Skip to content

Commit

Permalink
[keystone][pxc-db] Add support for PXC galera cluster
Browse files Browse the repository at this point in the history
* Add support for PXC galera cluster URL
* Update mysql-metrics and utils charts to support galera cluster
* Remove mariadb-galera support
* Remove unused helm helper functions db_host and keystone_db_host
* Update percona_cluster to 1.1.9 with correct linkerd configuration
* Update linkerd-support and owner-info to release versions
  • Loading branch information
s10 committed Dec 20, 2024
1 parent 40ee7c9 commit aedac40
Show file tree
Hide file tree
Showing 6 changed files with 67 additions and 50 deletions.
18 changes: 9 additions & 9 deletions openstack/keystone/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,26 @@ dependencies:
- name: mariadb
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.14.2
- name: mariadb-galera
- name: pxc-db
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.29.3
version: 0.2.0
- name: memcached
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.5.3
- name: mysql_metrics
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.3.5
version: 0.4.1
- name: owner-info
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.2.3
version: 1.0.0
- name: percona_cluster
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 1.1.7
version: 1.1.9
- name: utils
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.15.0
version: 0.21.0
- name: linkerd-support
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.1.4
digest: sha256:7f3e9665e9e649af94735fe7b6233667353fe5aca639dc86e295def90a56f4b7
generated: "2024-09-30T20:42:46.060829+05:30"
version: 1.1.0
digest: sha256:5b96192207a4b1db506ca740ba0d812d5e98eb5865c628b10086e19d38694e71
generated: "2024-12-20T15:22:39.713091+02:00"
20 changes: 10 additions & 10 deletions openstack/keystone/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,34 +9,34 @@ maintainers:
name: keystone
sources:
- https://github.com/sapcc/keystone
version: 0.8.0
version: 0.9.0
dependencies:
- condition: mariadb.enabled
name: mariadb
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.14.2
- condition: mariadb_galera.enabled
name: mariadb-galera
alias: mariadb_galera
- condition: pxc_db.enabled
name: pxc-db
alias: pxc_db
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.29.3
version: 0.2.0
- name: memcached
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.5.3
- condition: mysql_metrics.enabled
name: mysql_metrics
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.3.5
version: 0.4.1
- name: owner-info
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.2.3
version: 1.0.0
- condition: percona_cluster.enabled
name: percona_cluster
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 1.1.7
version: 1.1.9
- name: utils
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.15.0
version: 0.21.0
- name: linkerd-support
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.1.4
version: 1.1.0
17 changes: 16 additions & 1 deletion openstack/keystone/ci/test-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ global:
db_region: local
region: test
master_password: test
registryAlternateRegion: test
registryAlternateRegion: test
dockerHubMirror: mirror0
dockerHubMirrorAlternateRegion: test2
osprofiler:
Expand All @@ -23,6 +23,21 @@ osprofiler:
jager:
enabled: true

mariadb:
root_password: topSecret!
backup_v2:
enabled: false
users:
keystone:
name: keystone
password: topSecret!
backup:
name: backup
password: topSecret!

mysql_metrics:
db_password: topSecret!

rabbitmq:
users:
default:
Expand Down
17 changes: 0 additions & 17 deletions openstack/keystone/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name $name | trunc 63 | replace "_" "-" | trimSuffix "-" -}}
{{- end -}}

{{- define "db_host" -}}
{{- if .Values.global.clusterDomain -}}
{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}
{{- else if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}}
{{.Release.Name}}-mariadb.{{.Release.Namespace}}
{{- else -}}
{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}
{{- end -}}
{{- end -}}

{{- define "memcached_host" -}}
{{- if .Values.global.clusterDomain -}}
{{.Release.Name}}-memcached.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}
Expand All @@ -45,13 +35,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}

{{/*
To satisfy common/mysql_metrics :(
*/}}

{{define "keystone_db_host"}}{{- if .Values.global.clusterDomain }}{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}{{ else }}{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}{{- end -}}{{end}}


{{- define "2faproxy.selectorLabels" -}}
app.kubernetes.io/name: 2faproxy
app.kubernetes.io/instance: {{ .Release.Name }}
Expand Down
13 changes: 3 additions & 10 deletions openstack/keystone/templates/etc/_secrets.conf.tpl
Original file line number Diff line number Diff line change
@@ -1,17 +1,10 @@
[database]
# Database connection string - MariaDB for regional setup
# and Percona Cluster for inter-regional setup:
{{ if .Values.percona_cluster.enabled -}}
{{/* in caase percona is active and we need to switch the connection string to mariadb-galera cluster without removing the percona cluster objects */}}
{{- if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}}
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
{{- else }}
{{- if or .Values.percona_cluster.enabled (eq .Values.dbType "pxc-global") }}
connection = {{ include "db_url_pxc" . }}
{{- end }}
{{- else if .Values.global.clusterDomain -}}
connection = mysql+pymysql://{{ default .Release.Name .Values.global.dbUser }}:{{.Values.global.dbPassword }}@{{include "db_host" .}}/{{ default .Release.Name .Values.mariadb.name }}?charset=utf8
{{- else if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}}
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
{{- else if .Values.dbType }}
connection = {{ include "utils.db_url" . }}
{{- else }}
connection = {{ include "db_url_mysql" . }}
{{- end }}
Expand Down
32 changes: 29 additions & 3 deletions openstack/keystone/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -296,10 +296,36 @@ mariadb:
# Annotate the Deployment, StatefulSet or DaemonSet with vpa-butler.cloud.sap/main-container=$MAIN_CONTAINER. That will distribute 75% of the maximum available capacity to the main container and the rest evenly across all others
set_main_container: true

# MariaDB Galera cluster as database backend
# mariadb.enabled has to be false if Galera is enabled
mariadb_galera:
pxc_db:
enabled: false
name: keystone
initdb_job: true
alerts:
support_group: identity
databases:
- keystone
users:
keystone:
name: keystone
grants:
- "ALL PRIVILEGES on keystone.*"
pxc:
resources:
requests:
memory: 1Gi
persistence:
size: 10Gi
backup:
enabled: false
s3:
secrets:
aws_access_key_id: null
aws_secret_access_key: null
config:
region: DEFINED-IN-SECRETS
endpointUrl: DEFINED-IN-SECRETS
pitr:
enabled: false

mysql_metrics:
enabled: true
Expand Down

0 comments on commit aedac40

Please sign in to comment.