github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/helm/test/mysql/values.yaml (about) 1 ## @section Global parameters 2 ## Global Docker image parameters 3 ## Please, note that this will override the image parameters, including dependencies, configured to use the global value 4 ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass 5 6 ## @param global.imageRegistry Global Docker image registry 7 ## @param global.imagePullSecrets [array] Global Docker registry secret names as an array 8 ## @param global.storageClass Global StorageClass for Persistent Volume(s) 9 ## 10 global: 11 imageRegistry: "" 12 ## E.g. 13 ## imagePullSecrets: 14 ## - myRegistryKeySecretName 15 ## 16 imagePullSecrets: [] 17 storageClass: "" 18 19 ## @section Common parameters 20 21 ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) 22 ## 23 nameOverride: "" 24 ## @param fullnameOverride String to fully override common.names.fullname template 25 ## 26 fullnameOverride: "" 27 ## @param clusterDomain Cluster domain 28 ## 29 clusterDomain: cluster.local 30 ## @param commonAnnotations [object] Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template 31 ## 32 commonAnnotations: {} 33 ## @param commonLabels [object] Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template 34 ## 35 commonLabels: {} 36 ## @param extraDeploy [array] Array with extra yaml to deploy with the chart. Evaluated as a template 37 ## 38 extraDeploy: [] 39 ## @param schedulerName Use an alternate scheduler, e.g. "stork". 40 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ 41 ## 42 schedulerName: "" 43 44 ## Enable diagnostic mode in the deployment 45 ## 46 diagnosticMode: 47 ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) 48 ## 49 enabled: false 50 ## @param diagnosticMode.command Command to override all containers in the deployment 51 ## 52 command: 53 - sleep 54 ## @param diagnosticMode.args Args to override all containers in the deployment 55 ## 56 args: 57 - infinity 58 59 ## @section MySQL common parameters 60 61 ## Bitnami MySQL image 62 ## ref: https://hub.docker.com/r/bitnami/mysql/tags/ 63 ## @param image.registry MySQL image registry 64 ## @param image.repository MySQL image repository 65 ## @param image.tag MySQL image tag (immutable tags are recommended) 66 ## @param image.pullPolicy MySQL image pull policy 67 ## @param image.pullSecrets [array] Specify docker-registry secret names as an array 68 ## @param image.debug Specify if debug logs should be enabled 69 ## 70 image: 71 registry: docker.io 72 repository: bitnami/mysql 73 tag: 8.0.28-debian-10-r23 74 ## Specify a imagePullPolicy 75 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' 76 ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images 77 ## 78 pullPolicy: IfNotPresent 79 ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) 80 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 81 ## Example: 82 ## pullSecrets: 83 ## - myRegistryKeySecretName 84 ## 85 pullSecrets: [] 86 ## Set to true if you would like to see extra information on logs 87 ## It turns BASH and/or NAMI debugging in the image 88 ## 89 debug: false 90 ## @param architecture MySQL architecture (`standalone` or `replication`) 91 ## 92 architecture: standalone 93 ## MySQL Authentication parameters 94 ## 95 auth: 96 ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided 97 ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run 98 ## 99 rootPassword: "" 100 ## @param auth.database Name for a custom database to create 101 ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run 102 ## 103 database: my_database 104 ## @param auth.username Name for a custom user to create 105 ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run 106 ## 107 username: "" 108 ## @param auth.password Password for the new user. Ignored if existing secret is provided 109 ## 110 password: "" 111 ## @param auth.replicationUser MySQL replication user 112 ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster 113 ## 114 replicationUser: replicator 115 ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided 116 ## 117 replicationPassword: "" 118 ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` 119 ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. 120 ## 121 existingSecret: "" 122 ## @param auth.forcePassword Force users to specify required passwords 123 ## 124 forcePassword: false 125 ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable 126 ## 127 usePasswordFiles: false 128 ## @param auth.customPasswordFiles [object] Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` 129 ## Example: 130 ## customPasswordFiles: 131 ## root: /vault/secrets/mysql-root 132 ## user: /vault/secrets/mysql-user 133 ## replicator: /vault/secrets/mysql-replicator 134 ## 135 customPasswordFiles: {} 136 ## @param initdbScripts [object] Dictionary of initdb scripts 137 ## Specify dictionary of scripts to be run at first boot 138 ## Example: 139 ## initdbScripts: 140 ## my_init_script.sh: | 141 ## #!/bin/bash 142 ## echo "Do something." 143 ## 144 initdbScripts: {} 145 ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) 146 ## 147 initdbScriptsConfigMap: "" 148 149 ## @section MySQL Primary parameters 150 151 primary: 152 ## @param primary.command [array] Override default container command on MySQL Primary container(s) (useful when using custom images) 153 ## 154 command: [] 155 ## @param primary.args [array] Override default container args on MySQL Primary container(s) (useful when using custom images) 156 ## 157 args: [] 158 ## @param primary.hostAliases [array] Deployment pod host aliases 159 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ 160 ## 161 hostAliases: [] 162 ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file 163 ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file 164 ## 165 configuration: |- 166 [mysqld] 167 default_authentication_plugin=mysql_native_password 168 skip-name-resolve 169 explicit_defaults_for_timestamp 170 basedir=/opt/bitnami/mysql 171 plugin_dir=/opt/bitnami/mysql/lib/plugin 172 port=3306 173 socket=/opt/bitnami/mysql/tmp/mysql.sock 174 datadir=/bitnami/mysql/data 175 tmpdir=/opt/bitnami/mysql/tmp 176 max_allowed_packet=16M 177 bind-address=0.0.0.0 178 pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 179 log-error=/opt/bitnami/mysql/logs/mysqld.log 180 character-set-server=UTF8 181 collation-server=utf8_general_ci 182 183 [client] 184 port=3306 185 socket=/opt/bitnami/mysql/tmp/mysql.sock 186 default-character-set=UTF8 187 plugin_dir=/opt/bitnami/mysql/lib/plugin 188 189 [manager] 190 port=3306 191 socket=/opt/bitnami/mysql/tmp/mysql.sock 192 pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 193 ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. 194 ## NOTE: When it's set the 'configuration' parameter is ignored 195 ## 196 existingConfigmap: "" 197 ## @param primary.updateStrategy Update strategy type for the MySQL primary statefulset 198 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies 199 ## 200 updateStrategy: RollingUpdate 201 ## @param primary.rollingUpdatePartition Partition update strategy for MySQL Primary statefulset 202 ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions 203 ## 204 rollingUpdatePartition: "" 205 ## @param primary.podAnnotations [object] Additional pod annotations for MySQL primary pods 206 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 207 ## 208 podAnnotations: {} 209 ## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` 210 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 211 ## 212 podAffinityPreset: "" 213 ## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` 214 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 215 ## 216 podAntiAffinityPreset: soft 217 ## MySQL Primary node affinity preset 218 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity 219 ## 220 nodeAffinityPreset: 221 ## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` 222 ## 223 type: "" 224 ## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set. 225 ## E.g. 226 ## key: "kubernetes.io/e2e-az-name" 227 ## 228 key: "" 229 ## @param primary.nodeAffinityPreset.values [array] MySQL primary node label values to match. Ignored if `primary.affinity` is set. 230 ## E.g. 231 ## values: 232 ## - e2e-az1 233 ## - e2e-az2 234 ## 235 values: [] 236 ## @param primary.affinity [object] Affinity for MySQL primary pods assignment 237 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 238 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set 239 ## 240 affinity: {} 241 ## @param primary.nodeSelector [object] Node labels for MySQL primary pods assignment 242 ## ref: https://kubernetes.io/docs/user-guide/node-selection/ 243 ## 244 nodeSelector: {} 245 ## @param primary.tolerations [array] Tolerations for MySQL primary pods assignment 246 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 247 ## 248 tolerations: [] 249 ## MySQL primary Pod security context 250 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod 251 ## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods 252 ## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem 253 ## 254 podSecurityContext: 255 enabled: true 256 fsGroup: 1001 257 ## MySQL primary container security context 258 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 259 ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext 260 ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container 261 ## 262 containerSecurityContext: 263 enabled: true 264 runAsUser: 1001 265 ## MySQL primary container's resource requests and limits 266 ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ 267 ## We usually recommend not to specify default resources and to leave this as a conscious 268 ## choice for the user. This also increases chances charts run on environments with little 269 ## resources, such as Minikube. If you do want to specify resources, uncomment the following 270 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. 271 ## @param primary.resources.limits [object] The resources limits for MySQL primary containers 272 ## @param primary.resources.requests [object] The requested resources for MySQL primary containers 273 ## 274 resources: 275 ## Example: 276 ## limits: 277 ## cpu: 250m 278 ## memory: 256Mi 279 limits: {} 280 ## Examples: 281 ## requests: 282 ## cpu: 250m 283 ## memory: 256Mi 284 requests: {} 285 ## Configure extra options for liveness probe 286 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 287 ## @param primary.livenessProbe.enabled Enable livenessProbe 288 ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 289 ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe 290 ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 291 ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe 292 ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe 293 ## 294 livenessProbe: 295 enabled: true 296 initialDelaySeconds: 5 297 periodSeconds: 10 298 timeoutSeconds: 1 299 failureThreshold: 3 300 successThreshold: 1 301 ## Configure extra options for readiness probe 302 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 303 ## @param primary.readinessProbe.enabled Enable readinessProbe 304 ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 305 ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe 306 ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 307 ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe 308 ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe 309 ## 310 readinessProbe: 311 enabled: true 312 initialDelaySeconds: 5 313 periodSeconds: 10 314 timeoutSeconds: 1 315 failureThreshold: 3 316 successThreshold: 1 317 ## Configure extra options for startupProbe probe 318 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 319 ## @param primary.startupProbe.enabled Enable startupProbe 320 ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 321 ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe 322 ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe 323 ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe 324 ## @param primary.startupProbe.successThreshold Success threshold for startupProbe 325 ## 326 startupProbe: 327 enabled: true 328 initialDelaySeconds: 15 329 periodSeconds: 10 330 timeoutSeconds: 1 331 failureThreshold: 10 332 successThreshold: 1 333 ## @param primary.customLivenessProbe [object] Override default liveness probe for MySQL primary containers 334 ## 335 customLivenessProbe: {} 336 ## @param primary.customReadinessProbe [object] Override default readiness probe for MySQL primary containers 337 ## 338 customReadinessProbe: {} 339 ## @param primary.customStartupProbe [object] Override default startup probe for MySQL primary containers 340 ## 341 customStartupProbe: {} 342 ## @param primary.extraFlags MySQL primary additional command line flags 343 ## Can be used to specify command line flags, for example: 344 ## E.g. 345 ## extraFlags: "--max-connect-errors=1000 --max_connections=155" 346 ## 347 extraFlags: "" 348 ## @param primary.extraEnvVars [array] Extra environment variables to be set on MySQL primary containers 349 ## E.g. 350 ## extraEnvVars: 351 ## - name: TZ 352 ## value: "Europe/Paris" 353 ## 354 extraEnvVars: [] 355 ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers 356 ## 357 extraEnvVarsCM: "" 358 ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers 359 ## 360 extraEnvVarsSecret: "" 361 ## Enable persistence using Persistent Volume Claims 362 ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ 363 ## 364 persistence: 365 ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir 366 ## 367 enabled: true 368 ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas 369 ## NOTE: When it's set the rest of persistence parameters are ignored 370 ## 371 existingClaim: "" 372 ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class 373 ## If defined, storageClassName: <storageClass> 374 ## If set to "-", storageClassName: "", which disables dynamic provisioning 375 ## If undefined (the default) or set to null, no storageClassName spec is 376 ## set, choosing the default provisioner. (gp2 on AWS, standard on 377 ## GKE, AWS & OpenStack) 378 ## 379 storageClass: "" 380 ## @param primary.persistence.annotations [object] MySQL primary persistent volume claim annotations 381 ## 382 annotations: {} 383 ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes 384 ## 385 accessModes: 386 - ReadWriteOnce 387 ## @param primary.persistence.size MySQL primary persistent volume size 388 ## 389 size: 8Gi 390 ## @param primary.persistence.selector [object] Selector to match an existing Persistent Volume 391 ## selector: 392 ## matchLabels: 393 ## app: my-app 394 ## 395 selector: {} 396 ## @param primary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL Primary pod(s) 397 ## 398 extraVolumes: [] 399 ## @param primary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) 400 ## 401 extraVolumeMounts: [] 402 ## @param primary.initContainers [array] Add additional init containers for the MySQL Primary pod(s) 403 ## 404 initContainers: [] 405 ## @param primary.sidecars [array] Add additional sidecar containers for the MySQL Primary pod(s) 406 ## 407 sidecars: [] 408 ## MySQL Primary Service parameters 409 ## 410 service: 411 ## @param primary.service.type MySQL Primary K8s service type 412 ## 413 type: ClusterIP 414 ## @param primary.service.port MySQL Primary K8s service port 415 ## 416 port: 3306 417 ## @param primary.service.nodePort MySQL Primary K8s service node port 418 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 419 ## 420 nodePort: "" 421 ## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP 422 ## e.g: 423 ## clusterIP: None 424 ## 425 clusterIP: "" 426 ## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer` 427 ## Set the LoadBalancer service type to internal only 428 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer 429 ## 430 loadBalancerIP: "" 431 ## @param primary.service.externalTrafficPolicy Enable client source IP preservation 432 ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip 433 ## 434 externalTrafficPolicy: Cluster 435 ## @param primary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL Primary service is LoadBalancer 436 ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service 437 ## E.g. 438 ## loadBalancerSourceRanges: 439 ## - 10.10.10.0/24 440 ## 441 loadBalancerSourceRanges: [] 442 ## @param primary.service.annotations [object] Provide any additional annotations which may be required 443 ## 444 annotations: {} 445 ## MySQL primary Pod Disruption Budget configuration 446 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ 447 ## 448 pdb: 449 ## @param primary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL primary pods 450 ## 451 enabled: false 452 ## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled 453 ## 454 minAvailable: 1 455 ## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable 456 ## 457 maxUnavailable: "" 458 ## @param primary.podLabels [object] MySQL Primary pod label. If labels are same as commonLabels , this will take precedence 459 ## 460 podLabels: {} 461 462 ## @section MySQL Secondary parameters 463 464 secondary: 465 ## @param secondary.replicaCount Number of MySQL secondary replicas 466 ## 467 replicaCount: 1 468 ## @param secondary.hostAliases [array] Deployment pod host aliases 469 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ 470 ## 471 hostAliases: [] 472 ## @param secondary.command [array] Override default container command on MySQL Secondary container(s) (useful when using custom images) 473 ## 474 command: [] 475 ## @param secondary.args [array] Override default container args on MySQL Secondary container(s) (useful when using custom images) 476 ## 477 args: [] 478 ## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file 479 ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file 480 ## 481 configuration: |- 482 [mysqld] 483 default_authentication_plugin=mysql_native_password 484 skip-name-resolve 485 explicit_defaults_for_timestamp 486 basedir=/opt/bitnami/mysql 487 port=3306 488 socket=/opt/bitnami/mysql/tmp/mysql.sock 489 datadir=/bitnami/mysql/data 490 tmpdir=/opt/bitnami/mysql/tmp 491 max_allowed_packet=16M 492 bind-address=0.0.0.0 493 pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 494 log-error=/opt/bitnami/mysql/logs/mysqld.log 495 character-set-server=UTF8 496 collation-server=utf8_general_ci 497 498 [client] 499 port=3306 500 socket=/opt/bitnami/mysql/tmp/mysql.sock 501 default-character-set=UTF8 502 503 [manager] 504 port=3306 505 socket=/opt/bitnami/mysql/tmp/mysql.sock 506 pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 507 ## @param secondary.existingConfigmap Name of existing ConfigMap with MySQL Secondary configuration. 508 ## NOTE: When it's set the 'configuration' parameter is ignored 509 ## 510 existingConfigmap: "" 511 ## @param secondary.updateStrategy Update strategy type for the MySQL secondary statefulset 512 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies 513 ## 514 updateStrategy: RollingUpdate 515 ## @param secondary.rollingUpdatePartition Partition update strategy for MySQL Secondary statefulset 516 ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions 517 ## 518 rollingUpdatePartition: "" 519 ## @param secondary.podAnnotations [object] Additional pod annotations for MySQL secondary pods 520 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 521 ## 522 podAnnotations: {} 523 ## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` 524 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 525 ## 526 podAffinityPreset: "" 527 ## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` 528 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity 529 ## Allowed values: soft, hard 530 ## 531 podAntiAffinityPreset: soft 532 ## MySQL Secondary node affinity preset 533 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity 534 ## 535 nodeAffinityPreset: 536 ## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` 537 ## 538 type: "" 539 ## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set. 540 ## E.g. 541 ## key: "kubernetes.io/e2e-az-name" 542 ## 543 key: "" 544 ## @param secondary.nodeAffinityPreset.values [array] MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. 545 ## E.g. 546 ## values: 547 ## - e2e-az1 548 ## - e2e-az2 549 ## 550 values: [] 551 ## @param secondary.affinity [object] Affinity for MySQL secondary pods assignment 552 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 553 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set 554 ## 555 affinity: {} 556 ## @param secondary.nodeSelector [object] Node labels for MySQL secondary pods assignment 557 ## ref: https://kubernetes.io/docs/user-guide/node-selection/ 558 ## 559 nodeSelector: {} 560 ## @param secondary.tolerations [array] Tolerations for MySQL secondary pods assignment 561 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 562 ## 563 tolerations: [] 564 ## MySQL secondary Pod security context 565 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod 566 ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods 567 ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem 568 ## 569 podSecurityContext: 570 enabled: true 571 fsGroup: 1001 572 ## MySQL secondary container security context 573 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 574 ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext 575 ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container 576 ## 577 containerSecurityContext: 578 enabled: true 579 runAsUser: 1001 580 ## MySQL secondary container's resource requests and limits 581 ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ 582 ## We usually recommend not to specify default resources and to leave this as a conscious 583 ## choice for the user. This also increases chances charts run on environments with little 584 ## resources, such as Minikube. If you do want to specify resources, uncomment the following 585 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. 586 ## @param secondary.resources.limits [object] The resources limits for MySQL secondary containers 587 ## @param secondary.resources.requests [object] The requested resources for MySQL secondary containers 588 ## 589 resources: 590 ## Example: 591 ## limits: 592 ## cpu: 250m 593 ## memory: 256Mi 594 limits: {} 595 ## Examples: 596 ## requests: 597 ## cpu: 250m 598 ## memory: 256Mi 599 requests: {} 600 ## Configure extra options for liveness probe 601 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 602 ## @param secondary.livenessProbe.enabled Enable livenessProbe 603 ## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 604 ## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe 605 ## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 606 ## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe 607 ## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe 608 ## 609 livenessProbe: 610 enabled: true 611 initialDelaySeconds: 5 612 periodSeconds: 10 613 timeoutSeconds: 1 614 failureThreshold: 3 615 successThreshold: 1 616 ## Configure extra options for readiness probe 617 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 618 ## @param secondary.readinessProbe.enabled Enable readinessProbe 619 ## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 620 ## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe 621 ## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 622 ## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe 623 ## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe 624 ## 625 readinessProbe: 626 enabled: true 627 initialDelaySeconds: 5 628 periodSeconds: 10 629 timeoutSeconds: 1 630 failureThreshold: 3 631 successThreshold: 1 632 ## Configure extra options for startupProbe probe 633 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes 634 ## @param secondary.startupProbe.enabled Enable startupProbe 635 ## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 636 ## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe 637 ## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe 638 ## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe 639 ## @param secondary.startupProbe.successThreshold Success threshold for startupProbe 640 ## 641 startupProbe: 642 enabled: true 643 initialDelaySeconds: 15 644 periodSeconds: 10 645 timeoutSeconds: 1 646 failureThreshold: 15 647 successThreshold: 1 648 ## @param secondary.customLivenessProbe [object] Override default liveness probe for MySQL secondary containers 649 ## 650 customLivenessProbe: {} 651 ## @param secondary.customReadinessProbe [object] Override default readiness probe for MySQL secondary containers 652 ## 653 customReadinessProbe: {} 654 ## @param secondary.customStartupProbe [object] Override default startup probe for MySQL secondary containers 655 ## 656 customStartupProbe: {} 657 ## @param secondary.extraFlags MySQL secondary additional command line flags 658 ## Can be used to specify command line flags, for example: 659 ## E.g. 660 ## extraFlags: "--max-connect-errors=1000 --max_connections=155" 661 ## 662 extraFlags: "" 663 ## @param secondary.extraEnvVars [array] An array to add extra environment variables on MySQL secondary containers 664 ## E.g. 665 ## extraEnvVars: 666 ## - name: TZ 667 ## value: "Europe/Paris" 668 ## 669 extraEnvVars: [] 670 ## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers 671 ## 672 extraEnvVarsCM: "" 673 ## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers 674 ## 675 extraEnvVarsSecret: "" 676 ## Enable persistence using Persistent Volume Claims 677 ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ 678 ## 679 persistence: 680 ## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` 681 ## 682 enabled: true 683 ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class 684 ## If defined, storageClassName: <storageClass> 685 ## If set to "-", storageClassName: "", which disables dynamic provisioning 686 ## If undefined (the default) or set to null, no storageClassName spec is 687 ## set, choosing the default provisioner. (gp2 on AWS, standard on 688 ## GKE, AWS & OpenStack) 689 ## 690 storageClass: "" 691 ## @param secondary.persistence.annotations [object] MySQL secondary persistent volume claim annotations 692 ## 693 annotations: {} 694 ## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes 695 ## 696 accessModes: 697 - ReadWriteOnce 698 ## @param secondary.persistence.size MySQL secondary persistent volume size 699 ## 700 size: 8Gi 701 ## @param secondary.persistence.selector [object] Selector to match an existing Persistent Volume 702 ## selector: 703 ## matchLabels: 704 ## app: my-app 705 ## 706 selector: {} 707 ## @param secondary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL secondary pod(s) 708 ## 709 extraVolumes: [] 710 ## @param secondary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) 711 ## 712 extraVolumeMounts: [] 713 ## @param secondary.initContainers [array] Add additional init containers for the MySQL secondary pod(s) 714 ## 715 initContainers: [] 716 ## @param secondary.sidecars [array] Add additional sidecar containers for the MySQL secondary pod(s) 717 ## 718 sidecars: [] 719 ## MySQL Secondary Service parameters 720 ## 721 service: 722 ## @param secondary.service.type MySQL secondary Kubernetes service type 723 ## 724 type: ClusterIP 725 ## @param secondary.service.port MySQL secondary Kubernetes service port 726 ## 727 port: 3306 728 ## @param secondary.service.nodePort MySQL secondary Kubernetes service node port 729 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 730 ## 731 nodePort: "" 732 ## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP 733 ## e.g: 734 ## clusterIP: None 735 ## 736 clusterIP: "" 737 ## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer` 738 ## Set the LoadBalancer service type to internal only 739 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer 740 ## 741 loadBalancerIP: "" 742 ## @param secondary.service.externalTrafficPolicy Enable client source IP preservation 743 ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip 744 ## 745 externalTrafficPolicy: Cluster 746 ## @param secondary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL secondary service is LoadBalancer 747 ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service 748 ## E.g. 749 ## loadBalancerSourceRanges: 750 ## - 10.10.10.0/24 751 ## 752 loadBalancerSourceRanges: [] 753 ## @param secondary.service.annotations [object] Provide any additional annotations which may be required 754 ## 755 annotations: {} 756 ## MySQL secondary Pod Disruption Budget configuration 757 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ 758 ## 759 pdb: 760 ## @param secondary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL secondary pods 761 ## 762 enabled: false 763 ## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled 764 ## 765 minAvailable: 1 766 ## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable 767 ## 768 maxUnavailable: "" 769 ## @param secondary.podLabels [object] Additional pod labels for MySQL secondary pods 770 ## 771 podLabels: {} 772 773 ## @section RBAC parameters 774 775 ## MySQL pods ServiceAccount 776 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 777 ## 778 serviceAccount: 779 ## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods 780 ## 781 create: true 782 ## @param serviceAccount.name Name of the created ServiceAccount 783 ## If not set and create is true, a name is generated using the mysql.fullname template 784 ## 785 name: "" 786 ## @param serviceAccount.annotations [object] Annotations for MySQL Service Account 787 ## 788 annotations: {} 789 ## Role Based Access 790 ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ 791 ## 792 rbac: 793 ## @param rbac.create Whether to create & use RBAC resources or not 794 ## 795 create: false 796 797 ## @section Network Policy 798 799 ## MySQL Nework Policy configuration 800 ## 801 networkPolicy: 802 ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources 803 ## 804 enabled: false 805 ## @param networkPolicy.allowExternal The Policy model to apply. 806 ## When set to false, only pods with the correct 807 ## client label will have network access to the port MySQL is listening 808 ## on. When true, MySQL will accept connections from any source 809 ## (with the correct destination port). 810 ## 811 allowExternal: true 812 ## @param networkPolicy.explicitNamespacesSelector [object] A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL 813 ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace 814 ## and that match other criteria, the ones that have the good label, can reach the DB. 815 ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this 816 ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. 817 ## 818 ## Example: 819 ## explicitNamespacesSelector: 820 ## matchLabels: 821 ## role: frontend 822 ## matchExpressions: 823 ## - {key: role, operator: In, values: [frontend]} 824 ## 825 explicitNamespacesSelector: {} 826 827 ## @section Volume Permissions parameters 828 829 ## Init containers parameters: 830 ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. 831 ## 832 volumePermissions: 833 ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` 834 ## 835 enabled: false 836 ## @param volumePermissions.image.registry Init container volume-permissions image registry 837 ## @param volumePermissions.image.repository Init container volume-permissions image repository 838 ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) 839 ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy 840 ## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array 841 ## 842 image: 843 registry: docker.io 844 repository: bitnami/bitnami-shell 845 tag: 10-debian-10-r349 846 pullPolicy: IfNotPresent 847 ## Optionally specify an array of imagePullSecrets. 848 ## Secrets must be manually created in the namespace. 849 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 850 ## e.g: 851 ## pullSecrets: 852 ## - myRegistryKeySecretName 853 ## 854 pullSecrets: [] 855 ## @param volumePermissions.resources [object] Init container volume-permissions resources 856 ## 857 resources: {} 858 859 ## @section Metrics parameters 860 861 ## Mysqld Prometheus exporter parameters 862 ## 863 metrics: 864 ## @param metrics.enabled Start a side-car prometheus exporter 865 ## 866 enabled: false 867 ## @param metrics.image.registry Exporter image registry 868 ## @param metrics.image.repository Exporter image repository 869 ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) 870 ## @param metrics.image.pullPolicy Exporter image pull policy 871 ## @param metrics.image.pullSecrets [array] Specify docker-registry secret names as an array 872 ## 873 image: 874 registry: docker.io 875 repository: bitnami/mysqld-exporter 876 tag: 0.13.0-debian-10-r256 877 pullPolicy: IfNotPresent 878 ## Optionally specify an array of imagePullSecrets. 879 ## Secrets must be manually created in the namespace. 880 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 881 ## e.g: 882 ## pullSecrets: 883 ## - myRegistryKeySecretName 884 ## 885 pullSecrets: [] 886 ## MySQL Prometheus exporter service parameters 887 ## Mysqld Prometheus exporter liveness and readiness probes 888 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes 889 ## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter 890 ## @param metrics.service.port MySQL Prometheus Exporter service port 891 ## @param metrics.service.annotations [object] Prometheus exporter service annotations 892 ## 893 service: 894 type: ClusterIP 895 port: 9104 896 annotations: 897 prometheus.io/scrape: "true" 898 prometheus.io/port: "{{ .Values.metrics.service.port }}" 899 ## @param metrics.extraArgs.primary [array] Extra args to be passed to mysqld_exporter on Primary pods 900 ## @param metrics.extraArgs.secondary [array] Extra args to be passed to mysqld_exporter on Secondary pods 901 ## ref: https://github.com/prometheus/mysqld_exporter/ 902 ## E.g. 903 ## - --collect.auto_increment.columns 904 ## - --collect.binlog_size 905 ## - --collect.engine_innodb_status 906 ## - --collect.engine_tokudb_status 907 ## - --collect.global_status 908 ## - --collect.global_variables 909 ## - --collect.info_schema.clientstats 910 ## - --collect.info_schema.innodb_metrics 911 ## - --collect.info_schema.innodb_tablespaces 912 ## - --collect.info_schema.innodb_cmp 913 ## - --collect.info_schema.innodb_cmpmem 914 ## - --collect.info_schema.processlist 915 ## - --collect.info_schema.processlist.min_time 916 ## - --collect.info_schema.query_response_time 917 ## - --collect.info_schema.tables 918 ## - --collect.info_schema.tables.databases 919 ## - --collect.info_schema.tablestats 920 ## - --collect.info_schema.userstats 921 ## - --collect.perf_schema.eventsstatements 922 ## - --collect.perf_schema.eventsstatements.digest_text_limit 923 ## - --collect.perf_schema.eventsstatements.limit 924 ## - --collect.perf_schema.eventsstatements.timelimit 925 ## - --collect.perf_schema.eventswaits 926 ## - --collect.perf_schema.file_events 927 ## - --collect.perf_schema.file_instances 928 ## - --collect.perf_schema.indexiowaits 929 ## - --collect.perf_schema.tableiowaits 930 ## - --collect.perf_schema.tablelocks 931 ## - --collect.perf_schema.replication_group_member_stats 932 ## - --collect.slave_status 933 ## - --collect.slave_hosts 934 ## - --collect.heartbeat 935 ## - --collect.heartbeat.database 936 ## - --collect.heartbeat.table 937 ## 938 extraArgs: 939 primary: [] 940 secondary: [] 941 ## Mysqld Prometheus exporter resource requests and limits 942 ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ 943 ## We usually recommend not to specify default resources and to leave this as a conscious 944 ## choice for the user. This also increases chances charts run on environments with little 945 ## resources, such as Minikube. If you do want to specify resources, uncomment the following 946 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. 947 ## @param metrics.resources.limits [object] The resources limits for MySQL prometheus exporter containers 948 ## @param metrics.resources.requests [object] The requested resources for MySQL prometheus exporter containers 949 ## 950 resources: 951 ## Example: 952 ## limits: 953 ## cpu: 100m 954 ## memory: 256Mi 955 limits: {} 956 ## Examples: 957 ## requests: 958 ## cpu: 100m 959 ## memory: 256Mi 960 requests: {} 961 ## Mysqld Prometheus exporter liveness probe 962 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes 963 ## @param metrics.livenessProbe.enabled Enable livenessProbe 964 ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 965 ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe 966 ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 967 ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe 968 ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe 969 ## 970 livenessProbe: 971 enabled: true 972 initialDelaySeconds: 120 973 periodSeconds: 10 974 timeoutSeconds: 1 975 successThreshold: 1 976 failureThreshold: 3 977 ## Mysqld Prometheus exporter readiness probe 978 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes 979 ## @param metrics.readinessProbe.enabled Enable readinessProbe 980 ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 981 ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe 982 ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 983 ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe 984 ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe 985 ## 986 readinessProbe: 987 enabled: true 988 initialDelaySeconds: 30 989 periodSeconds: 10 990 timeoutSeconds: 1 991 successThreshold: 1 992 failureThreshold: 3 993 ## Prometheus Service Monitor 994 ## ref: https://github.com/coreos/prometheus-operator 995 ## 996 serviceMonitor: 997 ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator 998 ## 999 enabled: false 1000 ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created 1001 ## 1002 namespace: "" 1003 ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped 1004 ## 1005 interval: 30s 1006 ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended 1007 ## e.g: 1008 ## scrapeTimeout: 30s 1009 ## 1010 scrapeTimeout: "" 1011 ## @param metrics.serviceMonitor.relabellings [array] Specify Metric Relabellings to add to the scrape endpoint 1012 ## 1013 relabellings: [] 1014 ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint 1015 ## 1016 honorLabels: false 1017 ## @param metrics.serviceMonitor.additionalLabels [object] Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with 1018 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec 1019 ## 1020 additionalLabels: {}