
image: docker.io/bitnami/tomcat:10.1.19-debian-12-r2
licenses: Apache-2.0
apiVersion: v2
appVersion: 10.1.19
@ -38,4 +38,4 @@ maintainers:
name: tomcat
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat
version: 10.17.0
version: 10.17.1

4
charts/bitnami/tomcat/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.18.0
appVersion: 2.19.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.18.0
version: 2.19.0

4
charts/bitnami/tomcat/charts/common/templates/_compatibility.tpl
View File

@ -28,6 +28,10 @@ Usage:
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
{{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .secContext.seLinuxOptions -}}
{{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

2
charts/bitnami/tomcat/values.yaml
View File

@ -68,7 +68,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/tomcat
tag: 10.1.19-debian-12-r0
tag: 10.1.19-debian-12-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

8
charts/bitnami/wordpress/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies:
- name: memcached
repository: oci://registry-1.docker.io/bitnamicharts
version: 6.14.0
version: 7.0.2
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 16.5.0
version: 17.0.1
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:f14e7183217316a026257bb89543ec1055b763c37dd4bfba26c2c725ac0e7571
generated: "2024-03-08T16:54:42.092136196Z"
digest: sha256:3b4e997af36fdaa0116bd43fdbe2bb7575f280e86a1ede66430a47115b7f89ba
generated: "2024-03-20T16:16:30.974197+01:00"

12
charts/bitnami/wordpress/Chart.yaml
View File

@ -6,11 +6,11 @@ annotations:
category: CMS
images: |
- name: apache-exporter
image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r8
image: docker.io/bitnami/apache-exporter:1.0.7-debian-12-r0
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r16
image: docker.io/bitnami/os-shell:12-debian-12-r17
- name: wordpress
image: docker.io/bitnami/wordpress:6.4.3-debian-12-r20
image: docker.io/bitnami/wordpress:6.4.3-debian-12-r28
licenses: Apache-2.0
apiVersion: v2
appVersion: 6.4.3
@ -18,11 +18,11 @@ dependencies:
- condition: memcached.enabled
name: memcached
repository: file://./charts/memcached
version: 6.x.x
version: 7.x.x
- condition: mariadb.enabled
name: mariadb
repository: file://./charts/mariadb
version: 16.x.x
version: 17.x.x
- name: common
repository: file://./charts/common
tags:
@ -47,4 +47,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 20.1.2
version: 21.0.6

735
charts/bitnami/wordpress/README.md
View File

@ -43,374 +43,6 @@ The command deploys WordPress on the Kubernetes cluster in the default configura
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
### Common parameters
| Name | Description | Value |
| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
| `commonLabels` | Labels to add to all deployed resources | `{}` |
| `commonAnnotations` | Annotations to add to all deployed resources | `{}` |
| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
### WordPress Image parameters
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | WordPress image registry | `REGISTRY_NAME` |
| `image.repository` | WordPress image repository | `REPOSITORY_NAME/wordpress` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
### WordPress Configuration parameters
| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------------------------------------- | ------------------ |
| `wordpressUsername` | WordPress username | `user` |
| `wordpressPassword` | WordPress user password | `""` |
| `existingSecret` | Name of existing secret containing WordPress credentials | `""` |
| `wordpressEmail` | WordPress user email | `user@example.com` |
| `wordpressFirstName` | WordPress user first name | `FirstName` |
| `wordpressLastName` | WordPress user last name | `LastName` |
| `wordpressBlogName` | Blog name | `User's Blog!` |
| `wordpressTablePrefix` | Prefix to use for WordPress database tables | `wp_` |
| `wordpressScheme` | Scheme to use to generate WordPress URLs | `http` |
| `wordpressSkipInstall` | Skip wizard installation | `false` |
| `wordpressExtraConfigContent` | Add extra content to the default wp-config.php file | `""` |
| `wordpressConfiguration` | The content for your custom wp-config.php file (advanced feature) | `""` |
| `existingWordPressConfigurationSecret` | The name of an existing secret with your custom wp-config.php file (advanced feature) | `""` |
| `wordpressConfigureCache` | Enable W3 Total Cache plugin and configure cache settings | `false` |
| `wordpressPlugins` | Array of plugins to install and activate. Can be specified as `all` or `none`. | `none` |
| `apacheConfiguration` | The content for your custom httpd.conf file (advanced feature) | `""` |
| `existingApacheConfigurationConfigMap` | The name of an existing secret with your custom httpd.conf file (advanced feature) | `""` |
| `customPostInitScripts` | Custom post-init.d user scripts | `{}` |
| `smtpHost` | SMTP server host | `""` |
| `smtpPort` | SMTP server port | `""` |
| `smtpUser` | SMTP username | `""` |
| `smtpPassword` | SMTP user password | `""` |
| `smtpProtocol` | SMTP protocol | `""` |
| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` |
| `allowEmptyPassword` | Allow the container to be started with blank passwords | `true` |
| `allowOverrideNone` | Configure Apache to prohibit overriding directives with htaccess files | `false` |
| `overrideDatabaseSettings` | Allow overriding the database settings persisted in wp-config.php | `false` |
| `htaccessPersistenceEnabled` | Persist custom changes on htaccess files | `false` |
| `customHTAccessCM` | The name of an existing ConfigMap with custom htaccess rules | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Array with extra environment variables to add to the WordPress container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
### WordPress Multisite Configuration parameters
| Name | Description | Value |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `multisite.enable` | Whether to enable WordPress Multisite configuration. | `false` |
| `multisite.host` | WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. | `""` |
| `multisite.networkType` | WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. | `subdomain` |
| `multisite.enableNipIoRedirect` | Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. | `false` |
### WordPress deployment parameters
| Name | Description | Value |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of WordPress replicas to deploy | `1` |
| `updateStrategy.type` | WordPress deployment strategy type | `RollingUpdate` |
| `schedulerName` | Alternate scheduler | `""` |
| `terminationGracePeriodSeconds` | In seconds, time given to the WordPress pod to terminate gracefully | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `priorityClassName` | Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand | `""` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `hostAliases` | WordPress pod host aliases | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes for WordPress pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for WordPress container(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the WordPress pod | `[]` |
| `initContainers` | Add additional init containers to the WordPress pods | `[]` |
| `podLabels` | Extra labels for WordPress pods | `{}` |
| `podAnnotations` | Annotations for WordPress pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `containerPorts.http` | WordPress HTTP container port | `8080` |
| `containerPorts.https` | WordPress HTTPS container port | `8443` |
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe on WordPress containers | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe on WordPress containers | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `lifecycleHooks` | for the WordPress container(s) to automate configuration before or after startup | `{}` |
### Traffic Exposure Parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | WordPress service type | `LoadBalancer` |
| `service.ports.http` | WordPress service HTTP port | `80` |
| `service.ports.https` | WordPress service HTTPS port | `443` |
| `service.httpsTargetPort` | Target port for HTTPS | `https` |
| `service.nodePorts.http` | Node port for HTTP | `""` |
| `service.nodePorts.https` | Node port for HTTPS | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | WordPress service Cluster IP | `""` |
| `service.loadBalancerIP` | WordPress service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | WordPress service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | WordPress service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for WordPress service | `{}` |
| `service.extraPorts` | Extra port to expose on WordPress service | `[]` |
| `ingress.enabled` | Enable ingress record generation for WordPress | `false` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.hostname` | Default host for the ingress record. The hostname is templated and thus can contain other variable references. | `wordpress.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record. The host names are templated and thus can contain other variable references. | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
### Persistence Parameters
| Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` |
| `persistence.storageClass` | Persistent Volume storage class | `""` |
| `persistence.accessModes` | Persistent Volume access modes | `[]` |
| `persistence.accessMode` | Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) | `ReadWriteOnce` |
| `persistence.size` | Persistent Volume size | `10Gi` |
| `persistence.dataSource` | Custom PVC data source | `{}` |
| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` |
| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Other Parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `pdb.create` | Enable a Pod Disruption Budget creation | `false` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `autoscaling.enabled` | Enable Horizontal POD autoscaling for WordPress | `false` |
| `autoscaling.minReplicas` | Minimum number of WordPress replicas | `1` |
| `autoscaling.maxReplicas` | Maximum number of WordPress replicas | `11` |
| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` |
| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` |
### Metrics Parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9117` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus exporter containers | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus exporter containers | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus exporter containers | `false` |
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.service.ports.metrics` | Prometheus metrics service port | `9150` |
| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
### NetworkPolicy parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------- |
| `networkPolicy.enabled` | Enable network policies | `false` |
| `networkPolicy.metrics.enabled` | Enable network policy for metrics (prometheus) | `false` |
| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` |
| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` |
| `networkPolicy.ingress.enabled` | Enable network policy for Ingress Proxies | `false` |
| `networkPolicy.ingress.namespaceSelector` | Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. | `{}` |
| `networkPolicy.ingress.podSelector` | Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. | `{}` |
| `networkPolicy.ingressRules.backendOnlyAccessibleByFrontend` | Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. | `false` |
| `networkPolicy.ingressRules.customBackendSelector` | Backend selector labels. These labels will be used to identify the backend pods. | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.enabled` | Enable ingress rule that makes testlink only accessible from a particular origin | `false` |
| `networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.accessOnlyFrom.podSelector` | Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.customRules` | Custom network policy ingress rule | `{}` |
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
### Database Parameters
| Name | Description | Value |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------- |
| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` |
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
| `mariadb.auth.rootPassword` | MariaDB root password | `""` |
| `mariadb.auth.database` | MariaDB custom database | `bitnami_wordpress` |
| `mariadb.auth.username` | MariaDB custom user name | `bn_wordpress` |
| `mariadb.auth.password` | MariaDB custom user password | `""` |
| `mariadb.primary.persistence.enabled` | Enable persistence on MariaDB using PVC(s) | `true` |
| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class | `""` |
| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` |
| `mariadb.primary.persistence.size` | Persistent Volume size | `8Gi` |
| `externalDatabase.host` | External Database server host | `localhost` |
| `externalDatabase.port` | External Database server port | `3306` |
| `externalDatabase.user` | External Database username | `bn_wordpress` |
| `externalDatabase.password` | External Database user password | `""` |
| `externalDatabase.database` | External Database database name | `bitnami_wordpress` |
| `externalDatabase.existingSecret` | The name of an existing secret with database credentials. Evaluated as a template | `""` |
| `memcached.enabled` | Deploy a Memcached server for caching database queries | `false` |
| `memcached.auth.enabled` | Enable Memcached authentication | `false` |
| `memcached.auth.username` | Memcached admin user | `""` |
| `memcached.auth.password` | Memcached admin password | `""` |
| `memcached.auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` |
| `memcached.service.port` | Memcached service port | `11211` |
| `externalCache.host` | External cache server host | `localhost` |
| `externalCache.port` | External cache server port | `11211` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set wordpressUsername=admin \
--set wordpressPassword=password \
--set mariadb.auth.rootPassword=secretpassword \
oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/wordpress/values.yaml)
## Configuration and installation details
### Resource requests and limits
@ -606,6 +238,361 @@ This chart allows you to set your custom affinity using the `affinity` parameter
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
| Name | Description | Value |
| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
| `commonLabels` | Labels to add to all deployed resources | `{}` |
| `commonAnnotations` | Annotations to add to all deployed resources | `{}` |
| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
### WordPress Image parameters
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | WordPress image registry | `REGISTRY_NAME` |
| `image.repository` | WordPress image repository | `REPOSITORY_NAME/wordpress` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
### WordPress Configuration parameters
| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------------------------------------- | ------------------ |
| `wordpressUsername` | WordPress username | `user` |
| `wordpressPassword` | WordPress user password | `""` |
| `existingSecret` | Name of existing secret containing WordPress credentials | `""` |
| `wordpressEmail` | WordPress user email | `user@example.com` |
| `wordpressFirstName` | WordPress user first name | `FirstName` |
| `wordpressLastName` | WordPress user last name | `LastName` |
| `wordpressBlogName` | Blog name | `User's Blog!` |
| `wordpressTablePrefix` | Prefix to use for WordPress database tables | `wp_` |
| `wordpressScheme` | Scheme to use to generate WordPress URLs | `http` |
| `wordpressSkipInstall` | Skip wizard installation | `false` |
| `wordpressExtraConfigContent` | Add extra content to the default wp-config.php file | `""` |
| `wordpressConfiguration` | The content for your custom wp-config.php file (advanced feature) | `""` |
| `existingWordPressConfigurationSecret` | The name of an existing secret with your custom wp-config.php file (advanced feature) | `""` |
| `wordpressConfigureCache` | Enable W3 Total Cache plugin and configure cache settings | `false` |
| `wordpressPlugins` | Array of plugins to install and activate. Can be specified as `all` or `none`. | `none` |
| `apacheConfiguration` | The content for your custom httpd.conf file (advanced feature) | `""` |
| `existingApacheConfigurationConfigMap` | The name of an existing secret with your custom httpd.conf file (advanced feature) | `""` |
| `customPostInitScripts` | Custom post-init.d user scripts | `{}` |
| `smtpHost` | SMTP server host | `""` |
| `smtpPort` | SMTP server port | `""` |
| `smtpUser` | SMTP username | `""` |
| `smtpPassword` | SMTP user password | `""` |
| `smtpProtocol` | SMTP protocol | `""` |
| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` |
| `allowEmptyPassword` | Allow the container to be started with blank passwords | `true` |
| `allowOverrideNone` | Configure Apache to prohibit overriding directives with htaccess files | `false` |
| `overrideDatabaseSettings` | Allow overriding the database settings persisted in wp-config.php | `false` |
| `htaccessPersistenceEnabled` | Persist custom changes on htaccess files | `false` |
| `customHTAccessCM` | The name of an existing ConfigMap with custom htaccess rules | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Array with extra environment variables to add to the WordPress container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
### WordPress Multisite Configuration parameters
| Name | Description | Value |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| `multisite.enable` | Whether to enable WordPress Multisite configuration. | `false` |
| `multisite.host` | WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. | `""` |
| `multisite.networkType` | WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. | `subdomain` |
| `multisite.enableNipIoRedirect` | Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. | `false` |
### WordPress deployment parameters
| Name | Description | Value |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of WordPress replicas to deploy | `1` |
| `updateStrategy.type` | WordPress deployment strategy type | `RollingUpdate` |
| `schedulerName` | Alternate scheduler | `""` |
| `terminationGracePeriodSeconds` | In seconds, time given to the WordPress pod to terminate gracefully | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `priorityClassName` | Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand | `""` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `hostAliases` | WordPress pod host aliases | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes for WordPress pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for WordPress container(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the WordPress pod | `[]` |
| `initContainers` | Add additional init containers to the WordPress pods | `[]` |
| `podLabels` | Extra labels for WordPress pods | `{}` |
| `podAnnotations` | Annotations for WordPress pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `containerPorts.http` | WordPress HTTP container port | `8080` |
| `containerPorts.https` | WordPress HTTPS container port | `8443` |
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe on WordPress containers | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe on WordPress containers | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `lifecycleHooks` | for the WordPress container(s) to automate configuration before or after startup | `{}` |
### Traffic Exposure Parameters
| Name | Description | Value |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| `service.type` | WordPress service type | `LoadBalancer` |
| `service.ports.http` | WordPress service HTTP port | `80` |
| `service.ports.https` | WordPress service HTTPS port | `443` |
| `service.httpsTargetPort` | Target port for HTTPS | `https` |
| `service.nodePorts.http` | Node port for HTTP | `""` |
| `service.nodePorts.https` | Node port for HTTPS | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | WordPress service Cluster IP | `""` |
| `service.loadBalancerIP` | WordPress service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | WordPress service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | WordPress service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for WordPress service | `{}` |
| `service.extraPorts` | Extra port to expose on WordPress service | `[]` |
| `ingress.enabled` | Enable ingress record generation for WordPress | `false` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.hostname` | Default host for the ingress record. The hostname is templated and thus can contain other variable references. | `wordpress.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.tlsWwwPrefix` | Adds www subdomain to default cert | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record. The host names are templated and thus can contain other variable references. | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
### Persistence Parameters
| Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` |
| `persistence.storageClass` | Persistent Volume storage class | `""` |
| `persistence.accessModes` | Persistent Volume access modes | `[]` |
| `persistence.accessMode` | Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) | `ReadWriteOnce` |
| `persistence.size` | Persistent Volume size | `10Gi` |
| `persistence.dataSource` | Custom PVC data source | `{}` |
| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` |
| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Other Parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `pdb.create` | Enable a Pod Disruption Budget creation | `false` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `autoscaling.enabled` | Enable Horizontal POD autoscaling for WordPress | `false` |
| `autoscaling.minReplicas` | Minimum number of WordPress replicas | `1` |
| `autoscaling.maxReplicas` | Maximum number of WordPress replicas | `11` |
| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` |
| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` |
### Metrics Parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Apache exporter image repository | `REPOSITORY_NAME/apache-exporter` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
| `metrics.containerPorts.metrics` | Prometheus exporter container port | `9117` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus exporter containers | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus exporter containers | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus exporter containers | `false` |
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.service.ports.metrics` | Prometheus metrics service port | `9150` |
| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
### NetworkPolicy parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------- | ------ |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Database Parameters
| Name | Description | Value |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` |
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
| `mariadb.auth.rootPassword` | MariaDB root password | `""` |
| `mariadb.auth.database` | MariaDB custom database | `bitnami_wordpress` |
| `mariadb.auth.username` | MariaDB custom user name | `bn_wordpress` |
| `mariadb.auth.password` | MariaDB custom user password | `""` |
| `mariadb.primary.persistence.enabled` | Enable persistence on MariaDB using PVC(s) | `true` |
| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class | `""` |
| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` |
| `mariadb.primary.persistence.size` | Persistent Volume size | `8Gi` |
| `mariadb.primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` |
| `mariadb.primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `externalDatabase.host` | External Database server host | `localhost` |
| `externalDatabase.port` | External Database server port | `3306` |
| `externalDatabase.user` | External Database username | `bn_wordpress` |
| `externalDatabase.password` | External Database user password | `""` |
| `externalDatabase.database` | External Database database name | `bitnami_wordpress` |
| `externalDatabase.existingSecret` | The name of an existing secret with database credentials. Evaluated as a template | `""` |
| `memcached.enabled` | Deploy a Memcached server for caching database queries | `false` |
| `memcached.auth.enabled` | Enable Memcached authentication | `false` |
| `memcached.auth.username` | Memcached admin user | `""` |
| `memcached.auth.password` | Memcached admin password | `""` |
| `memcached.auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` |
| `memcached.service.port` | Memcached service port | `11211` |
| `memcached.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
| `memcached.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `externalCache.host` | External cache server host | `localhost` |
| `externalCache.port` | External cache server port | `11211` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set wordpressUsername=admin \
--set wordpressPassword=password \
--set mariadb.auth.rootPassword=secretpassword \
oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/wordpress
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/wordpress/values.yaml)
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@ -630,6 +617,18 @@ To enable the new features, it is not possible to do it by upgrading an existing
## Upgrading
### To 21.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
- The `networkPolicy` section has been normalized amongst all Bitnami charts. Compared to the previous approach, the values section has been simplified (check the Parameters section) and now it set to `enabled=true` by default. Egress traffic is allowed by default and ingress traffic is allowed by all pods but only to the ports set in `containerPorts` and `extraContainerPorts`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 20.0.0
This major release bumps the and MariaDB chart version to [16.x.x](https://github.com/bitnami/charts/pull/23054); no major issues are expected during the upgrade.

6
charts/bitnami/wordpress/charts/mariadb/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T14:35:54.482130622+01:00"
version: 2.19.0
digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
generated: "2024-03-08T11:25:32.224991562+01:00"

2
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -33,4 +33,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 16.5.0
version: 17.0.1

765
charts/bitnami/wordpress/charts/mariadb/README.md
View File

@ -44,388 +44,6 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `global.imageRegistry` | Global Docker Image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global storage class for dynamic provisioning | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
### Common parameters
| Name | Description | Value |
| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override mariadb.fullname | `""` |
| `fullnameOverride` | String to fully override mariadb.fullname | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `image.registry` | MariaDB image registry | `REGISTRY_NAME` |
| `image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.containerPorts.mysql` | Container port for mysql | `3306` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB primary container | `0` |
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `none` |
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.containerPorts.mysql` | Container port for mysql | `3306` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB secondary container | `0` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `none` |
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | -------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` |
| `serviceAccount.name` | Name of the created ServiceAccount | `""` |
| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
| `rbac.create` | Whether to create and use RBAC resources or not | `false` |
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Metrics parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Exporter image repository | `REPOSITORY_NAME/mysqld-exporter` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerPorts.http` | Container port for http | `9104` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MariaDB metrics container | `0` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------- | ------ |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
| `networkPolicy.allowExternal` | The Policy model to apply | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mariadb/values.yaml)
## Configuration and installation details
### Resource requests and limits
@ -522,6 +140,378 @@ By default, the chart is configured to use Kubernetes Security Context to automa
As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `global.imageRegistry` | Global Docker Image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global storage class for dynamic provisioning | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
| Name | Description | Value |
| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override mariadb.fullname | `""` |
| `fullnameOverride` | String to fully override mariadb.fullname | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `image.registry` | MariaDB image registry | `REGISTRY_NAME` |
| `image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.containerPorts.mysql` | Container port for mysql | `3306` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` |
| `primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.containerPorts.mysql` | Container port for mysql | `3306` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `secondary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `secondary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsGroup` | Group ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if secondary.resources is set (secondary.resources is recommended for production). | `micro` |
| `secondary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | -------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` |
| `serviceAccount.name` | Name of the created ServiceAccount | `""` |
| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
| `rbac.create` | Whether to create and use RBAC resources or not | `false` |
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Metrics parameters
| Name | Description | Value |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Exporter image repository | `REPOSITORY_NAME/mysqld-exporter` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerPorts.http` | Container port for http | `9104` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Group ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------- | ------ |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` |
| `networkPolicy.allowExternal` | The Policy model to apply | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mariadb/values.yaml)
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@ -538,6 +528,17 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mariadb --set auth.r
| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
### To 17.0.0
This major bump changes the following security defaults:
- `runAsGroup` is changed from `0` to `1001`
- `readOnlyRootFilesystem` is set to `true`
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
### To 16.0.0
This section enables NetworkPolicies by default to increase security of the application. It also adapts the values in the `networkPolicy` section to the current Bitnami standards. The removed sections are `networkPolicy.metrics.*`, `networkPolicy.ingressRules.*` and `networkPolicy.egressRules.*`. Check the Parameters table for the new structure.

4
charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.18.0
appVersion: 2.19.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.18.0
version: 2.19.0

Some files were not shown because too many files have changed in this diff Show More