138 lines
3.4 KiB
YAML
138 lines
3.4 KiB
YAML
---
|
|
|
|
# Name of the instance. Will be used for the job name, and the services names
|
|
instance: mariadb
|
|
|
|
mariadb:
|
|
|
|
vault:
|
|
policies:
|
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
|
rand_secrets:
|
|
fields:
|
|
- vault_initial_pwd
|
|
- root_pwd
|
|
|
|
# MariaDB server settings
|
|
server:
|
|
|
|
# The image to use
|
|
image: '[[ .docker.repo ]][[ .docker.base_images.mariadb.image ]]'
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 1000
|
|
memory: 512
|
|
|
|
# Custom env var to pass to the container
|
|
env: {}
|
|
|
|
# The address to reach the service from outside of the mesh
|
|
# This will be used for vault to talk to mariadb to handle dynamic credentials
|
|
# (as vault is outside of the service mesh
|
|
public_url: mysql://mariadb.example.org:3306
|
|
|
|
# MariaDB can be exposed using Traefik
|
|
traefik:
|
|
# Toggle if Traefik support is enabled
|
|
enabled: false
|
|
proto: tcp
|
|
# List of entrypoints to bind the sevrice to. This must be a dedicated TCP entrypoint
|
|
entrypoints:
|
|
- mariadb
|
|
|
|
consul:
|
|
connect:
|
|
# We disable the default TCP check, as it adds log noise
|
|
disable_default_tcp_check: true
|
|
|
|
volumes:
|
|
# The data volume is opened as single-node-writer
|
|
# recommended to be a block based volume (iSCSI for example)
|
|
# Also, this volume will connect per alloc, so the alloc ID will be appended.
|
|
# You need to create at least mariadb-data[0]
|
|
data:
|
|
type: csi
|
|
source: '[[ .instance ]]-data'
|
|
per_alloc: true
|
|
|
|
# The manager is a batch job which can
|
|
# - create databases
|
|
# - create users, and add grants
|
|
manage:
|
|
|
|
# The image to use
|
|
image: '[[ .docker.repo ]][[ .docker.base_images.mariadb_client.image ]]'
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 20
|
|
memory: 64
|
|
|
|
# Service to wait for
|
|
wait_for:
|
|
- service: '[[ .instance ]]'
|
|
|
|
# Custom env vars to pass to the container
|
|
env: {}
|
|
|
|
# Dict of databases to create, eg
|
|
# databases:
|
|
# bookstack:
|
|
# charset: utf8mb4
|
|
# collate: utf8mb4_general_ci
|
|
databases: []
|
|
|
|
# Dict of user to create, eg
|
|
# users:
|
|
# kimai:
|
|
# host: %
|
|
# password: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.kimai_pwd }}{{ end }}'
|
|
# grants:
|
|
# - 'ALL PRIVILEGES ON kimai.*'
|
|
users: {}
|
|
|
|
# Consul settings
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
# Connect to the mariadb service from the service mesh
|
|
- destination_name: '[[ .instance ]][[ .consul.suffix ]]'
|
|
local_bind_port: 3306
|
|
|
|
# Backup service, which can create regular dumps of the databases
|
|
backup:
|
|
image: '[[ .docker.repo ]][[ .docker.base_images.mariadb_client.image ]]'
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 300
|
|
memory: 128
|
|
memory_max: 256
|
|
|
|
wait_for:
|
|
- service: '[[ .instance ]]'
|
|
|
|
# Consul settings
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
# Connect to MariaDB in the service mesh
|
|
- destination_name: '[[ .instance ]][[ .consul.suffix ]]'
|
|
local_bind_port: 3306
|
|
|
|
# mysqldump cron
|
|
dumps:
|
|
enabled: False
|
|
compression: 6
|
|
cron: 12 03 * * *
|
|
|
|
volumes:
|
|
# Volume which holds database dumps
|
|
# will be opened as multi-node-multi-writer (can be NFS for example)
|
|
backup:
|
|
type: csi
|
|
source: '[[ .instance ]]-backup'
|
|
access_mode: multi-node-multi-writer
|
|
|