612 lines
17 KiB
YAML
612 lines
17 KiB
YAML
# Default values for pxc-cluster.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
finalizers:
|
|
- delete-pxc-pods-in-order
|
|
## Set this if you want to delete proxysql persistent volumes on cluster deletion
|
|
- delete-proxysql-pvc
|
|
## Set this if you want to delete database persistent volumes on cluster deletion
|
|
- delete-pxc-pvc
|
|
## Set this if you want to delete cert manager certificates on cluster deletion
|
|
# - delete-ssl
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
operatorImageRepository: percona/percona-xtradb-cluster-operator
|
|
|
|
crVersion: 1.12.0
|
|
ignoreAnnotations: []
|
|
# - iam.amazonaws.com/role
|
|
ignoreLabels: []
|
|
# - rack
|
|
pause: false
|
|
initImage: ""
|
|
allowUnsafeConfigurations: false
|
|
updateStrategy: SmartUpdate
|
|
upgradeOptions:
|
|
versionServiceEndpoint: https://check.percona.com
|
|
apply: disabled
|
|
schedule: "0 4 * * *"
|
|
enableCRValidationWebhook: false
|
|
tls: {}
|
|
# SANs:
|
|
# - pxc-1.example.com
|
|
# - pxc-2.example.com
|
|
# - pxc-3.example.com
|
|
# issuerConf:
|
|
# name: special-selfsigned-issuer
|
|
# kind: ClusterIssuer
|
|
# group: cert-manager.io
|
|
|
|
pxc:
|
|
size: 3
|
|
image:
|
|
repository: percona/percona-xtradb-cluster
|
|
tag: 8.0.29-21.1
|
|
# imagePullPolicy: Always
|
|
autoRecovery: true
|
|
# expose:
|
|
# enabled: true
|
|
# type: LoadBalancer
|
|
# trafficPolicy: Local
|
|
# loadBalancerSourceRanges:
|
|
# - 10.0.0.0/8
|
|
# annotations:
|
|
# networking.gke.io/load-balancer-type: "Internal"
|
|
# replicationChannels:
|
|
# - name: pxc1_to_pxc2
|
|
# isSource: true
|
|
# - name: pxc2_to_pxc1
|
|
# isSource: false
|
|
# configuration:
|
|
# sourceRetryCount: 3
|
|
# sourceConnectRetry: 60
|
|
# ssl: false
|
|
# sslSkipVerify: true
|
|
# ca: '/etc/mysql/ssl/ca.crt'
|
|
# sourcesList:
|
|
# - host: 10.95.251.101
|
|
# port: 3306
|
|
# weight: 100
|
|
# schedulerName: mycustom-scheduler
|
|
imagePullSecrets: []
|
|
# - name: private-registry-credentials
|
|
annotations: {}
|
|
# iam.amazonaws.com/role: role-arn
|
|
labels: {}
|
|
# rack: rack-22
|
|
# priorityClassName: high-priority
|
|
readinessDelaySec: 15
|
|
livenessDelaySec: 300
|
|
## Uncomment to pass in a mysql config file
|
|
# configuration: |
|
|
# [mysqld]
|
|
# wsrep_debug=ON
|
|
# wsrep_provider_options="gcache.size=1G; gcache.recover=yes"
|
|
# envVarsSecret: my-env-var-secrets
|
|
resources:
|
|
requests:
|
|
memory: 1G
|
|
cpu: 600m
|
|
limits: {}
|
|
# memory: 1G
|
|
# cpu: 600m
|
|
# runtimeClassName: image-rc
|
|
sidecars: []
|
|
sidecarVolumes: []
|
|
sidecarPVCs: []
|
|
sidecarResources:
|
|
requests: {}
|
|
limits: {}
|
|
nodeSelector: {}
|
|
# disktype: ssd
|
|
affinity:
|
|
antiAffinityTopologyKey: "kubernetes.io/hostname"
|
|
# advanced:
|
|
# nodeAffinity:
|
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
|
# nodeSelectorTerms:
|
|
# - matchExpressions:
|
|
# - key: kubernetes.io/e2e-az-name
|
|
# operator: In
|
|
# values:
|
|
# - e2e-az1
|
|
# - e2e-az2
|
|
tolerations: []
|
|
# - key: "node.alpha.kubernetes.io/unreachable"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# tolerationSeconds: 6000
|
|
gracePeriod: 600
|
|
podDisruptionBudget:
|
|
# only one of maxUnavailable or minAvaliable can be set
|
|
maxUnavailable: 1
|
|
# minAvailable: 0
|
|
persistence:
|
|
enabled: false
|
|
# if persistence is enabled, you can specify a hostPath (not recommended)
|
|
# hostPath: /data/mysql
|
|
# otherwise you can specify values for a storage claim (default)
|
|
## percona data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
# If you set this to true the cluster will be created without TLS
|
|
disableTLS: false
|
|
|
|
# disable Helm creating TLS certificates if you want to let the operator
|
|
# request certificates from cert-manager
|
|
certManager: false
|
|
|
|
# If this is set will not create secrets from values and will instead try to use
|
|
# a pre-existing secret of the same name.
|
|
# clusterSecretName:
|
|
readinessProbes:
|
|
initialDelaySeconds: 15
|
|
timeoutSeconds: 15
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
livenessProbes:
|
|
initialDelaySeconds: 300
|
|
timeoutSeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
# A custom Kubernetes Security Context for a Container to be used instead of the default one
|
|
# containerSecurityContext:
|
|
# privileged: false
|
|
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
|
|
# podSecurityContext:
|
|
# fsGroup: 1001
|
|
# supplementalGroups:
|
|
# - 1001
|
|
# serviceAccountName: percona-xtradb-cluster-operator-workload
|
|
|
|
haproxy:
|
|
enabled: true
|
|
size: 3
|
|
image: ""
|
|
# imagePullPolicy: Always
|
|
imagePullSecrets: []
|
|
# - name: private-registry-credentials
|
|
# configuration: |
|
|
#
|
|
# the actual default configuration file can be found here https://github.com/percona/percona-docker/blob/main/haproxy/dockerdir/etc/haproxy/haproxy-global.cfg
|
|
#
|
|
# global
|
|
# maxconn 2048
|
|
# external-check
|
|
# insecure-fork-wanted
|
|
# stats socket /etc/haproxy/pxc/haproxy.sock mode 600 expose-fd listeners level admin
|
|
#
|
|
# defaults
|
|
# default-server init-addr last,libc,none
|
|
# log global
|
|
# mode tcp
|
|
# retries 10
|
|
# timeout client 28800s
|
|
# timeout connect 100500
|
|
# timeout server 28800s
|
|
#
|
|
# frontend galera-in
|
|
# bind *:3309 accept-proxy
|
|
# bind *:3306
|
|
# mode tcp
|
|
# option clitcpka
|
|
# default_backend galera-nodes
|
|
#
|
|
# frontend galera-admin-in
|
|
# bind *:33062
|
|
# mode tcp
|
|
# option clitcpka
|
|
# default_backend galera-admin-nodes
|
|
#
|
|
# frontend galera-replica-in
|
|
# bind *:3307
|
|
# mode tcp
|
|
# option clitcpka
|
|
# default_backend galera-replica-nodes
|
|
#
|
|
# frontend galera-mysqlx-in
|
|
# bind *:33060
|
|
# mode tcp
|
|
# option clitcpka
|
|
# default_backend galera-mysqlx-nodes
|
|
#
|
|
# frontend stats
|
|
# bind *:8404
|
|
# mode http
|
|
# option http-use-htx
|
|
# http-request use-service prometheus-exporter if { path /metrics }
|
|
annotations: {}
|
|
# iam.amazonaws.com/role: role-arn
|
|
labels: {}
|
|
# rack: rack-22
|
|
# serviceType: ClusterIP
|
|
# externalTrafficPolicy: Cluster
|
|
# runtimeClassName: image-rc
|
|
# loadBalancerSourceRanges:
|
|
# - 10.0.0.0/8
|
|
# loadBalancerIP: 127.0.0.1
|
|
# serviceAnnotations:
|
|
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
|
|
# serviceLabels:
|
|
# rack: rack-23
|
|
replicasServiceEnabled: true
|
|
# replicasLoadBalancerSourceRanges:
|
|
# - 10.0.0.0/8
|
|
# replicasLoadBalancerIP: 127.0.0.1
|
|
# replicasServiceType: ClusterIP
|
|
# replicasExternalTrafficPolicy: Cluster
|
|
# replicasServiceAnnotations:
|
|
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
|
|
# replicasServiceLabels:
|
|
# rack: rack-23
|
|
# priorityClassName: high-priority
|
|
# schedulerName: mycustom-scheduler
|
|
readinessDelaySec: 15
|
|
livenessDelaySec: 300
|
|
# envVarsSecret: my-env-var-secrets
|
|
resources:
|
|
requests:
|
|
memory: 1G
|
|
cpu: 600m
|
|
limits: {}
|
|
# memory: 1G
|
|
# cpu: 600m
|
|
sidecars: []
|
|
sidecarVolumes: []
|
|
sidecarPVCs: []
|
|
sidecarResources:
|
|
requests: {}
|
|
limits: {}
|
|
nodeSelector: {}
|
|
# disktype: ssd
|
|
# serviceAccountName: percona-xtradb-cluster-operator-workload
|
|
affinity:
|
|
antiAffinityTopologyKey: "kubernetes.io/hostname"
|
|
# advanced:
|
|
# nodeAffinity:
|
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
|
# nodeSelectorTerms:
|
|
# - matchExpressions:
|
|
# - key: kubernetes.io/e2e-az-name
|
|
# operator: In
|
|
# values:
|
|
# - e2e-az1
|
|
# - e2e-az2
|
|
tolerations: []
|
|
# - key: "node.alpha.kubernetes.io/unreachable"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# tolerationSeconds: 6000
|
|
gracePeriod: 30
|
|
# only one of `maxUnavailable` or `minAvailable` can be set.
|
|
podDisruptionBudget:
|
|
maxUnavailable: 1
|
|
# minAvailable: 0
|
|
readinessProbes:
|
|
initialDelaySeconds: 15
|
|
timeoutSeconds: 1
|
|
periodSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
livenessProbes:
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
failureThreshold: 4
|
|
# A custom Kubernetes Security Context for a Container to be used instead of the default one
|
|
# containerSecurityContext:
|
|
# privileged: false
|
|
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
|
|
# podSecurityContext:
|
|
# fsGroup: 1001
|
|
# supplementalGroups:
|
|
# - 1001
|
|
|
|
proxysql:
|
|
enabled: false
|
|
size: 3
|
|
image: ""
|
|
# imagePullPolicy: Always
|
|
imagePullSecrets: []
|
|
# configuration: |
|
|
# datadir="/var/lib/proxysql"
|
|
#
|
|
# admin_variables =
|
|
# {
|
|
# admin_credentials="proxyadmin:admin_password"
|
|
# mysql_ifaces="0.0.0.0:6032"
|
|
# refresh_interval=2000
|
|
#
|
|
# cluster_username="proxyadmin"
|
|
# cluster_password="admin_password"
|
|
# checksum_admin_variables=false
|
|
# checksum_ldap_variables=false
|
|
# checksum_mysql_variables=false
|
|
# cluster_check_interval_ms=200
|
|
# cluster_check_status_frequency=100
|
|
# cluster_mysql_query_rules_save_to_disk=true
|
|
# cluster_mysql_servers_save_to_disk=true
|
|
# cluster_mysql_users_save_to_disk=true
|
|
# cluster_proxysql_servers_save_to_disk=true
|
|
# cluster_mysql_query_rules_diffs_before_sync=1
|
|
# cluster_mysql_servers_diffs_before_sync=1
|
|
# cluster_mysql_users_diffs_before_sync=1
|
|
# cluster_proxysql_servers_diffs_before_sync=1
|
|
# }
|
|
#
|
|
# mysql_variables=
|
|
# {
|
|
# monitor_password="monitor"
|
|
# monitor_galera_healthcheck_interval=1000
|
|
# threads=2
|
|
# max_connections=2048
|
|
# default_query_delay=0
|
|
# default_query_timeout=10000
|
|
# poll_timeout=2000
|
|
# interfaces="0.0.0.0:3306"
|
|
# default_schema="information_schema"
|
|
# stacksize=1048576
|
|
# connect_timeout_server=10000
|
|
# monitor_history=60000
|
|
# monitor_connect_interval=20000
|
|
# monitor_ping_interval=10000
|
|
# ping_timeout_server=200
|
|
# commands_stats=true
|
|
# sessions_sort=true
|
|
# have_ssl=true
|
|
# ssl_p2s_ca="/etc/proxysql/ssl-internal/ca.crt"
|
|
# ssl_p2s_cert="/etc/proxysql/ssl-internal/tls.crt"
|
|
# ssl_p2s_key="/etc/proxysql/ssl-internal/tls.key"
|
|
# ssl_p2s_cipher="ECDHE-RSA-AES128-GCM-SHA256"
|
|
# }
|
|
# - name: private-registry-credentials
|
|
annotations: {}
|
|
# iam.amazonaws.com/role: role-arn
|
|
labels: {}
|
|
# rack: rack-22
|
|
# serviceType: ClusterIP
|
|
# externalTrafficPolicy: Cluster
|
|
# runtimeClassName: image-rc
|
|
# loadBalancerSourceRanges:
|
|
# - 10.0.0.0/8
|
|
# loadBalancerIP: 127.0.0.1
|
|
# serviceAnnotations:
|
|
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
|
|
# serviceLabels:
|
|
# rack: rack-23
|
|
# priorityClassName: high-priority
|
|
# schedulerName: mycustom-scheduler
|
|
readinessDelaySec: 15
|
|
livenessDelaySec: 300
|
|
# envVarsSecret: my-env-var-secrets
|
|
resources:
|
|
requests:
|
|
memory: 1G
|
|
cpu: 600m
|
|
limits: {}
|
|
# memory: 1G
|
|
# cpu: 600m
|
|
sidecars: []
|
|
sidecarVolumes: []
|
|
sidecarPVCs: []
|
|
sidecarResources:
|
|
requests: {}
|
|
limits: {}
|
|
nodeSelector: {}
|
|
# disktype: ssd
|
|
# serviceAccountName: percona-xtradb-cluster-operator-workload
|
|
affinity:
|
|
antiAffinityTopologyKey: "kubernetes.io/hostname"
|
|
# advanced:
|
|
# nodeAffinity:
|
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
|
# nodeSelectorTerms:
|
|
# - matchExpressions:
|
|
# - key: kubernetes.io/e2e-az-name
|
|
# operator: In
|
|
# values:
|
|
# - e2e-az1
|
|
# - e2e-az2
|
|
tolerations: []
|
|
# - key: "node.alpha.kubernetes.io/unreachable"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# tolerationSeconds: 6000
|
|
gracePeriod: 30
|
|
# only one of `maxUnavailable` or `minAvailable` can be set.
|
|
podDisruptionBudget:
|
|
maxUnavailable: 1
|
|
# minAvailable: 0
|
|
persistence:
|
|
enabled: true
|
|
# if persistence is enabled, you can specify a hostPath (not recommended)
|
|
# hostPath: /data/mysql
|
|
# otherwise you can specify values for a storage claim (default)
|
|
## percona data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 8Gi
|
|
# A custom Kubernetes Security Context for a Container to be used instead of the default one
|
|
# containerSecurityContext:
|
|
# privileged: false
|
|
# A custom Kubernetes Security Context for a Pod to be used instead of the default one
|
|
# podSecurityContext:
|
|
# fsGroup: 1001
|
|
# supplementalGroups:
|
|
# - 1001
|
|
|
|
logcollector:
|
|
enabled: true
|
|
image: ""
|
|
# imagePullPolicy: Always
|
|
imagePullSecrets: []
|
|
# configuration: |
|
|
# [OUTPUT]
|
|
# Name es
|
|
# Match *
|
|
# Host 192.168.2.3
|
|
# Port 9200
|
|
# Index my_index
|
|
# Type my_type
|
|
resources:
|
|
requests:
|
|
memory: 100M
|
|
cpu: 200m
|
|
limits: {}
|
|
|
|
pmm:
|
|
enabled: false
|
|
image:
|
|
repository: percona/pmm-client
|
|
tag: 2.32.0
|
|
# imagePullPolicy: Always
|
|
imagePullSecrets: []
|
|
serverHost: monitoring-service
|
|
serverUser: admin
|
|
resources:
|
|
requests:
|
|
memory: 150M
|
|
cpu: 300m
|
|
limits: {}
|
|
|
|
backup:
|
|
enabled: true
|
|
image: ""
|
|
# serviceAccountName: percona-xtradb-cluster-operator
|
|
# imagePullPolicy: Always
|
|
imagePullSecrets: []
|
|
# - name: private-registry-credentials
|
|
pitr:
|
|
enabled: false
|
|
storageName: s3-us-west-binlogs
|
|
timeBetweenUploads: 60
|
|
resources:
|
|
requests: {}
|
|
limits: {}
|
|
storages:
|
|
fs-pvc:
|
|
type: filesystem
|
|
volume:
|
|
persistentVolumeClaim:
|
|
# storageClassName: standard
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 6Gi
|
|
# s3-us-west:
|
|
# type: s3
|
|
# verifyTLS: true
|
|
# nodeSelector:
|
|
# storage: tape
|
|
# backupWorker: 'True'
|
|
# resources:
|
|
# requests:
|
|
# memory: 1G
|
|
# cpu: 600m
|
|
# affinity:
|
|
# nodeAffinity:
|
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
|
# nodeSelectorTerms:
|
|
# - matchExpressions:
|
|
# - key: backupWorker
|
|
# operator: In
|
|
# values:
|
|
# - 'True'
|
|
# tolerations:
|
|
# - key: "backupWorker"
|
|
# operator: "Equal"
|
|
# value: "True"
|
|
# effect: "NoSchedule"
|
|
# annotations:
|
|
# testName: scheduled-backup
|
|
# labels:
|
|
# backupWorker: 'True'
|
|
# schedulerName: 'default-scheduler'
|
|
# priorityClassName: 'high-priority'
|
|
# containerSecurityContext:
|
|
# privileged: true
|
|
# podSecurityContext:
|
|
# fsGroup: 1001
|
|
# supplementalGroups: [1001, 1002, 1003]
|
|
# s3:
|
|
# bucket: S3-BACKUP-BUCKET-NAME-HERE
|
|
# # Use credentialsSecret OR credentialsAccessKey/credentialsSecretKey
|
|
# credentialsSecret: my-cluster-name-backup-s3
|
|
# #credentialsAccessKey: REPLACE-WITH-AWS-ACCESS-KEY
|
|
# #credentialsSecretKey: REPLACE-WITH-AWS-SECRET-KEY
|
|
# region: us-west-2
|
|
# endpointUrl: https://sfo2.digitaloceanspaces.com
|
|
# s3-us-west-binlogs:
|
|
# type: s3
|
|
# s3:
|
|
# bucket: S3-BACKUP-BUCKET-NAME-HERE/DIRECTORY
|
|
# credentialsSecret: my-cluster-name-backup-s3
|
|
# region: us-west-2
|
|
# endpointUrl: https://sfo2.digitaloceanspaces.com
|
|
# azure-blob:
|
|
# type: azure
|
|
# azure:
|
|
# credentialsSecret: azure-secret
|
|
# container: test
|
|
# endpointUrl: https://accountName.blob.core.windows.net
|
|
# storageClass: Hot
|
|
|
|
schedule:
|
|
- name: "daily-backup"
|
|
schedule: "0 0 * * *"
|
|
keep: 5
|
|
storageName: fs-pvc
|
|
# - name: "sat-night-backup"
|
|
# schedule: "0 0 * * 6"
|
|
# keep: 3
|
|
# storageName: s3-us-west
|
|
|
|
secrets:
|
|
## You should be overriding these with your own or specify name for clusterSecretName.
|
|
passwords:
|
|
root: insecure-root-password
|
|
xtrabackup: insecure-xtrabackup-password
|
|
monitor: insecure-monitor-password
|
|
clustercheck: insecure-clustercheck-password
|
|
proxyadmin: insecure-proxyadmin-password
|
|
pmmserver: insecure-pmmserver-password
|
|
# If pmmserverkey is set in that case pmmserver pass will not be included
|
|
# pmmserverkey: set-pmmserver-api-key
|
|
operator: insecure-operator-password
|
|
replication: insecure-replication-password
|
|
## If you are using `cert-manager` you can skip this next section.
|
|
tls: {}
|
|
# This should be the name of a secret that contains certificates.
|
|
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
|
|
# If not set the Helm chart will attempt to create certificates
|
|
# for you [not recommended for prod]:
|
|
# cluster:
|
|
|
|
# This should be the name of a secret that contains certificates.
|
|
# it should have the following keys: `ca.crt`, `tls.crt`, `tls.key`
|
|
# If not set the Helm chart will attempt to create certificates
|
|
# for you [not recommended for prod]:
|
|
# internal:
|
|
# logCollector: cluster1-log-collector-secrets
|
|
# vault: keyring-secret-vault
|