---

# Name of the instance. Will be used for the job name, and the services names
instance: mariadb

mariadb:

  vault:
    policies:
      - '[[ .instance ]][[ .consul.suffix ]]'
    rand_secrets:
      fields:
        - vault_initial_pwd
        - root_pwd

  # MariaDB server settings
  server:

    # The image to use
    image: '[[ .docker.repo ]][[ .docker.base_images.mariadb.image ]]'

    # Resource allocation
    resources:
      cpu: 1000
      memory: 512

    # Custom env var to pass to the container
    env: {}

    # The address to reach the service from outside of the mesh
    # This will be used for vault to talk to mariadb to handle dynamic credentials
    # (as vault is outside of the service mesh
    public_url: mysql://mariadb.example.org:3306

    # MariaDB can be exposed using Traefik
    traefik:
      # Toggle if Traefik support is enabled
      enabled: false
      proto: tcp
      # List of entrypoints to bind the sevrice to. This must be a dedicated TCP entrypoint
      entrypoints:
        - mariadb

    consul:
      connect:
        # We disable the default TCP check, as it adds log noise
        disable_default_tcp_check: true

    volumes:
      # The data volume is opened as single-node-writer
      # recommended to be a block based volume (iSCSI for example)
      # Also, this volume will connect per alloc, so the alloc ID will be appended.
      # You need to create at least mariadb-data[0]
      data:
        type: csi
        source: '[[ .instance ]]-data'
        per_alloc: true

  # The manager is a batch job which can
  # - create databases
  # - create users, and add grants
  manage:

    # The image to use
    image: '[[ .docker.repo ]][[ .docker.base_images.mariadb_client.image ]]'

    # Resource allocation
    resources:
      cpu: 20
      memory: 64

    # Service to wait for
    wait_for:
      - service: '[[ .instance ]]'

    # Custom env vars to pass to the container
    env: {}

    # Dict of databases to create, eg
    # databases:
    #   bookstack:
    #     charset: utf8mb4
    #     collate: utf8mb4_general_ci
    databases: []

    # Dict of user to create, eg
    # users:
    #  kimai:
    #    host: %
    #    password: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.kimai_pwd }}{{ end }}'
    #    grants:
    #      - 'ALL PRIVILEGES ON kimai.*'
    users: {}

    # Consul settings
    consul:
      connect:
        upstreams:
          # Connect to the mariadb service from the service mesh
          - destination_name: '[[ .instance ]][[ .consul.suffix ]]'
            local_bind_port: 3306

  # Backup service, which can create regular dumps of the databases
  backup:
    image: '[[ .docker.repo ]][[ .docker.base_images.mariadb_client.image ]]'

    # Resource allocation
    resources:
      cpu: 300
      memory: 128
      memory_max: 256

    wait_for:
      - service: '[[ .instance ]]'

    # Consul settings
    consul:
      connect:
        upstreams:
          # Connect to MariaDB in the service mesh
          - destination_name: '[[ .instance ]][[ .consul.suffix ]]'
            local_bind_port: 3306

    # mysqldump cron
    dumps:
      enabled: False
      compression: 6
      cron: 12 03 * * *

    volumes:
      # Volume which holds database dumps
      # will be opened as multi-node-multi-writer (can be NFS for example)
      backup:
        type: csi
        source: '[[ .instance ]]-backup'
        access_mode: multi-node-multi-writer