https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-db
GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.
Collection of Helm charts for Percona Kubernetes Operators. - GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.
github.com
s3-secret.yaml
### Values.backup.storages 의 Array 값중 value 값이 s3 일때 설치
### AWS 의 Acesskey 와 Secretkey 가 Kubernetes 의 secret key 방식으로 설치
{{- range $key, $value := .Values.backup.storages }}
{{- if and (hasKey $value "type") (eq $value.type "s3") (hasKey $value "s3") (hasKey (index $value "s3") "credentialsAccessKey") (hasKey (index $value "s3") "credentialsSecretKey") }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pxc-database.fullname" $ }}-s3-{{ $key }}
labels:
{{ include "pxc-database.labels" $ | indent 4 }}
type: Opaque
data:
AWS_ACCESS_KEY_ID: {{ index $value "s3" "credentialsAccessKey" | b64enc }}
AWS_SECRET_ACCESS_KEY: {{ index $value "s3" "credentialsSecretKey" | b64enc }}
{{- end }}
{{- end }}
cluster-ssl-secret.yaml
### values 의 pxc 의 disableTLS 값이 true 가 아닐시
### values 의 pxc 의 certManager 값이 true 가 아닐시
### 위의 2가지 조건이 전부다 충족할때 Secret 생성 (내부 인증서)
### .Values 의 secrets 의 tls 가 cluster 가 아닐시
### Values 의 secrets 의 tls 값이 "internal" 이 아닐경우
### Secret 생성되는 값 분기처리됨
### pxc-database.labels 에 해당되는 label 값 추가
{{- if not .Values.pxc.disableTLS }}
{{- if not .Values.pxc.certManager }}
{{- $nameDB := printf "%s" (include "pxc-database.fullname" .) }}
{{ $ca := genCA (printf "%s-ca" $nameDB ) 365 }}
{{- if not (hasKey .Values.secrets.tls "cluster") }}
---
{{- $name := printf "%s-proxysql" $nameDB }}
{{- $altNames := list ( printf "%s-pxc" $nameDB ) ( printf "*.%s-pxc" $nameDB ) ( printf "*.%s-proxysql" $nameDB ) -}}
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $nameDB }}-ssl
labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- if not (hasKey .Values.secrets.tls "internal") }}
---
{{- $name := printf "%s-pxc" $nameDB }}
{{- $altNames := list ( printf "%s" $name ) ( printf "*.%s" $name ) ( printf "%s-haproxy-replicas.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas" $nameDB ) ( printf "%s-haproxy.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy" $nameDB ) -}}
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $nameDB }}-ssl-internal
labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- end }}
{{- end }}
cluster-secret.yaml
### values 의 pxc 의 clusterSecretName 값이 없으면, Secret 값 생성
### Secret 값에 들어갈 값은 Values.yaml 의 secrets.passwords 값을 base64 encode 해서 적용
{{- if not (hasKey .Values.pxc "clusterSecretName") }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pxc-database.fullname" . }}
labels:
{{ include "pxc-database.labels" . | indent 4 }}
type: Opaque
data:
root: {{ .Values.secrets.passwords.root | b64enc }}
xtrabackup: {{ .Values.secrets.passwords.xtrabackup | b64enc }}
monitor: {{ .Values.secrets.passwords.monitor | b64enc }}
clustercheck: {{ .Values.secrets.passwords.clustercheck | b64enc }}
proxyadmin: {{ .Values.secrets.passwords.proxyadmin | b64enc }}
pmmserver: {{ .Values.secrets.passwords.pmmserver | b64enc }}
operator: {{ .Values.secrets.passwords.operator | b64enc }}
replication: {{ .Values.secrets.passwords.replication | b64enc }}
{{- end }}
cluster.yaml 값은 내용이 많아서 다음 포스팅에서 정리