Modified variables.tf for helm chart version

README.md

@@ -1,7 +1,10 @@
 ## MySQL DB
-![squareops_avatar]
 
-[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://squareops.com/wp-content/uploads/2020/05/Squareops-png-white.png1-3.png">
+  <source media="(prefers-color-scheme: light)" srcset="https://squareops.com/wp-content/uploads/2021/09/Squareops-png-1-1.png">
+  <img src="https://squareops.com/wp-content/uploads/2021/09/Squareops-png-1-1.png">
+</picture>
 
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
@@ -12,6 +15,7 @@ This module allows you to easily deploy a MySQL database on Kubernetes using Hel
 |  MysqlDB Helm Chart Version    |     K8s supported version (EKS, AKS & GKE)  |  
 | :-----:                       |         :---                |
 | **9.2.0**                     |    **1.23,1.24,1.25,1.26,1.27**           |
+| **10.1.0**                     |   **1.23,1.24,1.25,1.26,1.27,1.28,1.29** |
 
 
 ## Usage Example
@@ -70,7 +74,7 @@ module "mysql" {
   namespace        = local.namespace
   mysqldb_config = {
     name                             = "mysql"
-    app_version                      = "8.0.29-debian-11-r9"
+    app_version                      = "8.0.36-debian-12-r10"
     environment                      = "prod"
     values_yaml                      = ""
     architecture                     = "replication"
@@ -180,15 +184,15 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_app_version"></a> [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.0.29-debian-11-r9"` | no |
+| <a name="input_app_version"></a> [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.0.36-debian-12-r10"` | no |
 | <a name="input_azure_container_name"></a> [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no |
 | <a name="input_azure_storage_account_key"></a> [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no |
 | <a name="input_azure_storage_account_name"></a> [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
 | <a name="input_bucket_provider_type"></a> [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"gcs"` | no |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"9.2.0"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
 | <a name="input_custom_user_password"></a> [custom\_user\_password](#input\_custom\_user\_password) | custom user password for MongoDB | `string` | `""` | no |
+| <a name="input_helm_chart_version"></a> [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"10.1.0"` | no |
 | <a name="input_iam_role_arn_backup"></a> [iam\_role\_arn\_backup](#input\_iam\_role\_arn\_backup) | IAM role ARN for backup (AWS) | `string` | `""` | no |
 | <a name="input_iam_role_arn_restore"></a> [iam\_role\_arn\_restore](#input\_iam\_role\_arn\_restore) | IAM role ARN for restore (AWS) | `string` | `""` | no |
 | <a name="input_metric_exporter_pasword"></a> [metric\_exporter\_pasword](#input\_metric\_exporter\_pasword) | Metric exporter password for MongoDB | `string` | `""` | no |

examples/complete/aws/README.md

@@ -22,8 +22,8 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aws"></a> [aws](#module\_aws) | squareops/mysql/kubernetes//modules/resources/aws | n/a |
-| <a name="module_mysql"></a> [mysql](#module\_mysql) | squareops/mysql/kubernetes | n/a |
+| <a name="module_aws"></a> [aws](#module\_aws) | ../../../modules/resources/aws | n/a |
+| <a name="module_mysql"></a> [mysql](#module\_mysql) | ../../../ | n/a |
 
 ## Resources
 

examples/complete/aws/helm/values.yaml

@@ -4,7 +4,7 @@ primary:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
                 - matchExpressions:
-                    - key: "Infra-Services"
+                    - key: "Addons-Services"
                       operator: In
                       values:
                       - "true"
@@ -37,7 +37,7 @@ secondary:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
                 - matchExpressions:
-                    - key: "Infra-Services"
+                    - key: "Addons-Services"
                       operator: In
                       values:
                       - "true"
@@ -80,7 +80,7 @@ affinity:
         requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
-                - key: "Infra-Services"
+                - key: "Addons-Services"
                   operator: In
                   values:
                   - "true"
@@ -100,4 +100,4 @@ restorejob:
       cpu: 100m
     limits:
       memory: 500Mi
-      cpu: 200m
+      cpu: 200m

examples/complete/aws/main.tf

@@ -1,15 +1,15 @@
 locals {
   name        = "mysql"
-  region      = "us-east-2"
+  region      = "us-west-2"
   environment = "prod"
-  additional_tags = {
+  additional_aws_tags = {
     Owner      = "organization_name"
     Expires    = "Never"
     Department = "Engineering"
   }
-  create_namespace                   = false
+  create_namespace                   = true
   namespace                          = "mysql"
-  store_password_to_secret_manager   = false
+  store_password_to_secret_manager   = true
   mysqldb_custom_credentials_enabled = true
   mysqldb_custom_credentials_config = {
     root_user            = "root"
@@ -25,8 +25,9 @@ locals {
 }
 
 module "aws" {
-  source                             = "squareops/mysql/kubernetes//modules/resources/aws"
-  cluster_name                       = "cluster-name"
+  # source                             = "squareops/mysql/kubernetes//modules/resources/aws"
+  source                             = "../../../modules/resources/aws"
+  eks_cluster_name                   = ""
   environment                        = local.environment
   name                               = local.name
   namespace                          = local.namespace
@@ -37,13 +38,14 @@ module "aws" {
 }
 
 module "mysql" {
-  source           = "squareops/mysql/kubernetes"
+  # source           = "squareops/mysql/kubernetes"
+  source           = "../../../"
   create_namespace = local.create_namespace
   namespace        = local.namespace
   mysqldb_config = {
     name                             = local.name
     values_yaml                      = file("./helm/values.yaml")
-    app_version                      = "8.0.29-debian-11-r9"
+    app_version                      = "8.0.36-debian-12-r10"
     environment                      = local.environment
     architecture                     = "replication"
     custom_database                  = "test_db"

examples/complete/aws/provider.tf

@@ -1,7 +1,7 @@
 provider "aws" {
   region = local.region
   default_tags {
-    tags = local.additional_tags
+    tags = local.additional_aws_tags
   }
 }
 

helm/values/mysqldb/values.yaml

@@ -19,6 +19,14 @@ global:
 mysql_metrics_exporter:
   password: ${metrics_exporter_password}
 
+compatibility:
+    ## Compatibility adaptations for Openshift
+    ##
+    openshift:
+      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
+      ##
+      adaptSecurityContext: auto
+
 ## @section Common parameters
 
 ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
@@ -49,6 +57,9 @@ commonLabels:
 ##
 extraDeploy: []
 
+serviceBindings:
+  enabled: false
+
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode:
@@ -189,18 +200,17 @@ primary:
     explicit_defaults_for_timestamp
     basedir=/opt/bitnami/mysql
     plugin_dir=/opt/bitnami/mysql/lib/plugin
-    port=3306
+    port={{ .Values.primary.containerPorts.mysql }}
     socket=/opt/bitnami/mysql/tmp/mysql.sock
     datadir=/bitnami/mysql/data
     tmpdir=/opt/bitnami/mysql/tmp
     max_allowed_packet=16M
-    bind-address=0.0.0.0
+    bind-address=*
     pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
-    log_error=/opt/bitnami/mysql/logs/mysqld.log
+    log-error=/opt/bitnami/mysql/logs/mysqld.log
     character-set-server=UTF8
     collation-server=utf8_general_ci
-    slow_query_log=1
-    slow_query_log_file=/bitnami/mysql/slow-log.log
+    slow_query_log=0
     long_query_time=10.0
 
     [client]
@@ -220,6 +230,8 @@ primary:
   ## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
   ##
+  containerPorts:
+    mysql: 3306
   updateStrategy:
     type: RollingUpdate
   ## @param primary.podAnnotations Additional pod annotations for MySQL primary pods
@@ -303,6 +315,9 @@ primary:
   ##
   podSecurityContext:
     enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
     fsGroup: 1001
   ## MySQL primary container security context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
@@ -312,8 +327,16 @@ primary:
   ##
   containerSecurityContext:
     enabled: true
+    seLinuxOptions: {}
     runAsUser: 1001
+    runAsGroup: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
   ## MySQL primary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -584,12 +607,12 @@ secondary:
     datadir=/bitnami/mysql/data
     tmpdir=/opt/bitnami/mysql/tmp
     max_allowed_packet=16M
-    bind-address=0.0.0.0
+    bind-address=*
     pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
-    log_error=/opt/bitnami/mysql/logs/mysqld.log
+    log-error=/opt/bitnami/mysql/logs/mysqld.log
     character-set-server=UTF8
     collation-server=utf8_general_ci
-    slow_query_log=1
+    slow_query_log=0
     slow_query_log_file=/bitnami/mysql/slow-log.log
     long_query_time=10.0
 
@@ -693,8 +716,12 @@ secondary:
   ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
   ##
   podSecurityContext:
-    enabled: true
-    fsGroup: 1001
+      enabled: true
+      fsGroupChangePolicy: Always
+      sysctls: []
+      supplementalGroups: []
+      fsGroup: 1001
+
   ## MySQL secondary container security context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
@@ -703,8 +730,16 @@ secondary:
   ##
   containerSecurityContext:
     enabled: true
+    seLinuxOptions: {}
     runAsUser: 1001
+    runAsGroup: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
   ## MySQL secondary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -953,7 +988,7 @@ serviceAccount:
   annotations: {}
   ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
   ##
-  automountServiceAccountToken: true
+  automountServiceAccountToken: false
 
 ## Role Based Access
 ## ref: https://kubernetes.io/docs/admin/authorization/rbac/
@@ -1022,8 +1057,8 @@ volumePermissions:
   ##
   image:
     registry: docker.io
-    repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r10
+    repository: bitnami/os-shell
+    tag: 12-debian-12-r18
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
     ## Secrets must be manually created in the namespace.
@@ -1054,7 +1089,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/mysqld-exporter
-    tag: 0.14.0-debian-11-r9
+    tag: 0.15.1-debian-12-r10
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
     ## Secrets must be manually created in the namespace.
@@ -1071,6 +1106,22 @@ metrics:
   ## @param metrics.service.port MySQL Prometheus Exporter service port
   ## @param metrics.service.annotations [object] Prometheus exporter service annotations
   ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
+  ## @param metrics.containerPorts.http Container port for http
+  ##
+  containerPorts:
+    http: 9104
   service:
     type: ClusterIP
     port: 9104

main.tf

@@ -10,7 +10,7 @@ resource "helm_release" "mysqldb" {
   depends_on = [kubernetes_namespace.mysqldb]
   name       = "mysqldb"
   chart      = "mysql"
-  version    = var.chart_version
+  version    = var.helm_chart_version
   timeout    = 600
   namespace  = var.namespace
   repository = "https://charts.bitnami.com/bitnami"

modules/backup/templates/cronjob.yaml

@@ -13,7 +13,7 @@ spec:
     spec:
       template:
         spec:
-          affinity: 
+          affinity:
             {{- toYaml .Values.affinity | nindent 12 }}
           restartPolicy: OnFailure
           imagePullSecrets:
@@ -44,5 +44,5 @@ spec:
               value:  "s3"
             - name: AWS_DEFAULT_REGION
               value: {{ .Values.backup.aws_default_region }}
-            resources: 
+            resources:
               {{- toYaml .Values.backupjob.resources | nindent 14 }}

modules/resources/aws/README.md

@@ -35,8 +35,8 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
 | <a name="input_custom_user_username"></a> [custom\_user\_username](#input\_custom\_user\_username) | n/a | `string` | `""` | no |
+| <a name="input_eks_cluster_name"></a> [eks\_cluster\_name](#input\_eks\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
 | <a name="input_mysqldb_custom_credentials_config"></a> [mysqldb\_custom\_credentials\_config](#input\_mysqldb\_custom\_credentials\_config) | Specify the configuration settings for MySQL to pass custom credentials during creation | `any` | <pre>{<br>  "custom_user_password": "",<br>  "custom_username": "",<br>  "exporter_password": "",<br>  "exporter_user": "",<br>  "replication_password": "",<br>  "replication_user": "",<br>  "root_password": "",<br>  "root_user": ""<br>}</pre> | no |
 | <a name="input_mysqldb_custom_credentials_enabled"></a> [mysqldb\_custom\_credentials\_enabled](#input\_mysqldb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MySQL database. | `bool` | `false` | no |

modules/resources/aws/main.tf

@@ -9,7 +9,7 @@ locals {
 data "aws_caller_identity" "current" {}
 
 data "aws_eks_cluster" "kubernetes_cluster" {
-  name = var.cluster_name
+  name = var.eks_cluster_name
 }
 
 resource "random_password" "mysqldb_root_password" {
@@ -70,7 +70,7 @@ resource "aws_secretsmanager_secret_version" "mysql_user_password" {
 }
 
 resource "aws_iam_role" "mysql_backup_role" {
-  name = format("%s-%s-%s", var.cluster_name, var.name, "mysql-backup")
+  name = format("%s-%s-%s", var.eks_cluster_name, var.name, "mysql-backup")
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -113,7 +113,7 @@ resource "aws_iam_role" "mysql_backup_role" {
 
 
 resource "aws_iam_role" "mysql_restore_role" {
-  name = format("%s-%s-%s", var.cluster_name, var.name, "mysql-restore")
+  name = format("%s-%s-%s", var.eks_cluster_name, var.name, "mysql-restore")
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [