github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/helm/test/mysql/templates/secondary/statefulset.yaml (about) 1 {{- if eq .Values.architecture "replication" }} 2 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} 3 kind: StatefulSet 4 metadata: 5 name: {{ include "mysql.secondary.fullname" . }} 6 namespace: {{ .Release.Namespace }} 7 labels: {{- include "common.labels.standard" . | nindent 4 }} 8 app.kubernetes.io/component: secondary 9 {{- if .Values.commonLabels }} 10 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 11 {{- end }} 12 {{- if .Values.secondary.podLabels }} 13 {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 4 }} 14 {{- end }} 15 {{- if .Values.commonAnnotations }} 16 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 17 {{- end }} 18 spec: 19 replicas: {{ .Values.secondary.replicaCount }} 20 selector: 21 matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} 22 app.kubernetes.io/component: secondary 23 serviceName: {{ include "mysql.secondary.fullname" . }} 24 updateStrategy: 25 type: {{ .Values.secondary.updateStrategy }} 26 {{- if (eq "Recreate" .Values.secondary.updateStrategy) }} 27 rollingUpdate: null 28 {{- else if .Values.secondary.rollingUpdatePartition }} 29 rollingUpdate: 30 partition: {{ .Values.secondary.rollingUpdatePartition }} 31 {{- end }} 32 template: 33 metadata: 34 annotations: 35 {{- if (include "mysql.secondary.createConfigmap" .) }} 36 checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} 37 {{- end }} 38 {{- if .Values.secondary.podAnnotations }} 39 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} 40 {{- end }} 41 labels: {{- include "common.labels.standard" . | nindent 8 }} 42 app.kubernetes.io/component: secondary 43 {{- if .Values.commonLabels }} 44 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} 45 {{- end }} 46 {{- if .Values.secondary.podLabels }} 47 {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 8 }} 48 {{- end }} 49 spec: 50 {{- include "mysql.imagePullSecrets" . | nindent 6 }} 51 {{- if .Values.secondary.hostAliases }} 52 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} 53 {{- end }} 54 {{- if .Values.schedulerName }} 55 schedulerName: {{ .Values.schedulerName | quote }} 56 {{- end }} 57 serviceAccountName: {{ include "mysql.serviceAccountName" . }} 58 {{- if .Values.secondary.affinity }} 59 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} 60 {{- else }} 61 affinity: 62 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "context" $) | nindent 10 }} 63 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "context" $) | nindent 10 }} 64 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} 65 {{- end }} 66 {{- if .Values.secondary.nodeSelector }} 67 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} 68 {{- end }} 69 {{- if .Values.secondary.tolerations }} 70 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} 71 {{- end }} 72 {{- if .Values.priorityClassName }} 73 priorityClassName: {{ .Values.priorityClassName | quote }} 74 {{- end }} 75 {{- if .Values.secondary.podSecurityContext.enabled }} 76 securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} 77 {{- end }} 78 {{- if or .Values.secondary.initContainers (and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled) }} 79 initContainers: 80 {{- if .Values.secondary.initContainers }} 81 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} 82 {{- end }} 83 {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} 84 - name: volume-permissions 85 image: {{ include "mysql.volumePermissions.image" . }} 86 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} 87 command: 88 - /bin/bash 89 - -ec 90 - | 91 chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mysql 92 securityContext: 93 runAsUser: 0 94 {{- if .Values.volumePermissions.resources }} 95 resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} 96 {{- end }} 97 volumeMounts: 98 - name: data 99 mountPath: /bitnami/mysql 100 {{- end }} 101 {{- end }} 102 containers: 103 - name: mysql 104 image: {{ include "mysql.image" . }} 105 imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 106 {{- if .Values.secondary.containerSecurityContext.enabled }} 107 securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} 108 {{- end }} 109 {{- if .Values.diagnosticMode.enabled }} 110 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} 111 {{- else if .Values.secondary.command }} 112 command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} 113 {{- end }} 114 {{- if .Values.diagnosticMode.enabled }} 115 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} 116 {{- else if .Values.secondary.args }} 117 args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} 118 {{- end }} 119 env: 120 - name: BITNAMI_DEBUG 121 value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} 122 - name: MYSQL_REPLICATION_MODE 123 value: "slave" 124 - name: MYSQL_MASTER_HOST 125 value: {{ include "mysql.primary.fullname" . }} 126 - name: MYSQL_MASTER_PORT_NUMBER 127 value: {{ .Values.primary.service.port | quote }} 128 - name: MYSQL_MASTER_ROOT_USER 129 value: "root" 130 - name: MYSQL_REPLICATION_USER 131 value: {{ .Values.auth.replicationUser | quote }} 132 {{- if .Values.auth.usePasswordFiles }} 133 - name: MYSQL_MASTER_ROOT_PASSWORD_FILE 134 value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} 135 - name: MYSQL_REPLICATION_PASSWORD_FILE 136 value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} 137 {{- else }} 138 - name: MYSQL_MASTER_ROOT_PASSWORD 139 valueFrom: 140 secretKeyRef: 141 name: {{ template "mysql.secretName" . }} 142 key: mysql-root-password 143 - name: MYSQL_REPLICATION_PASSWORD 144 valueFrom: 145 secretKeyRef: 146 name: {{ template "mysql.secretName" . }} 147 key: mysql-replication-password 148 {{- end }} 149 {{- if .Values.secondary.extraFlags }} 150 - name: MYSQL_EXTRA_FLAGS 151 value: "{{ .Values.secondary.extraFlags }}" 152 {{- end }} 153 {{- if .Values.secondary.extraEnvVars }} 154 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} 155 {{- end }} 156 {{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }} 157 envFrom: 158 {{- if .Values.secondary.extraEnvVarsCM }} 159 - configMapRef: 160 name: {{ .Values.secondary.extraEnvVarsCM }} 161 {{- end }} 162 {{- if .Values.secondary.extraEnvVarsSecret }} 163 - secretRef: 164 name: {{ .Values.secondary.extraEnvVarsSecret }} 165 {{- end }} 166 {{- end }} 167 ports: 168 - name: mysql 169 containerPort: 3306 170 {{- if not .Values.diagnosticMode.enabled }} 171 {{- if .Values.secondary.livenessProbe.enabled }} 172 livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }} 173 exec: 174 command: 175 - /bin/bash 176 - -ec 177 - | 178 password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" 179 if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then 180 password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") 181 fi 182 mysqladmin status -uroot -p"${password_aux}" 183 {{- else if .Values.secondary.customLivenessProbe }} 184 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} 185 {{- end }} 186 {{- if .Values.secondary.readinessProbe.enabled }} 187 readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }} 188 exec: 189 command: 190 - /bin/bash 191 - -ec 192 - | 193 password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" 194 if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then 195 password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") 196 fi 197 mysqladmin status -uroot -p"${password_aux}" 198 {{- else if .Values.secondary.customReadinessProbe }} 199 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} 200 {{- end }} 201 {{- if .Values.secondary.startupProbe.enabled }} 202 startupProbe: {{- omit .Values.secondary.startupProbe "enabled" | toYaml | nindent 12 }} 203 exec: 204 command: 205 - /bin/bash 206 - -ec 207 - | 208 password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" 209 if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then 210 password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") 211 fi 212 mysqladmin status -uroot -p"${password_aux}" 213 {{- else if .Values.secondary.customStartupProbe }} 214 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }} 215 {{- end }} 216 {{- end }} 217 {{- if .Values.secondary.resources }} 218 resources: {{ toYaml .Values.secondary.resources | nindent 12 }} 219 {{- end }} 220 volumeMounts: 221 - name: data 222 mountPath: /bitnami/mysql 223 {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} 224 - name: config 225 mountPath: /opt/bitnami/mysql/conf/my.cnf 226 subPath: my.cnf 227 {{- end }} 228 {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} 229 - name: mysql-credentials 230 mountPath: /opt/bitnami/mysql/secrets/ 231 {{- end }} 232 {{- if .Values.secondary.extraVolumeMounts }} 233 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} 234 {{- end }} 235 {{- if .Values.metrics.enabled }} 236 - name: metrics 237 image: {{ include "mysql.metrics.image" . }} 238 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} 239 env: 240 {{- if .Values.auth.usePasswordFiles }} 241 - name: MYSQL_ROOT_PASSWORD_FILE 242 value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} 243 {{- else }} 244 - name: MYSQL_ROOT_PASSWORD 245 valueFrom: 246 secretKeyRef: 247 name: {{ template "mysql.secretName" . }} 248 key: mysql-root-password 249 {{- end }} 250 {{- if .Values.diagnosticMode.enabled }} 251 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} 252 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} 253 {{- else }} 254 command: 255 - /bin/bash 256 - -ec 257 - | 258 password_aux="${MYSQL_ROOT_PASSWORD:-}" 259 if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then 260 password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") 261 fi 262 DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} 263 {{- end }} 264 ports: 265 - name: metrics 266 containerPort: 9104 267 {{- if not .Values.diagnosticMode.enabled }} 268 {{- if .Values.metrics.livenessProbe.enabled }} 269 livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} 270 httpGet: 271 path: /metrics 272 port: metrics 273 {{- end }} 274 {{- if .Values.metrics.readinessProbe.enabled }} 275 readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} 276 httpGet: 277 path: /metrics 278 port: metrics 279 {{- end }} 280 {{- end }} 281 {{- if .Values.metrics.resources }} 282 resources: {{- toYaml .Values.metrics.resources | nindent 12 }} 283 {{- end }} 284 {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} 285 volumeMounts: 286 - name: mysql-credentials 287 mountPath: /opt/bitnami/mysqld-exporter/secrets/ 288 {{- end }} 289 {{- end }} 290 {{- if .Values.secondary.sidecars }} 291 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} 292 {{- end }} 293 volumes: 294 {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} 295 - name: config 296 configMap: 297 name: {{ include "mysql.secondary.configmapName" . }} 298 {{- end }} 299 {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} 300 - name: mysql-credentials 301 secret: 302 secretName: {{ template "mysql.secretName" . }} 303 items: 304 - key: mysql-root-password 305 path: mysql-root-password 306 - key: mysql-replication-password 307 path: mysql-replication-password 308 {{- end }} 309 {{- if .Values.secondary.extraVolumes }} 310 {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} 311 {{- end }} 312 {{- if not .Values.secondary.persistence.enabled }} 313 - name: data 314 emptyDir: {} 315 {{- else }} 316 volumeClaimTemplates: 317 - metadata: 318 name: data 319 labels: {{ include "common.labels.matchLabels" . | nindent 10 }} 320 app.kubernetes.io/component: secondary 321 {{- if .Values.secondary.persistence.annotations }} 322 annotations: 323 {{- toYaml .Values.secondary.persistence.annotations | nindent 10 }} 324 {{- end }} 325 spec: 326 accessModes: 327 {{- range .Values.secondary.persistence.accessModes }} 328 - {{ . | quote }} 329 {{- end }} 330 resources: 331 requests: 332 storage: {{ .Values.secondary.persistence.size | quote }} 333 {{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }} 334 {{- if .Values.secondary.persistence.selector }} 335 selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} 336 {{- end -}} 337 {{- end }} 338 {{- end }}