diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 971832d..455f196 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5 -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6-%RELEASE% apiVersion: v2 -appVersion: 0.11.5 +appVersion: 0.11.6 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -15,7 +15,7 @@ dependencies: condition: global.enable_mariadb name: mariadb repository: file://./charts/mariadb - version: 0.5.4 + version: 0.6.0 - alias: metal3-media condition: global.enable_metal3_media_server name: media @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.7+up0.11.5" +version: "%%CHART_MAJOR%%.0.8+up0.11.6" diff --git a/metal3-chart/charts/mariadb/Chart.yaml b/metal3-chart/charts/mariadb/Chart.yaml index df93690..568c00e 100644 --- a/metal3-chart/charts/mariadb/Chart.yaml +++ b/metal3-chart/charts/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 10.6.7 +appVersion: "10.11" description: A Helm chart for MariaDB, used by Metal3 name: mariadb type: application -version: 0.5.4 +version: 0.6.0 diff --git a/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml b/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml new file mode 100644 index 0000000..8db7c4a --- /dev/null +++ b/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-config + labels: + {{- include "mariadb.labels" . | nindent 4 }} +data: + ironic.conf: | + [mariadb] + max_connections 64 + max_heap_table_size 1M + innodb_buffer_pool_size 5M + innodb_log_buffer_size 512K \ No newline at end of file diff --git a/metal3-chart/charts/mariadb/templates/configmap.yaml b/metal3-chart/charts/mariadb/templates/configmap.yaml index 59a2cc1..2815ec0 100644 --- a/metal3-chart/charts/mariadb/templates/configmap.yaml +++ b/metal3-chart/charts/mariadb/templates/configmap.yaml @@ -5,4 +5,7 @@ metadata: labels: {{- include "mariadb.labels" . | nindent 4 }} data: - RESTART_CONTAINER_CERTIFICATE_UPDATED: "false" + MARIADB_USER: ironic + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + MARIADB_DATABASE: ironic + MARIADB_AUTO_UPGRADE: "yes" \ No newline at end of file diff --git a/metal3-chart/charts/mariadb/templates/deployment.yaml b/metal3-chart/charts/mariadb/templates/deployment.yaml index 070c2fb..86b3cfa 100644 --- a/metal3-chart/charts/mariadb/templates/deployment.yaml +++ b/metal3-chart/charts/mariadb/templates/deployment.yaml @@ -25,23 +25,50 @@ spec: serviceAccountName: {{ include "mariadb.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + # This would run during entrypoint if run as root + - name: set-volume-owners + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 0 + allowPrivilegeEscalation: true + capabilities: + drop: + - ALL + add: + - CHOWN + - FOWNER + - DAC_OVERRIDE + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: mariadb-conf + mountPath: /etc/mysql/conf.d + - name: mariadb-run + mountPath: /run/mysql + {{- $volmounts }} + command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories'] + env: + - name: DATADIR + value: /var/lib/mysql + - name: SOCKET + value: /run/mysql/mysql.sock containers: - name: mariadb image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + envFrom: + - configMapRef: + name: mariadb-cm env: - name: MARIADB_PASSWORD valueFrom: secretKeyRef: key: password name: ironic-mariadb - - name: RESTART_CONTAINER_CERTIFICATE_UPDATED - valueFrom: - configMapKeyRef: - name: mariadb-cm - key: RESTART_CONTAINER_CERTIFICATE_UPDATED lifecycle: preStop: exec: @@ -52,9 +79,9 @@ spec: livenessProbe: exec: command: - - sh - - -c - - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD) + - healthcheck.sh + - --connect + - --innodb_initialized failureThreshold: 10 initialDelaySeconds: 30 periodSeconds: 30 @@ -67,19 +94,29 @@ spec: readinessProbe: exec: command: - - sh - - -c - - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD) + - healthcheck.sh + - --connect + - --innodb_initialized failureThreshold: 10 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 10 volumeMounts: + - name: mariadb-conf + mountPath: /etc/mysql/conf.d + - name: mariadb-run + mountPath: /run/mysql {{- $volmounts }} {{- with .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} volumes: + - name: mariadb-conf + configMap: + name: mariadb-config + - name: mariadb-run + emptyDir: + sizeLimit: 20Mi {{- $volumes }} diff --git a/metal3-chart/charts/mariadb/values.yaml b/metal3-chart/charts/mariadb/values.yaml index 7d2fbce..3d6639c 100644 --- a/metal3-chart/charts/mariadb/values.yaml +++ b/metal3-chart/charts/mariadb/values.yaml @@ -12,9 +12,9 @@ service: targetPort: 3306 image: - repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb + repository: registry.suse.com/suse/mariadb pullPolicy: IfNotPresent - tag: 10.6.15.1 + tag: 10.11 nameOverride: "" fullnameOverride: "" @@ -31,8 +31,8 @@ serviceAccount: podAnnotations: {} podSecurityContext: - runAsUser: 10060 - fsGroup: 10060 + runAsUser: 60 + fsGroup: 60 securityContext: allowPrivilegeEscalation: false @@ -60,6 +60,7 @@ persistence: volumeMounts: - name: mariadb-data-volume mountPath: /var/lib/mysql + subPath: data volumes: - name: mariadb-data-volume diff --git a/metal3-chart/values.yaml b/metal3-chart/values.yaml index e7c4f1b..2d24c8a 100644 --- a/metal3-chart/values.yaml +++ b/metal3-chart/values.yaml @@ -115,8 +115,8 @@ metal3-mariadb: persistence: storageClass: "" image: - repository: "registry.suse.com/edge/mariadb" - tag: "10.6.15.1" + repository: "registry.suse.com/suse/mariadb" + tag: "10.11" # # Baremetal Operator diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index fabfa0c..949dff6 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -171,7 +171,7 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3" - version: "%%CHART_MAJOR%%.0.7+up0.11.5" + version: "%%CHART_MAJOR%%.0.8+up0.11.6" - prettyName: RancherTurtles releaseName: rancher-turtles chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"