From 77ce16909e72669652e3566650bc470dc734d454 Mon Sep 17 00:00:00 2001 From: Laur IVAN Date: Tue, 24 Feb 2026 19:20:36 +0100 Subject: [PATCH] chore:: Initial commit for mysql. --- .../mysql-operator/app.ks.yaml | 55 ++++ .../mysql-operator/app/helmrelease.yaml | 28 ++ .../mysql-operator/app/kustomization.yaml | 8 + .../mysql-operator/app/ocirepository.yaml | 19 ++ .../mysql-operator/cluster/helmrelease.yaml | 290 ++++++++++++++++++ .../mysql-operator/cluster/kustomization.yaml | 12 + .../mysql-operator/cluster/ocirepository.yaml | 19 ++ .../mysql-operator/cluster/pvc.yaml | 11 + .../cluster/replicationdestination.yaml | 28 ++ .../cluster/replicationsource.yaml | 26 ++ .../mysql-operator/cluster/secrets.sops.yaml | 22 ++ .../mysql-operator/kustomization.yaml | 0 12 files changed, 518 insertions(+) create mode 100644 kubernetes/apps/database-system/mysql-operator/app.ks.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/app/helmrelease.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/app/kustomization.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/app/ocirepository.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/helmrelease.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/kustomization.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/ocirepository.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/pvc.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/replicationdestination.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/replicationsource.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/cluster/secrets.sops.yaml create mode 100644 kubernetes/apps/database-system/mysql-operator/kustomization.yaml diff --git a/kubernetes/apps/database-system/mysql-operator/app.ks.yaml b/kubernetes/apps/database-system/mysql-operator/app.ks.yaml new file mode 100644 index 0000000..083cc10 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/app.ks.yaml @@ -0,0 +1,55 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mysql-operator + namespace: &namespace database-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + # healthChecks: + # - apiVersion: helm.toolkit.fluxcd.io/v2 + # kind: HelmRelease + # name: *app + # namespace: *namespace + interval: 30m + path: ./kubernetes/apps/database/mysql-operator/app + prune: true + retryInterval: 1m + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: *namespace + timeout: 5m + wait: true + +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mysql-innodbcluster + namespace: &namespace database +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: mysql-operator + namespace: *namespace + - name: openebs + namespace: openebs-system + interval: 30m + path: ./kubernetes/apps/database-system/mysql-operator/cluster + prune: true + retryInterval: 1m + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: *namespace + timeout: 5m + wait: true \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/app/helmrelease.yaml b/kubernetes/apps/database-system/mysql-operator/app/helmrelease.yaml new file mode 100644 index 0000000..29d7ea3 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/app/helmrelease.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mysql-operator +spec: + interval: 15m + chartRef: + kind: OCIRepository + name: mysql-operator + maxHistory: 2 + install: + crds: Create + remediation: + retries: -1 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + image: + pullPolicy: IfNotPresent + envs: + imagesPullPolicy: IfNotPresent + k8sClusterDomain: cluster.local \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/app/kustomization.yaml b/kubernetes/apps/database-system/mysql-operator/app/kustomization.yaml new file mode 100644 index 0000000..5af4822 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://raw.githubusercontent.com/mysql/mysql-operator/9.3.0-2.2.4/deploy/deploy-crds.yaml + - ./helmrelease.yaml + - ./ocirepository.yaml \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/app/ocirepository.yaml b/kubernetes/apps/database-system/mysql-operator/app/ocirepository.yaml new file mode 100644 index 0000000..fb88145 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/app/ocirepository.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: OCIRepository +metadata: + name: mysql-operator +spec: + interval: 5m + layerSelector: + mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip + operation: copy + ref: + tag: 2.2.5 + url: oci://ghcr.io/astrateam-net/oci-charts/mysql-operator + verify: + provider: cosign + matchOIDCIdentity: + - issuer: "^https://token.actions.githubusercontent.com$" + subject: "^https://github.com/astrateam-net/oci-charts.*$" \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/helmrelease.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/helmrelease.yaml new file mode 100644 index 0000000..27c97d3 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/helmrelease.yaml @@ -0,0 +1,290 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mysql-innodbcluster +spec: + interval: 15m + chartRef: + kind: OCIRepository + name: mysql-innodbcluster + maxHistory: 2 + install: + remediation: + retries: -1 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + image: + pullPolicy: IfNotPresent + pullSecrets: + enabled: false + secretName: + datadirVolumeClaimTemplate: + storageClassName: openebs-hostpath + accessModes: ReadWriteOnce + resources: + requests: + storage: 10Gi + tls: + useSelfSigned: true + serverVersion: 8.0.31 + serverInstances: 1 + routerInstances: 1 # or use router.instances + baseServerId: 1000 + podSpec: + resources: + requests: + cpu: 50m + memory: 1200M + limits: + cpu: 300m + memory: 2250M + router: + resources: + requests: + cpu: 48m + memory: 64M + backupProfiles: + - name: mysql-db-backup + dumpInstance: + storage: + persistentVolumeClaim: + claimName: mysql-db-backup-pvc + backupSchedules: + - name: mysql-backup-pvc-schedule + schedule: "0 1 * * *" + backupProfileName: mysql-db-backup + enabled: true + + #instanceService: + # annotations: + # ann1: "is_avalue1" + # labels: + # l1: "is_lvalue1" + + #service: + # type: "ClusterIP" + # annotations: + # ann1: "es_avalue1" + # labels: + # l1: "es_lvalue1" + + #datadirPermissions: + # setRightsUsingInitContainer: false + # fsGroupChangePolicy: "Always" + + #logs: + # error: + # enabled: true + # collect: false + # general: + # enabled: false + # collect: false + # slowQuery: + # enabled: false + # longQueryTime: 2.5 + # collector: + # image: "192.168.20.198:5000/fluentd-es:v1.16" + # fluentd: + # forwarding: + # enabled: false + # forwarderSpec: + # podSpec: + # terminationGracePeriod: 42 + # podAnnotations: + # forwarderAnnotation1: forwarderAnnotation1Value + # podLabels: + # forwarderLabel1: forwarderLabel1Value + # generalLog: + # tag: "genLogTag" + ## options: + # errorLog: + # tag: "errLogTag" + ## options: + ## slowLog: + # tag: "slowLogTag" + ## options: + # recordAugmentation: + # enabled: false + # labels: + # - fieldName: "pod_name" + # labelName: "statefulset.kubernetes.io/pod-name" + # annotations: + # - fieldName: "membership-info" + # labelName: "mysql.oracle.com/membership-info" + # staticFields: + # - fieldName: "static_field_1" + # fieldValue: "static_field_1_value" + # resourceFields: + # - fieldName: "pod_ip" + # fieldPath: "status.podIP" + # - fieldName: "host_ip" + # fieldPath: "status.hostIP" + # additionalFilterConfiguration: | + # filterConfigValueLine1 + # filterConfigValueLine1 + # sink: + ## rawConfig: + + + #keyring: + # file: + # fileName: + # readOnly: + # storage: + # encryptedFile: + # fileName: + # readOnly: + # storage: + # password: + # oci: + # user: "ocid1.user.oc1..." + # keySecret: "oci-credentials" + # keyFingerprint: "" + # tenancy: "ocid1.tenancy.oc1..." + # compartment: "ocid1.compartment.oc1..." + # virtualVault: "ocid1.vault.oc1.." + # masterKey: "ocid1.key.oc1..." + # caCertificate: "" + # endpoints: + # encryption: "-crypto.kms..oraclecloud.com" + # management: "-management.kms..oraclecloud.com" + # vaults: "vaults..oci.oraclecloud.com" + # secrets: "secrets.vaults..oci.oraclecloud.com" + + + #podSpec: + # containers: + # - name: mysql + # resources: + # requests: + # memory: "2048Mi" # adapt to your needs + # cpu: "1800m" # adapt to your needs + # limits: + # memory: "8192Mi" # adapt to your needs + # cpu: "3600m" # adapt to your needs + # + #podAnnotations: + #podLabels: + + #serverConfig: + # mycnf: | + # [mysqld] + # core_file + # local_infile=off + + + #datadirVolumeClaimTemplate: + # accessModes: + # resources: + # requests: + # storage: + + #initDB: + # dump: + # name: + # path: + # options: + # includeSchemas: + # ociObjectStorage: + # prefix: + # bucketName: + # credentials: + # s3: + # prefix: + # config: + # bucketName: + # profile: + # endpoint + # azure: + # prefix: + # config: + # containerName: + # persistentVolumeClaim: + # clone: + # donorUrl: + # rootUser: + # credentials: + + + #backupProfiles: + #- name: dump-instance-profile-pvc + # dumpInstance: + # dumpOptions: + # excludeSchemas: ["excludeme"] + # storage: + # persistentVolumeClaim: + # claimName: backup-volume-claim-1 + #- name: dump-instance-profile-oci + # dumpInstance: + # dumpOptions: + # excludeSchemas: ["excludeme"] + # storage: + # ociObjectStorage: + # prefix : / + # bucketName: idbcluster_backup + # credentials: oci-credentials + # + #- name: snapshot-profile-oci + # snapshot: + # storage: + # ociObjectStorage: + # prefix : / + # bucketName: idbcluster_backup + # credentials: oci-credentials + # s3: + # prefix: + # config: + # bucketName: + # profile: + # endpoint + # azure: + # prefix: + # config: + # containerName: + # + #backupSchedules: + #- name: schedule-ref + # schedule: "*/1 * * * *" + # timeZone: "Europe/Amsterdam" + # deleteBackupData: false + # backupProfileName: dump-instance-profile-oci + # enabled: true + #- name: schedule-inline + # schedule: "*/1 * * * *" + # timeZone: "Europe/Amsterdam" + # deleteBackupData: false + # enabled: true + # backupProfile: + # dumpInstance: + # dumpOptions: + # excludeSchemas: ["excludeme"] + # storage: + # ociObjectStorage: + # prefix : / + # bucketName: idbcluster_backup + # credentials: oci-credentials + + + # If you would like to debug the Helm output with `helm template`, you need + # to turn disableLookups on as during `helm template` Helm won't contact the kube API + # and all lookups will thus fail + disableLookups: false + + # Set explicit FQDN for MySQL instances + # serviceFqdnTemplate: "{service}.{namespace}.svc.{domain}" + valuesFrom: + - targetPath: credentials.root.user + kind: Secret + name: mysql-secret + valuesKey: rootUser + - targetPath: credentials.root.password + kind: Secret + name: mysql-secret + valuesKey: rootPassword \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/kustomization.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/kustomization.yaml new file mode 100644 index 0000000..0dc7d05 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./ocirepository.yaml + #- ./externalsecret.yaml + # - ./replicationsource.yaml + # - ./pvc.yaml + # - ./replicationdestination.yaml + - ./secrets.sops.yaml diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/ocirepository.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/ocirepository.yaml new file mode 100644 index 0000000..1343320 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/ocirepository.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: OCIRepository +metadata: + name: mysql-innodbcluster +spec: + interval: 5m + layerSelector: + mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip + operation: copy + ref: + tag: 2.2.5 + url: oci://ghcr.io/astrateam-net/oci-charts/mysql-innodbcluster + verify: + provider: cosign + matchOIDCIdentity: + - issuer: "^https://token.actions.githubusercontent.com$" + subject: "^https://github.com/astrateam-net/oci-charts.*$" \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/pvc.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/pvc.yaml new file mode 100644 index 0000000..393d3c4 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/pvc.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-db-backup-pvc +spec: + accessModes: ["ReadWriteMany"] + resources: + requests: + storage: 10Gi + storageClassName: nfs-slow \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/replicationdestination.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/replicationdestination.yaml new file mode 100644 index 0000000..8ad3c33 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/replicationdestination.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: "mysql-db-backup-dst" + labels: + kustomize.toolkit.fluxcd.io/ssa: IfNotPresent +spec: + trigger: + manual: restore-once + restic: + repository: "mysql-db-backup-volsync-secret" + copyMethod: Snapshot + volumeSnapshotClassName: "csi-ceph-blockpool" + cacheStorageClassName: "ceph-block" + cacheAccessModes: ["ReadWriteOnce"] + cacheCapacity: 2Gi + storageClassName: "ceph-block" + accessModes: ["ReadWriteOnce"] + capacity: 10Gi + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + enableFileDeletion: true + cleanupCachePVC: true + cleanupTempPVC: true \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/replicationsource.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/replicationsource.yaml new file mode 100644 index 0000000..89a7d17 --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/replicationsource.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://k8s-validation-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: &name "mysql-db-backup" +spec: + sourcePVC: "mysql-db-backup" + trigger: + schedule: "0 2 * * *" + restic: + copyMethod: "Snapshot" + pruneIntervalDays: 14 + repository: "mysql-db-backup-volsync-secret" + volumeSnapshotClassName: "csi-ceph-blockpool" + cacheCapacity: 10Gi + cacheStorageClassName: "ceph-block" + cacheAccessModes: ["ReadWriteOnce"] + storageClassName: "ceph-block" + accessModes: ["ReadWriteOnce"] + moverSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + retain: + daily: 7 \ No newline at end of file diff --git a/kubernetes/apps/database-system/mysql-operator/cluster/secrets.sops.yaml b/kubernetes/apps/database-system/mysql-operator/cluster/secrets.sops.yaml new file mode 100644 index 0000000..a26b5ed --- /dev/null +++ b/kubernetes/apps/database-system/mysql-operator/cluster/secrets.sops.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: rook-ceph-dashboard-password +stringData: + api-token: ENC[AES256_GCM,data:Q/EO1flnXjhh/GuaFMufV4T6a6X6+slo1g==,iv:YsQmkJ6VRkmAWya6Fmlt6YUW/yX3DTqZOS6Z2c8+WwA=,tag:hAUOIr8hDFRRHYeXyxvhpg==,type:str] +sops: + age: + - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncEg3QlNCdXJvMlFvUVgx + RU9jU2E1K3h5dlphWmN4R3VhdXBYaDhybFZFCjJuRjFoZ25RQU53RDhpeElTb1Ba + RXVYdWFFVFlZT0JmOXRRc3JlWk9zdmcKLS0tIDhFSkJJcytTR1JIZlBIT2ZNZGJ6 + YWxtMWJrd3hUQlQ3dG04TlRWdy9VbzQKNcokkZu9wDTKM17sLcJ7OkafSI1nFhyO + /IM1vRlkJh12vPFE4351skFkgDdExf4gRoZH9MzXdDSh5b/2YBl8Ig== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-24T13:42:07Z" + mac: ENC[AES256_GCM,data:l5WfPr1HQ94V+TbgLFavTF569qO/9hcgqh7XP3NRZH/Z8/xfL496Cint2DwNkE6RB1JPAM4CpsOeCF3HItOgvonokIgZswyCeKwdU5nrWH9UO9pkAIsVjVLRNSbXJhsZiRJQmdQ2SescDSs/5S3wo+x8EO8PPj41TbZBvzUolcw=,iv:3QsirCiB81SVZ+yNAMr1IdWAbtHywPC8E444y+UEem8=,tag:u6uk/YdzQ2Svb3Tbbx3TGw==,type:str] + encrypted_regex: ^(data|stringData)$ + mac_only_encrypted: true + version: 3.11.0 diff --git a/kubernetes/apps/database-system/mysql-operator/kustomization.yaml b/kubernetes/apps/database-system/mysql-operator/kustomization.yaml new file mode 100644 index 0000000..e69de29