gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add helm charts

Browse Source
This commit is contained in:
Ybehrooz
2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
backing-services/mssql/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,44 @@
Execute the following to get the administrator credentials:
echo Username: sa
MSSQL_SA_PASSWORD=$(kubectl -n {{ include "common.names.namespace" . }} get secret {{ template "mssql.secretName" . }} -o jsonpath="{.data.mssql-root-password}" | base64 -d)
To connect to your database:
1. Run a pod that you can use as a client:
kubectl -n {{ include "common.names.namespace" . }} run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mssql.client.image" . }} --env MSSQL_SA_PASSWORD=$MSSQL_SA_PASSWORD --command -- bash
2. To connect to primary service (read/write):
sqlcmd -C -S {{ include "mssql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} -U sa -P "$MSSQL_SA_PASSWORD"
{{- if eq .Values.architecture "replication" }}
3. To connect to secondary service (read-only):
sqlcmd -C -S {{ include "mssql.secondary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} -U sa -P "$MSSQL_SA_PASSWORD"
{{- end }}
{{- if not .Values.backup.persistence.enabled }}
#################################################################################
###### WARNING: Persistence is disabled for BACKUPs !!! #####
###### !!! You will lose your backups when #####
###### the primary pod is terminated. #####
######## Check @param backup.persistence.enabled to metigate this ########
#################################################################################
{{- end }}
#################################################################################
####################### DISCLAIMER ################################
#################################################################################
BY DEPLOYING THIS HELM CHART, YOU ARE ACCEPTING THE END-USER Licensing Agreement
of Microsoft SQL Server:
https://go.microsoft.com/fwlink/?LinkId=746388
IF YOU ARE NOT ACCEPTING THAT LICENSE, YOU MUST DELETE THIS RELEASE IMMEDIATELY:
# helm -n {{ .Release.Namespace }} delete {{ .Release.Name }}
#################################################################################

161
backing-services/mssql/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,161 @@
{{/* vim: set filetype=mustache: */}}
{{- define "mssql.primary.fullname" -}}
{{- if eq .Values.architecture "replication" }}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- include "common.names.fullname" . -}}
{{- end -}}
{{- end -}}
{{- define "mssql.primary.hasVolumeClaims" -}}
{{- or (and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim)) (and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim)) -}}
{{- end -}}
{{- define "mssql.secondary.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.secondary.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper MSSQL image name
*/}}
{{- define "mssql.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper MSSQL Client image name
*/}}
{{- define "mssql.client.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.client.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper metrics image name
*/}}
{{- define "mssql.metrics.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "mssql.volumePermissions.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "mssql.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
{{- end -}}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
{{- define "mssql.initdbScriptsCM" -}}
{{- if .Values.initdbScriptsConfigMap -}}
{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}}
{{- else -}}
{{- printf "%s-init-scripts" (include "mssql.primary.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns the proper service account name depending if an explicit service account name is set
in the values file. If the name is not set it will default to either mssql.fullname if serviceAccount.create
is true or default otherwise.
*/}}
{{- define "mssql.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the configmap with the MSSQL Primary configuration
*/}}
{{- define "mssql.primary.configmapName" -}}
{{- if .Values.primary.existingConfigmap -}}
{{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s" (include "mssql.primary.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the configmap with the MSSQL Primary configuration
*/}}
{{- define "mssql.secondary.configmapName" -}}
{{- if .Values.secondary.existingConfigmap -}}
{{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s" (include "mssql.secondary.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the secret with MSSQL credentials
*/}}
{{- define "mssql.secretName" -}}
{{- if .Values.auth.existingSecret -}}
{{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created for MSSQL
*/}}
{{- define "mssql.createSecret" -}}
{{- if not .Values.auth.existingSecret }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Returns the available value for certain key in an existing secret (if it exists),
otherwise it generates a random value.
*/}}
{{- define "getValueFromSecret" }}
{{- $len := (default 16 .Length) | int -}}
{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $obj }}
{{- index $obj .Key | b64dec -}}
{{- else -}}
{{- randAlphaNum $len -}}
{{- end -}}
{{- end }}
{{/* Check if there are rolling tags in the images */}}
{{- define "mssql.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "mssql.validateValues" -}}
{{- $messages := list -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Compute all databases that requires backup
*/}}
{{- define "mssql.backup.databases" -}}
{{- $databases := prepend .Values.backup.databases .Values.auth.database }}
{{- $databases -}}
{{- end -}}

77
backing-services/mssql/templates/backup/cronjob.yaml Normal file
View File

@@ -0,0 +1,77 @@
{{- $databases := .Values.backup.databases -}}
{{- if .Values.backup.enabled }}
{{ range $_, $database := $databases }}
{{- $databaseKebab := (regexReplaceAll "\\W+" $database "-" | lower ) -}}
{{ $databaseKebab = (trimSuffix "-" $databaseKebab ) }}
{{ $databaseKebab = (regexReplaceAll "_" $databaseKebab "-" ) }}
---
apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }}
kind: CronJob
metadata:
name: {{ printf "%s-snapshotter-db-%s" (include "common.names.fullname" $) $databaseKebab }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
concurrencyPolicy: Forbid
schedule: {{ $.Values.backup.cronjob.schedule | quote }}
successfulJobsHistoryLimit: {{ $.Values.backup.cronjob.historyLimit }}
jobTemplate:
spec:
template:
metadata:
labels: {{- include "common.labels.standard" $ | nindent 12 }}
app.kubernetes.io/component: snapshotter
{{- if $.Values.backup.cronjob.podAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.backup.cronjob.podAnnotations "context" $) | nindent 12 }}
{{- end }}
spec:
{{- if $.Values.backup.cronjob.nodeSelector }}
nodeSelector: {{- toYaml $.Values.backup.cronjob.nodeSelector | nindent 12 }}
{{- end }}
{{- if $.Values.backup.cronjob.tolerations }}
tolerations: {{- toYaml $.Values.backup.cronjob.tolerations | nindent 12 }}
{{- end }}
{{- include "mssql.imagePullSecrets" $ | nindent 10 }}
restartPolicy: OnFailure
{{- if $.Values.backup.cronjob.podSecurityContext.enabled }}
securityContext: {{- omit $.Values.backup.cronjob.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
containers:
- name: mssql-snapshotter
image: {{ template "mssql.client.image" $ }}
imagePullPolicy: {{ $.Values.image.pullPolicy | quote }}
{{- if $.Values.backup.cronjob.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.backup.cronjob.containerSecurityContext "enabled" | toYaml | nindent 16 }}
{{- end }}
command:
- /bin/sh
- -c
- |
export now=$(date +%Y-%m-%d_%Hh%Mm%Ssec)
export database="{{ $database }}"
sqlcmd -C -S {{ include "mssql.primary.fullname" $ }}.{{ include "common.names.namespace" $ }}.svc.{{ $.Values.clusterDomain }} \
-U sa -P "$MSSQL_SA_PASSWORD" \
-e -Q \
{{ (include "common.tplvalues.render" ( dict "value" $.Values.backup.cronjob.commandTemplate "context" $ )) | quote }}
if [ "$?" = "0" ];then
echo "In the primary DB, restore this snapshot by running:"
echo "# bash /tmp/entrypoint-scripts/restore.sh $database $now"
fi
env:
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mssql.secretName" $ }}
key: mssql-root-password
{{- if $.Values.backup.cronjob.resources }}
resources: {{- toYaml $.Values.backup.cronjob.resources | nindent 16 }}
{{- end }}
{{- end }}
{{- end }}

30
backing-services/mssql/templates/backup/persistentvolumeclaim.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ printf "backups-%s" (include "mssql.primary.fullname" .) }}
labels: {{ include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.backup.persistence.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.backup.persistence.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.backup.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.backup.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.backup.persistence "global" .Values.global) | nindent 2 }}
{{- if .Values.backup.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.backup.persistence.selector "context" $) | nindent 4 }}
{{- end -}}
{{- end }}

31
backing-services/mssql/templates/metrics-svc.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: metrics
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
ports:
- port: {{ .Values.metrics.service.port }}
targetPort: metrics
protocol: TCP
name: metrics
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
{{- end }}

40
backing-services/mssql/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.primary.service.ports.mssql }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.networkPolicy.explicitNamespacesSelector }}
namespaceSelector:
{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
{{- end }}
- podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
{{- end }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes
- ports:
- port: {{ .Values.metrics.service.port }}
{{- end }}
{{- end }}

34
backing-services/mssql/templates/primary/configmap.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mssql.primary.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
# https://github.com/microsoft/mssql-docker/blob/master/linux/sample-helm-chart/templates/mssqlconfig.yaml
# More params: https://github.com/Microdust/mssqlserver-docker/blob/master/mssql.conf
mssql.conf: |
[EULA]
accepteula = Y
accepteulaml = Y
[coredump]
captureminiandfull = true
coredumptype = full
[hadr]
hadrenabled = 1
[language]
lcid = 1033
[filelocation]
defaultdatadir = {{ .Values.primary.persistence.mount }}
defaultlogdir = /var/opt/mssql/log

19
backing-services/mssql/templates/primary/initialization-configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if or .Values.auth.database (and .Values.initdbScripts (not .Values.initdbScriptsConfigMap)) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-init-scripts" (include "mssql.primary.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if .Values.auth.username }}
{{ (tpl (.Files.Glob "files/sql/00_create_db_owner_user.sql").AsConfig .) | indent 2}}
{{- end }}
{{- end }}

25
backing-services/mssql/templates/primary/pdb.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.primary.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "mssql.primary.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.primary.pdb.minAvailable }}
minAvailable: {{ .Values.primary.pdb.minAvailable }}
{{- end }}
{{- if .Values.primary.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: primary
{{- end }}

324
backing-services/mssql/templates/primary/statefulset.yaml Normal file
View File

@@ -0,0 +1,324 @@
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "mssql.primary.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: 1
podManagementPolicy: {{ .Values.primary.podManagementPolicy | quote }}
selector:
matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: primary
serviceName: {{ include "mssql.primary.fullname" . }}
{{- if .Values.primary.updateStrategy }}
updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
{{- if .Values.primary.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: primary
{{- if .Values.primary.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "mssql.serviceAccountName" . }}
{{- include "mssql.imagePullSecrets" . | nindent 6 }}
{{- if .Values.primary.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.primary.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.primary.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.primary.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.primary.priorityClassName }}
priorityClassName: {{ .Values.primary.priorityClassName | quote }}
{{- end }}
{{- if .Values.primary.schedulerName }}
schedulerName: {{ .Values.primary.schedulerName | quote }}
{{- end }}
{{- if .Values.primary.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.primary.podSecurityContext.enabled }}
securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.primary.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }}
- name: volume-permissions
image: {{ include "mssql.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
mkdir -p "{{ .Values.primary.persistence.mount }}" "{{ .Values.backup.persistence.mount }}"
chown "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}" "{{ .Values.primary.persistence.mount }}" "{{ .Values.backup.persistence.mount }}"
find "{{ .Values.primary.persistence.mount }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}"
find "{{ .Values.backup.persistence.mount }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}"
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.primary.persistence.mount }}
- name: backup
mountPath: {{ .Values.backup.persistence.mount }}
{{- end }}
{{- if .Values.primary.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: mssql
image: {{ include "mssql.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.primary.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.primary.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
# https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-configure-environment-variables?view=sql-server-ver16
- name: ACCEPT_EULA
value: "Y"
- name: SQLCMD_ACCEPT_EULA
value: "YES"
- name: MSSQL_PID
value: {{ .Values.edition }}
- name: MSSQL_TCP_PORT
value: {{ .Values.primary.service.ports.mssql | quote }}
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mssql.secretName" . }}
key: mssql-root-password
{{- if not (empty .Values.auth.username) }}
- name: MSSQL_USER
value: {{ .Values.auth.username | quote }}
- name: MSSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mssql.secretName" . }}
key: mssql-password
- name: SQLCMDPASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mssql.secretName" . }}
key: mssql-password
{{- end }}
{{- if and .Values.auth.createDatabase .Values.auth.database }}
- name: MSSQL_DATABASE
value: {{ .Values.auth.database | quote }}
- name: MSSQL_DATABASE_COLLATE
value: {{ .Values.auth.databaseCollate | quote }}
{{- end }}
- name: MSSQL_COLLATION
value: {{ .Values.auth.databaseCollate | quote }}
- name: MSSQL_DATA_DIR
value: {{ .Values.primary.persistence.mount }}
- name: MSSQL_BACKUP_DIR
value: {{ .Values.backup.persistence.mount }}
{{- if eq .Values.architecture "replication" }}
- name: MSSQL_REPLICATION_MODE
value: "master"
- name: MSSQL_REPLICATION_USER
value: {{ .Values.auth.replicationUser | quote }}
- name: MSSQL_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mssql.secretName" . }}
key: mssql-replication-password
{{- end }}
{{- if .Values.primary.extraFlags }}
- name: MSSQL_EXTRA_FLAGS
value: "{{ .Values.primary.extraFlags }}"
{{- end }}
{{- if .Values.primary.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.primary.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.primary.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: mssql
containerPort: {{ .Values.primary.service.ports.mssql }}
{{- if .Values.primary.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
sqlcmd -C -S localhost -U sa -P "$MSSQL_SA_PASSWORD" -Q "SELECT 1"
{{- end }}
{{- if .Values.primary.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
sqlcmd -C -S localhost -U sa -P "$MSSQL_SA_PASSWORD" -Q "USE {{ .Values.auth.database }}"
{{- end }}
{{- if .Values.primary.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
sqlcmd -C -S localhost -U sa -P "$MSSQL_SA_PASSWORD" -Q "USE {{ .Values.auth.database }}"
{{- end }}
{{- if .Values.primary.resources }}
resources: {{ toYaml .Values.primary.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.primary.persistence.mount }}
- name: backup
mountPath: {{ .Values.backup.persistence.mount }}
- name: init-scripts-configmap
mountPath: /tmp/init-scripts-configmap
{{- if or .Values.primary.configuration .Values.primary.existingConfigmap }}
- name: config
mountPath: /var/opt/mssql/mssql.conf
subPath: mssql.conf
{{- end }}
{{- if .Values.primary.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "mssql.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
env:
- name: SERVER
value: localhost
- name: PORT
value: {{ .Values.primary.service.ports.mssql | quote }}
- name: USERNAME
value: sa
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mssql.secretName" . }}
key: mssql-root-password
ports:
- name: metrics
containerPort: {{ .Values.metrics.service.port }}
{{- if .Values.metrics.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }}
httpGet:
path: /metrics
port: metrics
{{- end }}
{{- if .Values.metrics.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }}
httpGet:
path: /metrics
port: metrics
{{- end }}
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.primary.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.primary.configuration .Values.primary.existingConfigmap }}
- name: config
configMap:
name: {{ include "mssql.primary.configmapName" . }}
{{- end }}
- name: init-scripts-configmap
configMap:
name: {{ printf "%s-init-scripts" (include "mssql.primary.fullname" .) }}
{{- if .Values.primary.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ tpl .Values.primary.persistence.existingClaim . }}
{{- else if not .Values.primary.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- if and .Values.backup.persistence.enabled .Values.backup.persistence.existingClaim }}
- name: backup
persistentVolumeClaim:
claimName: {{ tpl .Values.backup.persistence.existingClaim . }}
{{- else if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim)}}
- name: backup
persistentVolumeClaim:
claimName: {{ printf "backups-%s" (include "mssql.primary.fullname" .) }}
{{- else if not .Values.backup.persistence.enabled }}
- name: backup
emptyDir: {}
{{- end }}
{{- if (include "mssql.primary.hasVolumeClaims" .) }}
volumeClaimTemplates:
{{- end }}
{{- if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }}
- metadata:
name: data
labels: {{ include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }}
{{- end }}
annotations:
{{- if .Values.primary.persistence.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.primary.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.primary.persistence.size | quote }}
{{- include "common.storage.class" ( dict "persistence" .Values.primary.persistence ) | nindent 8 }}
{{- if .Values.primary.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }}
{{- end -}}
{{- end }}

24
backing-services/mssql/templates/primary/svc-headless.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "mssql.primary.fullname" . }}-headless
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: mssql
port: {{ .Values.primary.service.ports.mssql }}
targetPort: mssql
selector: {{ include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: primary

52
backing-services/mssql/templates/primary/svc.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "mssql.primary.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: primary
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.primary.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.primary.service.type }}
{{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }}
clusterIP: {{ .Values.primary.service.clusterIP }}
{{- end }}
{{- if .Values.primary.service.sessionAffinity }}
sessionAffinity: {{ .Values.primary.service.sessionAffinity }}
{{- end }}
{{- if .Values.primary.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}
{{- end }}
ports:
- name: mssql
port: {{ .Values.primary.service.ports.mssql }}
protocol: TCP
targetPort: mssql
{{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePorts.mssql) }}
nodePort: {{ .Values.primary.service.nodePorts.mssql }}
{{- else if eq .Values.primary.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.primary.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{ include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: primary

22
backing-services/mssql/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ printf "%s-scc-anyuid" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:openshift:scc:anyuid
subjects:
- kind: ServiceAccount
name: {{ include "mssql.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}

21
backing-services/mssql/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if eq (include "mssql.createSecret" .) "true" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
mssql-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) }}
mssql-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-password" "length" 10 "providedValues" (list "auth.password") "context" $) }}
{{- if eq .Values.architecture "replication" }}
mssql-replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mssql-replication-password" "length" 10 "providedValues" (list "auth.replicationPassword") "context" $) }}
{{- end }}
{{- end }}

25
backing-services/mssql/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "mssql.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- if (not .Values.auth.customPasswordFiles) }}
secrets:
- name: {{ template "mssql.secretName" . }}
{{- end }}
{{- end }}

49
backing-services/mssql/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
endpoints:
- port: metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
{{- end }}