# Default values for pxc-cluster.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
finalizers:
- delete-pxc-pods-in-order
## Set this if you want to delete proxysql persistent volumes on cluster deletion
- delete-proxysql-pvc
## Set this if you want to delete database persistent volumes on cluster deletion
- delete-pxc-pvc
## Set this if you want to delete cert manager certificates on cluster deletion
# - delete-ssl
nameOverride: ""
fullnameOverride: ""
operatorImageRepository: percona/percona-xtradb-cluster-operator
crVersion: 1.12.0
ignoreAnnotations: []
# - iam.amazonaws.com/role
ignoreLabels: []
# - rack
pause: false
initImage: ""
allowUnsafeConfigurations: false
updateStrategy: SmartUpdate
upgradeOptions:
versionServiceEndpoint: https://check.percona.com
apply: disabled
schedule: "0 4 * * *"
enableCRValidationWebhook: false
tls: {}
# SANs:
# - pxc-1.example.com
# - pxc-2.example.com
# - pxc-3.example.com
# issuerConf:
# name: special-selfsigned-issuer
# kind: ClusterIssuer
# group: cert-manager.io
pxc:
size: 3
image:
repository: percona/percona-xtradb-cluster
tag: 8.0.29-21.1
# imagePullPolicy: Always
autoRecovery: true
# expose:
# enabled: true
# type: LoadBalancer
# trafficPolicy: Local
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# annotations:
# networking.gke.io/load-balancer-type: "Internal"
# replicationChannels:
# - name: pxc1_to_pxc2
# isSource: true
# - name: pxc2_to_pxc1
# isSource: false
# configuration:
# sourceRetryCount: 3
# sourceConnectRetry: 60
# ssl: false
# sslSkipVerify: true
# ca: '/etc/mysql/ssl/ca.crt'
# sourcesList:
# - host: 10.95.251.101
# port: 3306
# weight: 100
# schedulerName: mycustom-scheduler
imagePullSecrets: []
# - name: private-registry-credentials
annotations: {}
# iam.amazonaws.com/role: role-arn
labels: {}
# rack: rack-22
# priorityClassName: high-priority
readinessDelaySec: 15
livenessDelaySec: 300
## Uncomment to pass in a mysql config file
# configuration: |
# [mysqld]
# wsrep_debug=ON
# wsrep_provider_options="gcache.size=1G; gcache.recover=yes"
# envVarsSecret: my-env-var-secrets
resources:
requests:
memory: 1G
cpu: 600m
limits: {}
# memory: 1G
# cpu: 600m
# runtimeClassName: image-rc
sidecars: []
sidecarVolumes: []
sidecarPVCs: []
sidecarResources:
requests: {}
limits: {}
nodeSelector: {}
# disktype: ssd
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
tolerations: []
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
gracePeriod: 600
podDisruptionBudget:
# only one of maxUnavailable or minAvaliable can be set
maxUnavailable: 1
# minAvailable: 0
persistence:
enabled: false
# if persistence is enabled, you can specify a hostPath (not recommended)
# hostPath: /data/mysql
# otherwise you can specify values for a storage claim (default)
## percona data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
# If you set this to true the cluster will be created without TLS
disableTLS: false
# disable Helm creating TLS certificates if you want to let the operator
# request certificates from cert-manager
certManager: false
# If this is set will not create secrets from values and will instead try to use
# a pre-existing secret of the same name.
# clusterSecretName:
readinessProbes:
initialDelaySeconds: 15
timeoutSeconds: 15
periodSeconds: 30
successThreshold: 1
failureThreshold: 5
livenessProbes:
initialDelaySeconds: 300
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# A custom Kubernetes Security Context for a Container to be used instead of the default one
# containerSecurityContext:
# privileged: false
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
# podSecurityContext:
# fsGroup: 1001
# supplementalGroups:
# - 1001
# serviceAccountName: percona-xtradb-cluster-operator-workload
haproxy:
enabled: true
size: 3
image: ""
# imagePullPolicy: Always
imagePullSecrets: []
# - name: private-registry-credentials
# configuration: |
#
# the actual default configuration file can be found here https://github.com/percona/percona-docker/blob/main/haproxy/dockerdir/etc/haproxy/haproxy-global.cfg
#
# global
# maxconn 2048
# external-check
# insecure-fork-wanted
# stats socket /etc/haproxy/pxc/haproxy.sock mode 600 expose-fd listeners level admin
#
# defaults
# default-server init-addr last,libc,none
# log global
# mode tcp
# retries 10
# timeout client 28800s
# timeout connect 100500
# timeout server 28800s
#
# frontend galera-in
# bind *:3309 accept-proxy
# bind *:3306
# mode tcp
# option clitcpka
# default_backend galera-nodes
#
# frontend galera-admin-in
# bind *:33062
# mode tcp
# option clitcpka
# default_backend galera-admin-nodes
#
# frontend galera-replica-in
# bind *:3307
# mode tcp
# option clitcpka
# default_backend galera-replica-nodes
#
# frontend galera-mysqlx-in
# bind *:33060
# mode tcp
# option clitcpka
# default_backend galera-mysqlx-nodes
#
# frontend stats
# bind *:8404
# mode http
# option http-use-htx
# http-request use-service prometheus-exporter if { path /metrics }
annotations: {}
# iam.amazonaws.com/role: role-arn
labels: {}
# rack: rack-22
# serviceType: ClusterIP
# externalTrafficPolicy: Cluster
# runtimeClassName: image-rc
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# loadBalancerIP: 127.0.0.1
# serviceAnnotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# serviceLabels:
# rack: rack-23
replicasServiceEnabled: true
# replicasLoadBalancerSourceRanges:
# - 10.0.0.0/8
# replicasLoadBalancerIP: 127.0.0.1
# replicasServiceType: ClusterIP
# replicasExternalTrafficPolicy: Cluster
# replicasServiceAnnotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# replicasServiceLabels:
# rack: rack-23
# priorityClassName: high-priority
# schedulerName: mycustom-scheduler
readinessDelaySec: 15
livenessDelaySec: 300
# envVarsSecret: my-env-var-secrets
resources:
requests:
memory: 1G
cpu: 600m
limits: {}
# memory: 1G
# cpu: 600m
sidecars: []
sidecarVolumes: []
sidecarPVCs: []
sidecarResources:
requests: {}
limits: {}
nodeSelector: {}
# disktype: ssd
# serviceAccountName: percona-xtradb-cluster-operator-workload
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
tolerations: []
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
gracePeriod: 30
# only one of `maxUnavailable` or `minAvailable` can be set.
podDisruptionBudget:
maxUnavailable: 1
# minAvailable: 0
readinessProbes:
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
livenessProbes:
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 30
successThreshold: 1
failureThreshold: 4
# A custom Kubernetes Security Context for a Container to be used instead of the default one
# containerSecurityContext:
# privileged: false
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
# podSecurityContext:
# fsGroup: 1001
# supplementalGroups:
# - 1001
proxysql:
enabled: false
size: 3
image: ""
# imagePullPolicy: Always
imagePullSecrets: []
# configuration: |
# datadir="/var/lib/proxysql"
#
# admin_variables =
# {
# admin_credentials="proxyadmin:admin_password"
# mysql_ifaces="0.0.0.0:6032"
# refresh_interval=2000
#
# cluster_username="proxyadmin"
# cluster_password="admin_password"
# checksum_admin_variables=false
# checksum_ldap_variables=false
# checksum_mysql_variables=false
# cluster_check_interval_ms=200
# cluster_check_status_frequency=100
# cluster_mysql_query_rules_save_to_disk=true
# cluster_mysql_servers_save_to_disk=true
# cluster_mysql_users_save_to_disk=true
# cluster_proxysql_servers_save_to_disk=true
# cluster_mysql_query_rules_diffs_before_sync=1
# cluster_mysql_servers_diffs_before_sync=1
# cluster_mysql_users_diffs_before_sync=1
# cluster_proxysql_servers_diffs_before_sync=1
# }
#
# mysql_variables=
# {
# monitor_password="monitor"
# monitor_galera_healthcheck_interval=1000
# threads=2
# max_connections=2048
# default_query_delay=0
# default_query_timeout=10000
# poll_timeout=2000
# interfaces="0.0.0.0:3306"
# default_schema="information_schema"
# stacksize=1048576
# connect_timeout_server=10000
# monitor_history=60000
# monitor_connect_interval=20000
# monitor_ping_interval=10000
# ping_timeout_server=200
# commands_stats=true
# sessions_sort=true
# have_ssl=true
# ssl_p2s_ca="/etc/proxysql/ssl-internal/ca.crt"
# ssl_p2s_cert="/etc/proxysql/ssl-internal/tls.crt"
# ssl_p2s_key="/etc/proxysql/ssl-internal/tls.key"
# ssl_p2s_cipher="ECDHE-RSA-AES128-GCM-SHA256"
# }
# - name: private-registry-credentials
annotations: {}
# iam.amazonaws.com/role: role-arn
labels: {}
# rack: rack-22
# serviceType: ClusterIP
# externalTrafficPolicy: Cluster
# runtimeClassName: image-rc
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# loadBalancerIP: 127.0.0.1
# serviceAnnotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# serviceLabels:
# rack: rack-23
# priorityClassName: high-priority
# schedulerName: mycustom-scheduler
readinessDelaySec: 15
livenessDelaySec: 300
# envVarsSecret: my-env-var-secrets
resources:
requests:
memory: 1G
cpu: 600m
limits: {}
# memory: 1G
# cpu: 600m
sidecars: []
sidecarVolumes: []
sidecarPVCs: []
sidecarResources:
requests: {}
limits: {}
nodeSelector: {}
# disktype: ssd
# serviceAccountName: percona-xtradb-cluster-operator-workload
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
tolerations: []
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
gracePeriod: 30
# only one of `maxUnavailable` or `minAvailable` can be set.
podDisruptionBudget:
maxUnavailable: 1
# minAvailable: 0
persistence:
enabled: true
# if persistence is enabled, you can specify a hostPath (not recommended)
# hostPath: /data/mysql
# otherwise you can specify values for a storage claim (default)
## percona data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
# A custom Kubernetes Security Context for a Container to be used instead of the default one
# containerSecurityContext:
# privileged: false
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
# podSecurityContext:
# fsGroup: 1001
# supplementalGroups:
# - 1001
logcollector:
enabled: true
image: ""
# imagePullPolicy: Always
imagePullSecrets: []
# configuration: |
# [OUTPUT]
# Name es
# Match *
# Host 192.168.2.3
# Port 9200
# Index my_index
# Type my_type
resources:
requests:
memory: 100M
cpu: 200m
limits: {}
pmm:
enabled: false
image:
repository: percona/pmm-client
tag: 2.32.0
# imagePullPolicy: Always
imagePullSecrets: []
serverHost: monitoring-service
serverUser: admin
resources:
requests:
memory: 150M
cpu: 300m
limits: {}
backup:
enabled: true
image: ""
# serviceAccountName: percona-xtradb-cluster-operator
# imagePullPolicy: Always
imagePullSecrets: []
# - name: private-registry-credentials
pitr:
enabled: false
storageName: s3-us-west-binlogs
timeBetweenUploads: 60
resources:
requests: {}
limits: {}
storages:
fs-pvc:
type: filesystem
volume:
persistentVolumeClaim:
# storageClassName: standard
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 6Gi
# s3-us-west:
# type: s3
# verifyTLS: true
# nodeSelector:
# storage: tape
# backupWorker: 'True'
# resources:
# requests:
# memory: 1G
# cpu: 600m
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: backupWorker
# operator: In
# values:
# - 'True'
# tolerations:
# - key: "backupWorker"
# operator: "Equal"
# value: "True"
# effect: "NoSchedule"
# annotations:
# testName: scheduled-backup
# labels:
# backupWorker: 'True'
# schedulerName: 'default-scheduler'
# priorityClassName: 'high-priority'
# containerSecurityContext:
# privileged: true
# podSecurityContext:
# fsGroup: 1001
# supplementalGroups: [1001, 1002, 1003]
# s3:
# bucket: S3-BACKUP-BUCKET-NAME-HERE
# # Use credentialsSecret OR credentialsAccessKey/credentialsSecretKey
# credentialsSecret: my-cluster-name-backup-s3
# #credentialsAccessKey: REPLACE-WITH-AWS-ACCESS-KEY
# #credentialsSecretKey: REPLACE-WITH-AWS-SECRET-KEY
# region: us-west-2
# endpointUrl: https://sfo2.digitaloceanspaces.com
# s3-us-west-binlogs:
# type: s3
# s3:
# bucket: S3-BACKUP-BUCKET-NAME-HERE/DIRECTORY
# credentialsSecret: my-cluster-name-backup-s3
# region: us-west-2
# endpointUrl: https://sfo2.digitaloceanspaces.com
# azure-blob:
# type: azure
# azure:
# credentialsSecret: azure-secret
# container: test
# endpointUrl: https://accountName.blob.core.windows.net
# storageClass: Hot
schedule:
- name: "daily-backup"
schedule: "0 0 * * *"
keep: 5
storageName: fs-pvc
# - name: "sat-night-backup"
# schedule: "0 0 * * 6"
# keep: 3
# storageName: s3-us-west
secrets:
## You should be overriding these with your own or specify name for clusterSecretName.
passwords:
root: insecure-root-password
xtrabackup: insecure-xtrabackup-password
monitor: insecure-monitor-password
clustercheck: insecure-clustercheck-password
proxyadmin: insecure-proxyadmin-password
pmmserver: insecure-pmmserver-password
# If pmmserverkey is set in that case pmmserver pass will not be included
# pmmserverkey: set-pmmserver-api-key
operator: insecure-operator-password
replication: insecure-replication-password
## If you are using `cert-manager` you can skip this next section.
tls: {}
# This should be the name of a secret that contains certificates.
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
# If not set the Helm chart will attempt to create certificates
# for you [not recommended for prod]:
# cluster:
# This should be the name of a secret that contains certificates.
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
# If not set the Helm chart will attempt to create certificates
# for you [not recommended for prod]:
# internal:
# logCollector: cluster1-log-collector-secrets
# vault: keyring-secret-vault