Merge pull request #263 from vshn/feature/mariadb

Add composition for MariaDB service
vshn · Dec 5, 2023 · b29426c · b29426c
2 parents 0f8ff23 + 4416f34
commit b29426c
Show file tree

Hide file tree

Showing 54 changed files with 1,881 additions and 257 deletions.
diff --git a/component/class/appcat.yml b/component/class/appcat.yml
@@ -65,6 +65,7 @@ parameters:
           - ${_base_directory}/component/vshn_services.jsonnet
           - ${_base_directory}/component/statefuleset-resize-controller.jsonnet
           - ${_base_directory}/component/functions.jsonnet
+          - ${_base_directory}/component/vshn_appcat_services.jsonnet
         input_type: jsonnet
         output_path: appcat/
 

diff --git a/component/class/defaults.yml b/component/class/defaults.yml
@@ -4,6 +4,9 @@ parameters:
       redis:
         source: https://charts.bitnami.com/bitnami
         version: 17.7.1
+      mariadb:
+        source: https://charts.bitnami.com/bitnami
+        version: 10.1.3
       minio:
         source: https://charts.min.io
         version: 5.0.13
@@ -39,7 +42,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: v4.44.1
+        tag: v4.44.2
       apiserver:
         registry: ghcr.io
         repository: vshn/appcat-apiserver
@@ -64,7 +67,54 @@ parameters:
     tenantID: ${cluster:tenant}
     quotasEnabled: false
     grpcEndpoint: host.docker.internal:9443
-
+    defaultRestoreRoleRules:
+      - apiGroups:
+          - vshn.appcat.vshn.io
+        resources:
+          - "*"
+        verbs:
+          - get
+      - apiGroups:
+          - "k8up.io"
+        resources:
+          - snapshots
+        verbs:
+          - get
+      - apiGroups:
+          - ""
+        resources:
+          - secrets
+        verbs:
+          - get
+          - create
+          - delete
+      - apiGroups:
+          - apps
+        resources:
+          - statefulsets/scale
+        verbs:
+          - update
+          - patch
+      - apiGroups:
+          - apps
+        resources:
+          - statefulsets
+        verbs:
+          - get
+      - apiGroups:
+          - batch
+        resources:
+          - jobs
+        verbs:
+          - get
+      - apiGroups:
+          - ""
+        resources:
+          - events
+        verbs:
+          - get
+          - create
+          - patch
     controller:
       enabled: false
       namespace: ${appcat:namespace}
@@ -101,6 +151,7 @@ parameters:
         APPCAT_HANDLER_ENABLED: "true"
         VSHN_POSTGRES_BACKUP_HANDLER_ENABLED: "false"
         VSHN_REDIS_BACKUP_HANDLER_ENABLED: "false"
+        VSHN_MARIADB_BACKUP_HANDLER_ENABLED: "false"
       extraArgs: []
       extraEnv: {}
       apiservice:
@@ -118,6 +169,15 @@ parameters:
     slos:
       enabled: true
       alertsEnabled: true
+      uptimeDefaults:
+        objective: 99.9
+        alerting:
+          page_alert:
+            # This should reduce non actionable alerts because of single instance restarts.
+            # The page alert looks (ammong other things) at the burn rate over the last 5min.
+            # If the alert is pending for more than 5m this indicates a real problem.
+            for: 6m
+          ticket_alert: {}
       namespace: appcat-slos
       namespaceLabels: ${appcat:namespaceLabels}
       namespaceAnnotations: ${appcat:namespaceAnnotations}
@@ -157,36 +217,14 @@ parameters:
         ticket_labels:
           severity: "warning"
       vshn:
-        postgres:
-          uptime:
-            objective: 99.9
-            alerting:
-              page_alert:
-                # This should reduce non actionable alerts because of single instance restarts.
-                # The page alert looks (ammong other things) at the burn rate over the last 5min.
-                # If the alert is pending for more than 5m this indicates a real problem.
-                for: 6m
-              ticket_alert: {}
-        redis:
-          uptime:
-            objective: 99.9
-            alerting:
-              page_alert:
-                # This should reduce non actionable alerts because of single instance restarts.
-                # The page alert looks (ammong other things) at the burn rate over the last 5min.
-                # If the alert is pending for more than 5m this indicates a real problem.
-                for: 6m
-              ticket_alert: {}
-        minio:
-          uptime:
-            objective: 99.9
-            alerting:
-              page_alert:
-                # This should reduce non actionable alerts because of single instance restarts.
-                # The page alert looks (ammong other things) at the burn rate over the last 5min.
-                # If the alert is pending for more than 5m this indicates a real problem.
-                for: 6m
-              ticket_alert: {}
+        PostgreSQL:
+          uptime: ${appcat:slos:uptimeDefaults}
+        Redis:
+          uptime: ${appcat:slos:uptimeDefaults}
+        Minio:
+          uptime: ${appcat:slos:uptimeDefaults}
+        MariaDB:
+          uptime: ${appcat:slos:uptimeDefaults}
 
     providers:
       cloudscale:
@@ -254,6 +292,7 @@ parameters:
       vshn:
         enabled: false
         externalDatabaseConnectionsEnabled: "false"
+        e2eTests: false
         quotasEnabled: ${appcat:quotasEnabled}
         secretNamespace: ${crossplane:namespace}
         emailAlerting:
@@ -264,6 +303,8 @@ parameters:
           smtpFromAddress: myuser@example.com
           secretNamespace: syn-appcat
           secretName: mailgun-smtp-credentials
+        stsResizer:
+          enabled: true
         postgres:
           # bucket_region: 'lpg' || 'ch-gva-2'
           bucket_region: ""
@@ -455,6 +496,69 @@ parameters:
                 memory: "1Gi"
                 disk: 50Gi
           instances: []
+        services:
+          mariadb:
+            serviceName: VSHNMariaDB
+            connectionSecretKeys:
+              - ca.crt
+              - MARIADB_HOST
+              - MARIADB_PORT
+              - MARIADB_USERNAME
+              - MARIADB_PASSWORD
+              - MARIADB_URL
+            mode: standalone
+            offered: true
+            enabled: false
+            restoreSA: mariadbrestoreserviceaccount
+            restoreRoleRules: ${appcat:defaultRestoreRoleRules}
+            openshiftTemplate:
+              serviceName: mariadbbyvshn
+              description: "The open source relational database management system (DBMS) that is a compatible drop-in replacement for the widely used MySQL database technology"
+              message: 'Your MariaDB by VSHN instance is being provisioned, please see \${SECRET_NAME} for access.'
+              url: https://vs.hn/vshn-mariadb
+              tags: "database,sql,mariadb"
+              icon: "icon-mariadb"
+              defaultVersion: "11.2"
+            enableNetworkPolicy: false
+            secretNamespace: ${appcat:services:vshn:secretNamespace}
+            helmChartVersion: ${appcat:charts:mariadb:version}
+            imageRegistry: ""
+            bucket_region: "lpg"
+            grpcEndpoint: ${appcat:grpcEndpoint}
+            proxyFunction: false
+            defaultPlan: standard-1
+            sla: 99.25
+            plans:
+              standard-512m:
+                size:
+                  enabled: true
+                  cpu: "125m"
+                  memory: "512Mi"
+                  disk: 16Gi
+              standard-1:
+                size:
+                  enabled: true
+                  cpu: "250m"
+                  memory: "1Gi"
+                  disk: 16Gi
+              standard-2:
+                size:
+                  enabled: true
+                  cpu: "500m"
+                  memory: "2Gi"
+                  disk: 16Gi
+              standard-4:
+                size:
+                  enabled: true
+                  cpu: "1"
+                  memory: "4Gi"
+                  disk: 16Gi
+              standard-8:
+                size:
+                  enabled: true
+                  cpu: "2"
+                  memory: "8Gi"
+                  disk: 16Gi
 
       # Config for exoscale composites
       exoscale:

diff --git a/component/component/main.jsonnet b/component/component/main.jsonnet
@@ -167,10 +167,14 @@ local emailSecret = kube.Secret(params.services.vshn.emailAlerting.secretName) {
   '10_appcat_maintenance_recording_rule': maintenanceRule,
   [if params.services.vshn.enabled && params.services.vshn.emailAlerting.enabled then '10_mailgun_secret']: emailSecret,
 
-} + if params.slos.enabled then {
-  [if params.services.vshn.enabled && params.services.vshn.postgres.enabled then 'sli_exporter/90_slo_vshn_postgresql']: slos.Get('vshn-postgresql'),
-  [if params.services.vshn.enabled && params.services.vshn.postgres.enabled then 'sli_exporter/90_slo_vshn_postgresql_ha']: slos.Get('vshn-postgresql-ha'),
-  [if params.services.vshn.enabled && params.services.vshn.redis.enabled then 'sli_exporter/90_slo_vshn_redis']: slos.Get('vshn-redis'),
-  [if params.services.vshn.enabled && params.services.vshn.redis.enabled then 'sli_exporter/90_slo_vshn_redis_ha']: slos.Get('vshn-redis-ha'),
+} + if params.slos.enabled && params.services.vshn.enabled then {
+  [if params.services.vshn.postgres.enabled then 'sli_exporter/90_slo_vshn_postgresql']: slos.Get('vshn-postgresql'),
+  [if params.services.vshn.postgres.enabled then 'sli_exporter/90_slo_vshn_postgresql_ha']: slos.Get('vshn-postgresql-ha'),
+  [if params.services.vshn.redis.enabled then 'sli_exporter/90_slo_vshn_redis']: slos.Get('vshn-redis'),
+  [if params.services.vshn.redis.enabled then 'sli_exporter/90_slo_vshn_redis_ha']: slos.Get('vshn-redis-ha'),
+  [if params.services.vshn.minio.enabled then 'sli_exporter/90_slo_vshn_minio']: slos.Get('vshn-minio'),
+  [if params.services.vshn.minio.enabled then 'sli_exporter/90_slo_vshn_minio_ha']: slos.Get('vshn-minio-ha'),
+  [if params.services.vshn.services.mariadb.enabled then 'sli_exporter/90_slo_vshn_mariadb']: slos.Get('vshn-mariadb'),
+  [if params.services.vshn.services.mariadb.enabled then 'sli_exporter/90_slo_vshn_mariadb_ha']: slos.Get('vshn-mariadb-ha'),
 }
 else {}
diff --git a/component/component/provider.jsonnet b/component/component/provider.jsonnet
@@ -285,6 +285,11 @@ local runtimeConfigRef(name) = {
           resources: [ 'jobs' ],
           verbs: [ 'get', 'list', 'watch', 'create', 'delete' ],
         },
+        {
+          apiGroups: [ 'monitoring.coreos.com' ],
+          resources: [ 'servicemonitors' ],
+          verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+        },
       ],
     };
     local rolebinding = kube.ClusterRoleBinding('crossplane:provider:provider-helm:system:custom') {