https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db/templates

 

GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.

Collection of Helm charts for Percona Kubernetes Operators. - GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.

github.com

 

cluster.yaml - 01

 

### .Chart.AppVersion 을 가지고와서 설치수행 "Knd - PerconaXtraDBCluster"

### .Chart.AppVersion 을 가지고와서 annotaition 값 정의

 

### .Values 의 finalizers 값이 있으면 4칸 띠어쓰기하고 입력

### .Values.pxc "clusterSecretName" 값이 있으면 secretName 이 "clusterSecretName" 값으로 정의되며, 아닐시 include "pxc-database.fullname" 값으로 정의되서 생성

 

### Values 의 pxc 의 disableTLS 값이 없을경우

### Values 의 secrets 의 tls 가 cluster 값이 있으면, sslSecretName 값이 "Values.secrets.tls.cluster" 값으로 정의, 없으면 include "pxc-database.fullname" . }}-ssl 값으로 정의

### Values 의 secrets 의 tls 가 internal 값이 있으면  sslSecretName 값이 ".Values.secrets.tls.internal" 값으로 정의, 없으면 include "pxc-database.fullname" . }}-ssl-internal 값으로 정의

 

### Values.pxc 의 vaultSecretName 값이 있으면 vaultSecretName 값이 Values.pxc.vaultSecretName 값으로  정의, 없으면 vaultSecretName  값이 include "pxc-database.fullname" . }}-vault 값으로 정의

 

### Values.pxc 의 logCollectorSecretName 값이 있으면 logCollectorSecretName 값에 Values.pxc.logCollectorSecretName 값으로 정의, 없으면 include "pxc-database.fullname" . }}-log-collector 값으로 정의

 

### Values 의 initImage 값으로 initLmage 값 정의 / Values.allowUnsafeConfigurations .Values.pxc.disableTLS 값중 둘중에 하나라도 있을시 "allowUnsafeConfigurations: true" 값 반영

 

### .Values.enableCRValidationWebhook 값 있을시 enableCRValidationWebhook 정의

### .Values.pause 값 있을시 pause 정의

### .Values.updateStrategy 값 있을시 updateStrategy 정의

 

### Values.upgradeOptions 값 중 versionServiceEndpoint 값이 있을시, "versionServiceEndpoint" key 값의 value 값이 Values.upgradeOptions.versionServiceEndpoint 값으로 정의 / "apply" key 값의 valuse 값이 Values.upgradeOptions.apply 값으로 정의 / "schedule" key 값의 value 값이 .Values.upgradeOptions.schedule 로 정의

 

### Values 의 tls 값이 있으면 tls 값 정의

### Values 의 tls 값 중 "SANs" 값이 있으면, SANs 값이 공백 6칸 띠고나서 값이 정의됨

### Values 의 tls 값 중 "issuerConf" 값이 있으면 issuerConf 의 값중에서 "name" key 값의 valuse 값이 .Values.tls.issuerConf.name 로 정의 / "kind" key 값의 valuse 값이 .Values.tls.issuerConf.kind 로 정의 / "group" key 값의 valuse 값이 .Values.tls.issuerConf.group 로 정의

 

 

### cluster.yaml - 01 START ###

apiVersion: pxc.percona.com/v{{ .Chart.AppVersion | replace "." "-" }}
kind: PerconaXtraDBCluster
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"pxc.percona.com/v{{ .Chart.AppVersion | replace "." "-" }}","kind":"PerconaXtraDBCluster"}
  name: {{ include "pxc-database.fullname" . }}
  labels:
{{ include "pxc-database.labels" . | indent 4 }}
  finalizers:
{{ .Values.finalizers | toYaml | indent 4 }}
spec:
  crVersion: {{ .Chart.AppVersion }}
  {{- if hasKey .Values.pxc "clusterSecretName" }}
  secretsName: {{ .Values.pxc.clusterSecretName }}
  {{- else }}
  secretsName: {{ include "pxc-database.fullname" . }}
  {{- end }}
  {{- if not .Values.pxc.disableTLS }}
  {{- if hasKey .Values.secrets.tls "cluster" }}
  sslSecretName: {{ .Values.secrets.tls.cluster }}
  {{- else }}
  sslSecretName: {{ include "pxc-database.fullname" . }}-ssl
  {{- end }}
  {{- if hasKey .Values.secrets.tls "internal" }}
  sslInternalSecretName: {{ .Values.secrets.tls.internal }}
  {{- else }}
  sslInternalSecretName: {{ include "pxc-database.fullname" . }}-ssl-internal
  {{- end }}
  {{- end }}
  {{- if hasKey .Values.pxc "vaultSecretName" }}
  vaultSecretName: {{ .Values.pxc.vaultSecretName }}
  {{- else }}
  vaultSecretName: {{ include "pxc-database.fullname" . }}-vault
  {{- end }}
  {{- if hasKey .Values.pxc "logCollectorSecretName" }}
  logCollectorSecretName: {{ .Values.pxc.logCollectorSecretName }}
  {{- else }}
  logCollectorSecretName: {{ include "pxc-database.fullname" . }}-log-collector
  {{- end }}
  initImage: {{ .Values.initImage }}
  {{- if or .Values.allowUnsafeConfigurations .Values.pxc.disableTLS }}
  allowUnsafeConfigurations: true
  {{- end }}
  enableCRValidationWebhook: {{ .Values.enableCRValidationWebhook }}
  pause: {{ .Values.pause }}
  updateStrategy: {{ .Values.updateStrategy }}
  {{- if hasKey .Values.upgradeOptions "versionServiceEndpoint" }}
  upgradeOptions:
    versionServiceEndpoint: {{ .Values.upgradeOptions.versionServiceEndpoint }}
    apply: {{ .Values.upgradeOptions.apply }}
    schedule: {{ .Values.upgradeOptions.schedule }}
  {{- end }}
  {{- if .Values.tls }}
  tls:
  {{- if hasKey .Values.tls "SANs" }}
    SANs:
{{ .Values.tls.SANs | toYaml | indent 6 }}
  {{- end }}
  {{- if hasKey .Values.tls "issuerConf" }}
    issuerConf:
      name: {{ .Values.tls.issuerConf.name }}
      kind: {{ .Values.tls.issuerConf.kind }}
      group: {{ .Values.tls.issuerConf.group }}
  {{- end }}
  {{- end }}

### cluster.yaml - 01 END ###

 

 

  {{- $pxc := .Values.pxc }}
  pxc:
    size: {{ $pxc.size }}
    image: "{{ $pxc.image.repository }}:{{ $pxc.image.tag }}"
    autoRecovery: {{ $pxc.autoRecovery }}
    {{- if $pxc.schedulerName }}
    schedulerName: {{ $pxc.schedulerName }}
    {{- end }}
    readinessDelaySec: {{ $pxc.readinessDelaySec }}
    livenessDelaySec: {{ $pxc.livenessDelaySec }}
    {{- if $pxc.configuration }}
    configuration: |
    {{ tpl $pxc.configuration $ | nindent 6 }}
    {{- end }}
    {{- if $pxc.imagePullPolicy }}
    imagePullPolicy: {{ $pxc.imagePullPolicy }}
    {{- end }}
    {{- if $pxc.imagePullSecrets }}
    imagePullSecrets:
{{ $pxc.imagePullSecrets | toYaml | indent 6 }}
    {{- end }}
    {{- if $pxc.priorityClassName }}
    priorityClassName: {{ $pxc.priorityClassName }}
    {{- end }}
    annotations:
{{ $pxc.annotations | toYaml | indent 6 }}
    labels:
{{ $pxc.labels | toYaml | indent 6 }}
    {{- if $pxc.expose }}
    expose:
{{ tpl ($pxc.expose | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $pxc.replicationChannels }}
    replicationChannels:
{{ tpl ($pxc.replicationChannels | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $pxc.runtimeClassName }}
    runtimeClassName: {{ $pxc.runtimeClassName }}
    {{- end }}
    {{- if $pxc.envVarsSecret }}
    envVarsSecret: {{ $pxc.envVarsSecret }}
    {{- end }}
    resources:
      requests:
{{ tpl ($pxc.resources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($pxc.resources.limits | toYaml) $ | indent 8 }}
    sidecars:
{{ $pxc.sidecars | toYaml | indent 6 }}
    sidecarResources:
      requests:
{{ tpl ($pxc.sidecarResources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($pxc.sidecarResources.limits | toYaml) $ | indent 8 }}
    nodeSelector:
{{ $pxc.nodeSelector | toYaml | indent 6 }}
    affinity:
{{ $pxc.affinity | toYaml | indent 6 }}
    tolerations:
{{ $pxc.tolerations | toYaml | indent 6 }}
    podDisruptionBudget:
{{ $pxc.podDisruptionBudget | toYaml | indent 6 }}
    volumeSpec:
    {{- if not $pxc.persistence.enabled }}
      emptyDir: {}
    {{- else }}
    {{- if hasKey $pxc.persistence "hostPath" }}
      hostPath:
        path: {{ $pxc.persistence.hostPath }}
        type: Directory
    {{- else }}
      persistentVolumeClaim:
        {{- if $pxc.persistence.storageClass }}
        {{- if (eq "-" $pxc.persistence.storageClass) }}
        storageClassName: ""
        {{- else }}
        storageClassName: "{{ $pxc.persistence.storageClass }}"
        {{- end }}
        {{- end }}
        accessModes: [{{ $pxc.persistence.accessMode | quote }}]
        resources:
          requests:
            storage: {{ $pxc.persistence.size | quote }}
    {{- end }}
    {{- end }}
    gracePeriod: {{ $pxc.gracePeriod }}
    readinessProbes:
{{ tpl ($pxc.readinessProbes | toYaml) $ | indent 6 }}
    livenessProbes:
{{ tpl ($pxc.livenessProbes | toYaml) $ | indent 6 }}
    {{- if $pxc.containerSecurityContext }}
    containerSecurityContext:
{{ tpl ($pxc.containerSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $pxc.podSecurityContext }}
    podSecurityContext:
{{ tpl ($pxc.podSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $pxc.serviceAccountName }}
    serviceAccountName: {{ $pxc.serviceAccountName }}
    {{- end }}
  {{- if or (not .Values.haproxy.enabled) .Values.proxysql.enabled }}
  haproxy:
    enabled: false
  {{- else }}
  {{- $haproxy := .Values.haproxy }}
  haproxy:
    enabled: true
    size: {{ $haproxy.size }}
    image: {{ include "pxc-db.haproxy-image" . }}
    replicasServiceEnabled: {{ $haproxy.replicasServiceEnabled }}
    {{- if $haproxy.imagePullPolicy }}
    imagePullPolicy: {{ $haproxy.imagePullPolicy }}
    {{- end }}
    {{- if $haproxy.imagePullSecrets }}
    imagePullSecrets:
{{ $haproxy.imagePullSecrets | toYaml | indent 6 }}
    {{- end }}
    {{- if $haproxy.schedulerName }}
    schedulerName: {{ $haproxy.schedulerName }}
    {{- end }}
    {{- if $haproxy.configuration }}
    configuration: |
    {{ tpl $haproxy.configuration $ | nindent 6 }}
    {{- end }}
    {{- if $haproxy.priorityClassName }}
    priorityClassName: {{ $haproxy.priorityClassName }}
    {{- end }}
    {{- if $haproxy.externalTrafficPolicy }}
    externalTrafficPolicy: {{ $haproxy.externalTrafficPolicy }}
    {{- end }}
    {{- if $haproxy.replicasExternalTrafficPolicy }}
    replicasExternalTrafficPolicy: {{ $haproxy.replicasExternalTrafficPolicy }}
    {{- end }}
    {{- if $haproxy.loadBalancerSourceRanges }}
    loadBalancerSourceRanges:
{{ $haproxy.loadBalancerSourceRanges | toYaml | indent 6 }}
    {{- end }}
    {{- if $haproxy.serviceType }}
    serviceType: {{ $haproxy.serviceType }}
    {{- end }}
    {{- if $haproxy.replicasServiceType }}
    replicasServiceType: {{ $haproxy.replicasServiceType }}
    {{- end }}
    {{- if $haproxy.serviceAnnotations }}
    serviceAnnotations:
{{ $haproxy.serviceAnnotations | toYaml | indent 6 }}
    {{- end }}
    annotations:
{{ $haproxy.annotations | toYaml | indent 6 }}
    labels:
{{ $haproxy.labels | toYaml | indent 6 }}
    {{- if $haproxy.runtimeClassName }}
    runtimeClassName: {{ $haproxy.runtimeClassName }}
    {{- end }}
    {{- if $haproxy.envVarsSecret }}
    envVarsSecret: {{ $haproxy.envVarsSecret }}
    {{- end }}
    resources:
      requests:
{{ $haproxy.resources.requests | toYaml | indent 8 }}
      limits:
{{ $haproxy.resources.limits | toYaml | indent 8 }}
    sidecars:
{{ $haproxy.sidecars | toYaml | indent 6 }}
    sidecarResources:
      requests:
{{ tpl ($haproxy.sidecarResources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($haproxy.sidecarResources.limits | toYaml) $ | indent 8 }}
    {{- if $haproxy.serviceAccountName }}
    serviceAccountName: {{ $haproxy.serviceAccountName }}
    {{- end }}
    nodeSelector:
{{ $haproxy.nodeSelector | toYaml | indent 6 }}
    affinity:
{{ $haproxy.affinity | toYaml | indent 6 }}
    tolerations:
{{ $haproxy.tolerations | toYaml | indent 6 }}
    podDisruptionBudget:
{{ $haproxy.podDisruptionBudget | toYaml | indent 6 }}
    volumeSpec:
      emptyDir: {}
    gracePeriod: {{ $haproxy.gracePeriod }}
    {{- if $haproxy.readinessDelaySec }}
    readinessDelaySec: {{ $haproxy.readinessDelaySec }}
    {{- end }}
    {{- if $haproxy.livenessDelaySec }}
    livenessDelaySec: {{ $pxc.livenessDelaySec }}
    {{- end }}
    readinessProbes:
{{ tpl ($haproxy.readinessProbes | toYaml) $ | indent 6 }}
    livenessProbes:
{{ tpl ($haproxy.livenessProbes | toYaml) $ | indent 6 }}
    {{- if $haproxy.containerSecurityContext }}
    containerSecurityContext:
{{ tpl ($haproxy.containerSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $haproxy.podSecurityContext }}
    podSecurityContext:
{{ tpl ($haproxy.podSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
  {{- end }}
  {{- if not .Values.proxysql.enabled }}
  proxysql:
    enabled: false
  {{- else }}
  {{- $proxysql := .Values.proxysql }}
  proxysql:
    enabled: true
    size: {{ $proxysql.size }}
    image: {{ include "pxc-db.proxysql-image" . }}
    {{- if $proxysql.imagePullPolicy }}
    imagePullPolicy: {{ $proxysql.imagePullPolicy }}
    {{- end }}
    {{- if $proxysql.imagePullSecrets }}
    imagePullSecrets:
    {{- $proxysql.imagePullSecrets | toYaml | indent 6 }}
    {{- end }}
    {{- if $proxysql.schedulerName }}
    schedulerName: {{ $proxysql.schedulerName }}
    {{- end }}
    {{- if $proxysql.configuration }}
    configuration: |
    {{ tpl $proxysql.configuration $ | nindent 6 }}
    {{- end }}
    {{- if $proxysql.priorityClassName }}
    priorityClassName: {{ $proxysql.priorityClassName }}
    {{- end }}
    {{- if $proxysql.externalTrafficPolicy }}
    externalTrafficPolicy: {{ $proxysql.externalTrafficPolicy }}
    {{- end }}
    {{- if $proxysql.loadBalancerSourceRanges }}
    loadBalancerSourceRanges:
{{ $proxysql.loadBalancerSourceRanges | toYaml | indent 6 }}
    {{- end }}
    {{- if $proxysql.serviceType }}
    serviceType: {{ $proxysql.serviceType }}
    {{- end }}
    {{- if $proxysql.serviceAnnotations }}
    serviceAnnotations:
{{ $proxysql.serviceAnnotations | toYaml | indent 6 }}
    {{- end }}
    annotations:
{{ $proxysql.annotations | toYaml | indent 6 }}
    labels:
{{ $proxysql.labels | toYaml | indent 6 }}
    {{- if $proxysql.runtimeClassName }}
    runtimeClassName: {{ $proxysql.runtimeClassName }}
    {{- end }}
    {{- if $proxysql.envVarsSecret }}
    envVarsSecret: {{ $proxysql.envVarsSecret }}
    {{- end }}
    resources:
      requests:
{{ $proxysql.resources.requests | toYaml | indent 8 }}
      limits:
{{ $proxysql.resources.limits | toYaml | indent 8 }}
    sidecars:
{{ $proxysql.sidecars | toYaml | indent 6 }}
    sidecarResources:
      requests:
{{ tpl ($proxysql.sidecarResources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($proxysql.sidecarResources.limits | toYaml) $ | indent 8 }}
    {{- if $proxysql.serviceAccountName }}
    serviceAccountName: {{ $proxysql.serviceAccountName }}
    {{- end }}
    nodeSelector:
{{ $proxysql.nodeSelector | toYaml | indent 6 }}
    affinity:
{{ $proxysql.affinity | toYaml | indent 6 }}
    tolerations:
{{ $proxysql.tolerations | toYaml | indent 6 }}
    podDisruptionBudget:
{{ $proxysql.podDisruptionBudget | toYaml | indent 6 }}
    volumeSpec:
    {{- if not $proxysql.persistence.enabled }}
      emptyDir: {}
    {{- else }}
    {{- if hasKey $proxysql.persistence "hostPath" }}
      hostPath:
        path: {{ $proxysql.persistence.hostPath }}
        type: Directory
    {{- else }}
      persistentVolumeClaim:
        {{- if $proxysql.persistence.storageClass }}
        {{- if (eq "-" $proxysql.persistence.storageClass) }}
        storageClassName: ""
        {{- else }}
        storageClassName: "{{ $proxysql.persistence.storageClass }}"
        {{- end }}
        {{- end }}
        accessModes: [{{ $proxysql.persistence.accessMode | quote }}]
        resources:
          requests:
            storage: {{ $proxysql.persistence.size | quote }}
    {{- end }}
    {{- end }}
    gracePeriod: {{ $proxysql.gracePeriod }}
    {{- if $proxysql.containerSecurityContext }}
    containerSecurityContext:
{{ tpl ($proxysql.containerSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
    {{- if $proxysql.podSecurityContext }}
    podSecurityContext:
{{ tpl ($proxysql.podSecurityContext | toYaml) $ | indent 6 }}
    {{- end }}
  {{- end }}
  logcollector:
  {{- if not .Values.logcollector.enabled }}
    enabled: false
  {{- else }}
    {{- $logcollector := .Values.logcollector }}
    enabled: true
    image: {{ include "pxc-db.logcollector-image" . }}
    {{- if $logcollector.imagePullPolicy }}
    imagePullPolicy: {{ $logcollector.imagePullPolicy }}
    {{- end }}
    {{- if $logcollector.imagePullSecrets }}
    imagePullSecrets:
    {{- $logcollector.imagePullSecrets | toYaml | nindent 6 }}
    {{- end }}
    {{- if $logcollector.configuration }}
    configuration: |
    {{ tpl $logcollector.configuration $ | nindent 6 }}
    {{- end }}
    resources:
      requests:
{{ tpl ($logcollector.resources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($logcollector.resources.limits | toYaml) $ | indent 8 }}
  {{- end }}
  pmm:
  {{- if not .Values.pmm.enabled }}
    enabled: false
  {{- else }}
    {{- $pmm := .Values.pmm }}
    enabled: true
    image: {{ $pmm.image.repository }}:{{ $pmm.image.tag }}
    {{- if $pmm.imagePullPolicy }}
    imagePullPolicy: {{ $pmm.imagePullPolicy }}
    {{- end }}
    {{- if $pmm.imagePullSecrets }}
    imagePullSecrets:
    {{- $pmm.imagePullSecrets | toYaml | nindent 6 }}
    {{- end }}
    serverHost: {{ $pmm.serverHost }}
    serverUser: {{ $pmm.serverUser }}
    resources:
      requests:
{{ tpl ($pmm.resources.requests | toYaml) $ | indent 8 }}
      limits:
{{ tpl ($pmm.resources.limits | toYaml) $ | indent 8 }}
  {{- end }}
  {{- $backup := .Values.backup }}
  {{- if $backup.enabled }}
  backup:
    image: {{ include "pxc-db.backup-image" . }}
    {{- if $backup.serviceAccountName }}
    serviceAccountName: {{ $backup.serviceAccountName }}
    {{- end }}
    {{- if $backup.imagePullPolicy }}
    imagePullPolicy: {{ $backup.imagePullPolicy }}
    {{- end }}
    {{- if $backup.imagePullSecrets }}
    imagePullSecrets:
{{ $backup.imagePullSecrets | toYaml | indent 6 }}
    {{- end }}
    pitr:
    {{- if not $backup.pitr.enabled }}
      enabled: false
    {{- else }}
      enabled: true
      storageName: {{ $backup.pitr.storageName }}
      timeBetweenUploads: {{ $backup.pitr.timeBetweenUploads }}
      resources:
        requests:
{{ tpl ($backup.pitr.resources.requests | toYaml) $ | indent 10 }}
        limits:
{{ tpl ($backup.pitr.resources.limits | toYaml) $ | indent 10 }}
    {{- end }}
    storages:
{{ include "pxc-database.storages" . | indent 6 }}
    schedule:
{{ $backup.schedule | toYaml | indent 6 }}
{{- end }}

 

 

'kubernetes > Percona MySQL Operator' 카테고리의 다른 글

[기능] Percona Distribution for MySQL PerconaXtraDBCluster - pxc-db, pause - 졸업과제  (0) 2022.06.15
[설치] Percona Distribution for MySQL Operator 1.10.0 - (03 - B - 02) pxc-db helm chart 분석 - 중간과제  (0) 2022.06.07
[설치] Percona Distribution for MySQL Operator 1.10.0 - (03 - A) pxc-db helm chart 분석 - 중간과제  (0) 2022.06.03
[설치] Percona Distribution for MySQL Operator 1.10.0 - (02) pxc-operator helm chart 분석 - 중간과제  (0) 2022.06.02
[설치] Percona Distribution for MySQL Operator 1.10.0 - (01) 3가지 설치방법 실습 - 중간과제  (0) 2022.05.31

https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db

 

GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.

Collection of Helm charts for Percona Kubernetes Operators. - GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.

github.com

s3-secret.yaml

 

### Values.backup.storages 의 Array 값중 value 값이 s3 일때 설치

### AWS 의 Acesskey 와 Secretkey 가 Kubernetes 의 secret key 방식으로 설치

 

{{- range $key, $value := .Values.backup.storages }}
{{- if and (hasKey $value "type") (eq $value.type "s3") (hasKey $value "s3") (hasKey (index $value "s3") "credentialsAccessKey") (hasKey (index $value "s3") "credentialsSecretKey") }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "pxc-database.fullname" $ }}-s3-{{ $key }}
  labels:
{{ include "pxc-database.labels" $ | indent 4 }}
type: Opaque
data:
  AWS_ACCESS_KEY_ID: {{ index $value "s3" "credentialsAccessKey" | b64enc }}
  AWS_SECRET_ACCESS_KEY: {{ index $value "s3" "credentialsSecretKey" | b64enc }}
{{- end }}
{{- end }}

 

 

 

cluster-ssl-secret.yaml

 

### values 의 pxc 의 disableTLS 값이 true 가 아닐시

### values 의 pxc 의 certManager 값이 true 가 아닐시

### 위의 2가지 조건이 전부다 충족할때 Secret 생성 (내부 인증서)

### .Values 의 secrets 의 tls 가 cluster 가 아닐시

### Values 의 secrets 의 tls 값이 "internal" 이 아닐경우

### Secret 생성되는 값 분기처리됨

### pxc-database.labels 에 해당되는 label 값 추가

 

 

{{- if not .Values.pxc.disableTLS }}
{{- if not .Values.pxc.certManager }}
{{- $nameDB := printf "%s" (include "pxc-database.fullname" .) }}
{{ $ca := genCA (printf "%s-ca" $nameDB ) 365 }}
{{- if not (hasKey .Values.secrets.tls "cluster") }}
---
{{- $name := printf "%s-proxysql" $nameDB }}
{{- $altNames := list ( printf "%s-pxc" $nameDB ) ( printf "*.%s-pxc" $nameDB ) ( printf "*.%s-proxysql" $nameDB ) -}}
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $nameDB }}-ssl
  labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
  ca.crt: {{ $ca.Cert | b64enc }}
  tls.crt: {{ $cert.Cert | b64enc }}
  tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- if not (hasKey .Values.secrets.tls "internal") }}
---
{{- $name := printf "%s-pxc" $nameDB }}
{{- $altNames := list ( printf "%s" $name ) ( printf "*.%s" $name ) ( printf "%s-haproxy-replicas.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas" $nameDB ) ( printf "%s-haproxy.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy" $nameDB ) -}}
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $nameDB }}-ssl-internal
  labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
  ca.crt: {{ $ca.Cert | b64enc }}
  tls.crt: {{ $cert.Cert | b64enc }}
  tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- end }}
{{- end }}

 

 

cluster-secret.yaml

 

### values 의 pxc 의 clusterSecretName 값이 없으면, Secret 값 생성

### Secret 값에 들어갈 값은 Values.yaml 의 secrets.passwords 값을 base64 encode 해서 적용

 

{{- if not (hasKey .Values.pxc "clusterSecretName") }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "pxc-database.fullname" . }}
  labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: Opaque
data:
  root: {{ .Values.secrets.passwords.root | b64enc }}
  xtrabackup: {{ .Values.secrets.passwords.xtrabackup | b64enc }}
  monitor: {{ .Values.secrets.passwords.monitor | b64enc }}
  clustercheck: {{ .Values.secrets.passwords.clustercheck | b64enc }}
  proxyadmin: {{ .Values.secrets.passwords.proxyadmin | b64enc }}
  pmmserver: {{ .Values.secrets.passwords.pmmserver | b64enc }}
  operator: {{ .Values.secrets.passwords.operator | b64enc }}
  replication: {{ .Values.secrets.passwords.replication | b64enc }}
{{- end }}

 

cluster.yaml 값은 내용이 많아서 다음 포스팅에서 정리

'kubernetes > Percona MySQL Operator' 카테고리의 다른 글

[기능] Percona Distribution for MySQL PerconaXtraDBCluster - pxc-db, pause - 졸업과제  (0) 2022.06.15
[설치] Percona Distribution for MySQL Operator 1.10.0 - (03 - B - 02) pxc-db helm chart 분석 - 중간과제  (0) 2022.06.07
[설치] Percona Distribution for MySQL Operator 1.10.0 - (03 - B - 01) pxc-db helm chart 분석 - 중간과제  (0) 2022.06.07
[설치] Percona Distribution for MySQL Operator 1.10.0 - (02) pxc-operator helm chart 분석 - 중간과제  (0) 2022.06.02
[설치] Percona Distribution for MySQL Operator 1.10.0 - (01) 3가지 설치방법 실습 - 중간과제  (0) 2022.05.31

+ Recent posts

티스토리툴바