diff --git a/release-notes/enterprise-operator/25.10.md b/release-notes/enterprise-operator/25.10.md new file mode 100644 index 0000000000..048b042dc8 --- /dev/null +++ b/release-notes/enterprise-operator/25.10.md @@ -0,0 +1,36 @@ +# MariaDB Enterprise Kubernetes Operator 25.08 LTS + +**Release date**: 28th October 2025 + +We are excited to announce release of **MariaDB Enterprise Operator 25.10** - delivering enterprise-grade automation for managing MariaDB Enterprise workloads on Kubernetes and Red Hat OpenShift. + +If you're upgrading from previous versions, __please follow the [UPGRADE GUIDE](https://mariadb.com/docs/tools/mariadb-enterprise-operator/migrations/migrate-25.10)__ to ensure a safe transition. + +### Replication-based topology + +The operator now supports provisioning and operating MariaDB clusters using asynchronous replication as a high availability topology, providing an alternative to the existing synchronous multi-master topology based on Galera. In a replication setup, one primary server handles all write operations while one or more replica servers replicate data from the primary, being able to handle read operations. More precisely, the primary has a binary log and the replicas asynchronously replicate the binary log events over the network. + +Operations and the lifecycle of the replication cluster are fully managed by the operator, including provisioning, scaling, replica recovery and disaster recovery. For the primary switchover and failover operations, we recommend using MaxScale 25.10, currently supported by this version. + +Please refer to the [replication documentation](https://mariadb.com/docs/tools/mariadb-enterprise-operator/topologies/replication) for more details about this topology. + +### LTS releases + +With the 25.10 release, we’re introducing annual LTS releases for the Enterprise Kubernetes Operator to provide long-term stability and a predictable upgrade path. LTS releases focus on security updates and critical bug fixes and maintain CRD compatibility within the LTS release, helping teams meet SLAs and reduce operational overhead in mission-critical environments. New features will continue to ship in the rolling releases between LTS cycles, while the LTS serves as a hardened, stable baseline. + +Please refer to the [OpenShift](https://mariadb.com/docs/tools/mariadb-enterprise-operator/installation/openshift#release-channels) and [Helm](https://mariadb.com/docs/tools/mariadb-enterprise-operator/installation/helm#long-term-support-versions) documentation to start using LTS releases. + +### Platform and component versions + +The current release has been tested with the following versions: + +| Platform/Component | Version | +| ------------------------- | -------- | +| Kubernetes | 1.34 | +| OpenShift | 4.18.6 | +| MariaDB Enterprise Server | 11.8.3-1 | +| MaxScale | 25.10.0 | + +{% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} + +{% @marketo/form formid="4316" formId="4316" %} diff --git a/tools/SUMMARY.md b/tools/SUMMARY.md index b66c1badc1..65eea4d255 100644 --- a/tools/SUMMARY.md +++ b/tools/SUMMARY.md @@ -45,10 +45,13 @@ * [Helm](mariadb-enterprise-operator/installation/helm.md) * [OpenShift](mariadb-enterprise-operator/installation/openshift.md) * [Quickstart](mariadb-enterprise-operator/quickstart.md) - * [Standalone MariaDB](mariadb-enterprise-operator/standalone-mariadb.md) - * [Galera Cluster](mariadb-enterprise-operator/galera-cluster.md) - * [High Availability](mariadb-enterprise-operator/high-availability.md) - * [MaxScale Database Proxy](mariadb-enterprise-operator/maxscale-database-proxy.md) + * [Topologies](mariadb-enterprise-operator/topologies/README.md) + * [Standalone](mariadb-enterprise-operator/topologies/standalone.md) + * [High Availability](mariadb-enterprise-operator/topologies/high-availability.md) + * [Asynchronous Replication](mariadb-enterprise-operator/topologies/replication.md) + * [Synchronous Multi-master With Galera](mariadb-enterprise-operator/topologies/galera.md) + * [MaxScale Database Proxy](mariadb-enterprise-operator/topologies/maxscale.md) + * [Data Plane](mariadb-enterprise-operator/topologies/data-plane.md) * [Backup and Restore](mariadb-enterprise-operator/backup-and-restore/README.md) * [Logical backups](mariadb-enterprise-operator/backup-and-restore/logical_backup.md) * [Physical backups](mariadb-enterprise-operator/backup-and-restore/physical_backup.md) @@ -58,6 +61,7 @@ * [Updates](mariadb-enterprise-operator/updates.md) * [Metrics](mariadb-enterprise-operator/metrics.md) * [SQL Resources](mariadb-enterprise-operator/sql-resources.md) + * [External MariaDB](mariadb-enterprise-operator/external-mariadb.md) * [Metadata](mariadb-enterprise-operator/metadata.md) * [Suspend Reconciliation](mariadb-enterprise-operator/suspend-reconciliation.md) * [Plugins](mariadb-enterprise-operator/plugins/README.md) @@ -71,6 +75,7 @@ * [Migrate Community operator to Enterprise operator](mariadb-enterprise-operator/migrations/migrate-community-operator-to-enterprise-operator.md) * [Migrate external MariaDB into Kubernetes](mariadb-enterprise-operator/migrations/migrate-external-mariadb-into-kubernetes.md) * [Migrate to Enterprise Operator 25.08](mariadb-enterprise-operator/migrations/migrate-25.08.md) + * [Migrate to Enterprise Operator 25.10](mariadb-enterprise-operator/migrations/migrate-25.10.md) * [MariaDB Enterprise MCP Server](mariadb-enterprise-mcp-server/README.md) * [Overview](mariadb-enterprise-mcp-server/introduction/README.md) * [Features](mariadb-enterprise-mcp-server/features/README.md) diff --git a/tools/mariadb-enterprise-manager/administration/deployment/hardware-and-system-requirements.md b/tools/mariadb-enterprise-manager/administration/deployment/hardware-and-system-requirements.md index 51a4ea6f65..d63c924016 100644 --- a/tools/mariadb-enterprise-manager/administration/deployment/hardware-and-system-requirements.md +++ b/tools/mariadb-enterprise-manager/administration/deployment/hardware-and-system-requirements.md @@ -22,7 +22,7 @@ Tip: Adjust storage size depending on your requirements for metrics retention. ## Enterprise Manager Agent🕵 -The agent must be installed on each [MariaDB Server](https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/mariadb-quickstart-guides/basics-guide#connecting-to-mariadb-server) and [MaxScale](../../../mariadb-enterprise-operator/maxscale-database-proxy.md) instance you wish to monitor. Below are the supported operating systems. +The agent must be installed on each [MariaDB Server](https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/mariadb-quickstart-guides/basics-guide#connecting-to-mariadb-server) and [MaxScale](../../../mariadb-enterprise-operator/topologies/maxscale.md) instance you wish to monitor. Below are the supported operating systems. ### Supported Platforms for MariaDB Server diff --git a/tools/mariadb-enterprise-operator/api-reference.md b/tools/mariadb-enterprise-operator/api-reference.md index dd118e8332..4f50772da7 100644 --- a/tools/mariadb-enterprise-operator/api-reference.md +++ b/tools/mariadb-enterprise-operator/api-reference.md @@ -13,6 +13,7 @@ Package v1alpha1 contains API Schema definitions for the v1alpha1 API group - [Backup](#backup) - [Connection](#connection) - [Database](#database) +- [ExternalMariaDB](#externalmariadb) - [Grant](#grant) - [MariaDB](#mariadb) - [MaxScale](#maxscale) @@ -27,7 +28,7 @@ Package v1alpha1 contains API Schema definitions for the v1alpha1 API group -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#affinity-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#affinity-v1-core. @@ -67,6 +68,41 @@ _Appears in:_ | `antiAffinityEnabled` _boolean_ | AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA.
Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. | | | +#### Agent + + + +Agent is a sidecar agent that co-operates with mariadb-enterprise-operator. + + + +_Appears in:_ +- [Galera](#galera) +- [GaleraSpec](#galeraspec) +- [Replication](#replication) +- [ReplicationSpec](#replicationspec) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `command` _string array_ | Command to be used in the Container. | | | +| `args` _string array_ | Args to be used in the Container. | | | +| `env` _[EnvVar](#envvar) array_ | Env represents the environment variables to be injected in a container. | | | +| `envFrom` _[EnvFromSource](#envfromsource) array_ | EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. | | | +| `volumeMounts` _[VolumeMount](#volumemount) array_ | VolumeMounts to be used in the Container. | | | +| `livenessProbe` _[Probe](#probe)_ | LivenessProbe to be used in the Container. | | | +| `readinessProbe` _[Probe](#probe)_ | ReadinessProbe to be used in the Container. | | | +| `startupProbe` _[Probe](#probe)_ | StartupProbe to be used in the Container. | | | +| `resources` _[ResourceRequirements](#resourcerequirements)_ | Resources describes the compute resource requirements. | | | +| `securityContext` _[SecurityContext](#securitycontext)_ | SecurityContext holds security configuration that will be applied to a container. | | | +| `image` _string_ | Image name to be used by the MariaDB instances. The supported format is `:`. | | | +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `port` _integer_ | Port where the agent will be listening for API connections. | | | +| `probePort` _integer_ | Port where the agent will be listening for probe connections. | | | +| `kubernetesAuth` _[KubernetesAuth](#kubernetesauth)_ | KubernetesAuth to be used by the agent container | | | +| `basicAuth` _[BasicAuth](#basicauth)_ | BasicAuth to be used by the agent container | | | +| `gracefulShutdownTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests. | | | + + #### Backup @@ -81,7 +117,7 @@ Backup is the Schema for the backups API. It is used to define backup jobs and i | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `Backup` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[BackupSpec](#backupspec)_ | | | | @@ -124,7 +160,7 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `successfulJobsHistoryLimit` _integer_ | SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. | | Minimum: 0
| | `failedJobsHistoryLimit` _integer_ | FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. | | Minimum: 0
| @@ -134,12 +170,12 @@ _Appears in:_ | `stagingStorage` _[BackupStagingStorage](#backupstagingstorage)_ | StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Backup Job is scheduled.
The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately. | | | | `storage` _[BackupStorage](#backupstorage)_ | Storage defines the final storage for backups. | | Required: \{\}
| | `schedule` _[Schedule](#schedule)_ | Schedule defines when the Backup will be taken. | | | -| `maxRetention` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days. | | | +| `maxRetention` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days. | | | | `databases` _string array_ | Databases defines the logical databases to be backed up. If not provided, all databases are backed up. | | | | `ignoreGlobalPriv` _boolean_ | IgnoreGlobalPriv indicates to ignore the mysql.global_priv in backups.
If not provided, it will default to true when the referred MariaDB instance has Galera enabled and otherwise to false. | | | | `logLevel` _string_ | LogLevel to be used n the Backup Job. It defaults to 'info'. | info | | | `backoffLimit` _integer_ | BackoffLimit defines the maximum number of attempts to successfully take a Backup. | | | -| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#restartpolicy-v1-core)_ | RestartPolicy to be added to the Backup Pod. | OnFailure | Enum: [Always OnFailure Never]
| +| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#restartpolicy-v1-core)_ | RestartPolicy to be added to the Backup Pod. | OnFailure | Enum: [Always OnFailure Never]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | @@ -186,12 +222,12 @@ _Appears in:_ -KubernetesAuth refers to the basic authentication mechanism utilized for establishing a connection from the operator to the agent. +BasicAuth refers to the basic authentication mechanism utilized for establishing a connection from the operator to the agent. _Appears in:_ -- [GaleraAgent](#galeraagent) +- [Agent](#agent) | Field | Description | Default | Validation | | --- | --- | --- | --- | @@ -218,7 +254,7 @@ _Appears in:_ | `backupContentType` _[BackupContentType](#backupcontenttype)_ | BackupContentType is the backup content type available in the source to bootstrap from.
It is inferred based on the BackupRef and VolumeSnapshotRef fields. If inference is not possible, it defaults to Logical.
Set this field explicitly when using physical backups from S3 or Volume sources. | | Enum: [Logical Physical]
| | `s3` _[S3](#s3)_ | S3 defines the configuration to restore backups from a S3 compatible storage.
This field takes precedence over the Volume source. | | | | `volume` _[StorageVolumeSource](#storagevolumesource)_ | Volume is a Kubernetes Volume object that contains a backup. | | | -| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | +| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | | `stagingStorage` _[BackupStagingStorage](#backupstagingstorage)_ | StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Job is scheduled. | | | | `restoreJob` _[Job](#job)_ | RestoreJob defines additional properties for the Job used to perform the restoration. | | | @@ -227,7 +263,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#csivolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#csivolumesource-v1-core. @@ -288,7 +324,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#configmapkeyselector-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#configmapkeyselector-v1-core. @@ -307,7 +343,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#configmapvolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#configmapvolumesource-v1-core. @@ -335,7 +371,7 @@ Connection is the Schema for the connections API. It is used to configure connec | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `Connection` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[ConnectionSpec](#connectionspec)_ | | | | @@ -377,6 +413,7 @@ ConnectionTemplate defines a template to customize Connection objects. _Appears in:_ - [ConnectionSpec](#connectionspec) +- [ExternalMariaDBSpec](#externalmariadbspec) - [MariaDBMaxScaleSpec](#mariadbmaxscalespec) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -407,7 +444,7 @@ _Appears in:_ | --- | --- | --- | --- | | `name` _string_ | Name to be given to the container. | | | | `image` _string_ | Image name to be used by the container. The supported format is `:`. | | Required: \{\}
| -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| | `command` _string array_ | Command to be used in the Container. | | | | `args` _string array_ | Args to be used in the Container. | | | | `env` _[EnvVar](#envvar) array_ | Env represents the environment variables to be injected in a container. | | | @@ -424,8 +461,8 @@ ContainerTemplate defines a template to configure Container objects. _Appears in:_ -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [Agent](#agent) +- [InitContainer](#initcontainer) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -494,7 +531,7 @@ Database is the Schema for the databases API. It is used to define a logical dat | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `Database` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[DatabaseSpec](#databasespec)_ | | | | @@ -511,8 +548,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | -| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | +| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | | `cleanupPolicy` _[CleanupPolicy](#cleanuppolicy)_ | CleanupPolicy defines the behavior for cleaning up a SQL resource. | | Enum: [Skip Delete]
| | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to a MariaDB object. | | Required: \{\}
| | `characterSet` _string_ | CharacterSet to use in the Database. | utf8 | | @@ -524,7 +561,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#emptydirvolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#emptydirvolumesource-v1-core. @@ -535,22 +572,22 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `medium` _[StorageMedium](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#storagemedium-v1-core)_ | | | | -| `sizeLimit` _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#quantity-resource-api)_ | | | | +| `medium` _[StorageMedium](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#storagemedium-v1-core)_ | | | | +| `sizeLimit` _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#quantity-resource-api)_ | | | | #### EnvFromSource -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#envfromsource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#envfromsource-v1-core. _Appears in:_ +- [Agent](#agent) - [ContainerTemplate](#containertemplate) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [InitContainer](#initcontainer) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -565,15 +602,15 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#envvarsource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#envvarsource-v1-core. _Appears in:_ +- [Agent](#agent) - [Container](#container) - [ContainerTemplate](#containertemplate) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [InitContainer](#initcontainer) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -588,7 +625,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#envvarsource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#envvarsource-v1-core. @@ -606,7 +643,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#execaction-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#execaction-v1-core. @@ -634,7 +671,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `image` _string_ | Image name to be used as metrics exporter. The supported format is `:`. | | | -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| | `imagePullSecrets` _[LocalObjectReference](#localobjectreference) array_ | ImagePullSecrets is the list of pull Secrets to be used to pull the image. | | | | `args` _string array_ | Args to be used in the Container. | | | | `port` _integer_ | Port where the exporter will be listening for connections. | | | @@ -644,94 +681,86 @@ _Appears in:_ | `podSecurityContext` _[PodSecurityContext](#podsecuritycontext)_ | SecurityContext holds pod-level security attributes and common container settings. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | -#### Galera +#### ExternalMariaDB -Galera allows you to enable multi-master HA via Galera in your MariaDB cluster. +ExternalMariaDB is the Schema for the external MariaDBs API. It is used to define external MariaDB server. + -_Appears in:_ -- [MariaDBSpec](#mariadbspec) | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `primary` _[PrimaryGalera](#primarygalera)_ | Primary is the Galera configuration for the primary node. | | | -| `sst` _[SST](#sst)_ | SST is the Snapshot State Transfer used when new Pods join the cluster.
More info: https://galeracluster.com/library/documentation/sst.html. | | Enum: [rsync mariabackup mysqldump]
| -| `availableWhenDonor` _boolean_ | AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false. | | | -| `galeraLibPath` _string_ | GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.
More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider. | | | -| `replicaThreads` _integer_ | ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads. | | | -| `providerOptions` _object (keys:string, values:string)_ | ProviderOptions is map of Galera configuration parameters.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options. | | | -| `agent` _[GaleraAgent](#galeraagent)_ | GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator. | | | -| `recovery` _[GaleraRecovery](#galerarecovery)_ | GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.
More info: https://galeracluster.com/library/documentation/crash-recovery.html. | | | -| `initContainer` _[GaleraInit](#galerainit)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | -| `initJob` _[GaleraInitJob](#galerainitjob)_ | InitJob defines a Job that co-operates with mariadb-enterprise-operator by performing initialization tasks. | | | -| `config` _[GaleraConfig](#galeraconfig)_ | GaleraConfig defines storage options for the Galera configuration files. | | | -| `clusterName` _string_ | ClusterName is the name of the cluster to be used in the Galera config file. | | | -| `enabled` _boolean_ | Enabled is a flag to enable Galera. | | | +| `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | +| `kind` _string_ | `ExternalMariaDB` | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `spec` _[ExternalMariaDBSpec](#externalmariadbspec)_ | | | | -#### GaleraAgent +#### ExternalMariaDBSpec -GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator. +ExternalMariaDBSpec defines the desired state of an External MariaDB _Appears in:_ -- [Galera](#galera) -- [GaleraSpec](#galeraspec) +- [ExternalMariaDB](#externalmariadb) | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `command` _string array_ | Command to be used in the Container. | | | -| `args` _string array_ | Args to be used in the Container. | | | -| `env` _[EnvVar](#envvar) array_ | Env represents the environment variables to be injected in a container. | | | -| `envFrom` _[EnvFromSource](#envfromsource) array_ | EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. | | | -| `volumeMounts` _[VolumeMount](#volumemount) array_ | VolumeMounts to be used in the Container. | | | -| `livenessProbe` _[Probe](#probe)_ | LivenessProbe to be used in the Container. | | | -| `readinessProbe` _[Probe](#probe)_ | ReadinessProbe to be used in the Container. | | | -| `startupProbe` _[Probe](#probe)_ | StartupProbe to be used in the Container. | | | -| `resources` _[ResourceRequirements](#resourcerequirements)_ | Resources describes the compute resource requirements. | | | -| `securityContext` _[SecurityContext](#securitycontext)_ | SecurityContext holds security configuration that will be applied to a container. | | | -| `image` _string_ | Image name to be used by the MariaDB instances. The supported format is `:`. | | | -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| -| `port` _integer_ | Port where the agent will be listening for API connections. | | | -| `probePort` _integer_ | Port where the agent will be listening for probe connections. | | | -| `kubernetesAuth` _[KubernetesAuth](#kubernetesauth)_ | KubernetesAuth to be used by the agent container | | | -| `basicAuth` _[BasicAuth](#basicauth)_ | BasicAuth to be used by the agent container | | | -| `gracefulShutdownTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests. | | | +| `image` _string_ | Image name to be used to perform operations on the external MariaDB, for example, for taking backups.
The supported format is `:`. Only MariaDB official images are supported.
If not provided, the MariaDB image version be inferred by the operator in runtime. The default MariaDB image will be used in this case, | | | +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullSecrets` _[LocalObjectReference](#localobjectreference) array_ | ImagePullSecrets is the list of pull Secrets to be used to pull the image. | | | +| `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | +| `host` _string_ | Hostname of the external MariaDB. | | Required: \{\}
| +| `port` _integer_ | Port of the external MariaDB. | 3306 | | +| `username` _string_ | Username is the username to connect to the external MariaDB. | | Required: \{\}
| +| `passwordSecretKeyRef` _[SecretKeySelector](#secretkeyselector)_ | PasswordSecretKeyRef is a reference to the password to connect to the external MariaDB. | | | +| `tls` _[TLS](#tls)_ | TLS defines the PKI to be used with the external MariaDB. | | | +| `connection` _[ConnectionTemplate](#connectiontemplate)_ | Connection defines a template to configure a Connection for the external MariaDB. | | | -#### GaleraConfig +#### Galera -GaleraConfig defines storage options for the Galera configuration files. +Galera allows you to enable multi-master HA via Galera in your MariaDB cluster. _Appears in:_ -- [Galera](#galera) -- [GaleraSpec](#galeraspec) +- [MariaDBSpec](#mariadbspec) | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `reuseStorageVolume` _boolean_ | ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files.
It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned. | | | -| `volumeClaimTemplate` _[VolumeClaimTemplate](#volumeclaimtemplate)_ | VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB. | | | +| `primary` _[PrimaryGalera](#primarygalera)_ | Primary is the Galera configuration for the primary node. | | | +| `sst` _[SST](#sst)_ | SST is the Snapshot State Transfer used when new Pods join the cluster.
More info: https://galeracluster.com/library/documentation/sst.html. | | Enum: [rsync mariabackup mysqldump]
| +| `availableWhenDonor` _boolean_ | AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false. | | | +| `galeraLibPath` _string_ | GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.
More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider. | | | +| `replicaThreads` _integer_ | ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads. | | | +| `providerOptions` _object (keys:string, values:string)_ | ProviderOptions is map of Galera configuration parameters.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options. | | | +| `agent` _[Agent](#agent)_ | Agent is a sidecar agent that co-operates with mariadb-enterprise-operator. | | | +| `recovery` _[GaleraRecovery](#galerarecovery)_ | GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.
More info: https://galeracluster.com/library/documentation/crash-recovery.html. | | | +| `initContainer` _[InitContainer](#initcontainer)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `initJob` _[GaleraInitJob](#galerainitjob)_ | InitJob defines a Job that co-operates with mariadb-enterprise-operator by performing initialization tasks. | | | +| `config` _[GaleraConfig](#galeraconfig)_ | GaleraConfig defines storage options for the Galera configuration files. | | | +| `clusterName` _string_ | ClusterName is the name of the cluster to be used in the Galera config file. | | | +| `enabled` _boolean_ | Enabled is a flag to enable Galera. | | | -#### GaleraInit +#### GaleraConfig -GaleraInit is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. +GaleraConfig defines storage options for the Galera configuration files. @@ -741,18 +770,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `command` _string array_ | Command to be used in the Container. | | | -| `args` _string array_ | Args to be used in the Container. | | | -| `env` _[EnvVar](#envvar) array_ | Env represents the environment variables to be injected in a container. | | | -| `envFrom` _[EnvFromSource](#envfromsource) array_ | EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. | | | -| `volumeMounts` _[VolumeMount](#volumemount) array_ | VolumeMounts to be used in the Container. | | | -| `livenessProbe` _[Probe](#probe)_ | LivenessProbe to be used in the Container. | | | -| `readinessProbe` _[Probe](#probe)_ | ReadinessProbe to be used in the Container. | | | -| `startupProbe` _[Probe](#probe)_ | StartupProbe to be used in the Container. | | | -| `resources` _[ResourceRequirements](#resourcerequirements)_ | Resources describes the compute resource requirements. | | | -| `securityContext` _[SecurityContext](#securitycontext)_ | SecurityContext holds security configuration that will be applied to a container. | | | -| `image` _string_ | Image name to be used by the MariaDB instances. The supported format is `:`. | | Required: \{\}
| -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `reuseStorageVolume` _boolean_ | ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files.
It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned. | | | +| `volumeClaimTemplate` _[VolumeClaimTemplate](#volumeclaimtemplate)_ | VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB. | | | #### GaleraInitJob @@ -789,14 +808,14 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `enabled` _boolean_ | Enabled is a flag to enable GaleraRecovery. | | | -| `minClusterSize` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#intorstring-intstr-util)_ | MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%).
If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated.
It defaults to '1' replica, and it is highly recommendeded to keep this value at '1' in most cases.
If set to more than one replica, the cluster recovery process may restart the healthy replicas as well. | | | -| `clusterMonitorInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | ClusterMonitorInterval represents the interval used to monitor the Galera cluster health. | | | -| `clusterHealthyTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks,
is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator. | | | -| `clusterBootstrapTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | ClusterBootstrapTimeout is the time limit for bootstrapping a cluster.
Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted. | | | -| `clusterUpscaleTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | ClusterUpscaleTimeout represents the maximum duration for upscaling the cluster's StatefulSet during the recovery process. | | | -| `clusterDownscaleTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | ClusterDownscaleTimeout represents the maximum duration for downscaling the cluster's StatefulSet during the recovery process. | | | -| `podRecoveryTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery. | | | -| `podSyncTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery. | | | +| `minClusterSize` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#intorstring-intstr-util)_ | MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%).
If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is initiated.
It defaults to '1' replica, and it is highly recommendeded to keep this value at '1' in most cases.
If set to more than one replica, the cluster recovery process may restart the healthy replicas as well. | | | +| `clusterMonitorInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ClusterMonitorInterval represents the interval used to monitor the Galera cluster health. | | | +| `clusterHealthyTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks,
is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator. | | | +| `clusterBootstrapTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ClusterBootstrapTimeout is the time limit for bootstrapping a cluster.
Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted. | | | +| `clusterUpscaleTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ClusterUpscaleTimeout represents the maximum duration for upscaling the cluster's StatefulSet during the recovery process. | | | +| `clusterDownscaleTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ClusterDownscaleTimeout represents the maximum duration for downscaling the cluster's StatefulSet during the recovery process. | | | +| `podRecoveryTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery. | | | +| `podSyncTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery. | | | | `forceClusterBootstrapInPod` _string_ | ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod.
IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss.
IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery. | | | | `job` _[GaleraRecoveryJob](#galerarecoveryjob)_ | Job defines a Job that co-operates with mariadb-enterprise-operator by performing the Galera cluster recovery . | | | @@ -838,9 +857,9 @@ _Appears in:_ | `galeraLibPath` _string_ | GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.
More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider. | | | | `replicaThreads` _integer_ | ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads. | | | | `providerOptions` _object (keys:string, values:string)_ | ProviderOptions is map of Galera configuration parameters.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options. | | | -| `agent` _[GaleraAgent](#galeraagent)_ | GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator. | | | +| `agent` _[Agent](#agent)_ | Agent is a sidecar agent that co-operates with mariadb-enterprise-operator. | | | | `recovery` _[GaleraRecovery](#galerarecovery)_ | GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.
More info: https://galeracluster.com/library/documentation/crash-recovery.html. | | | -| `initContainer` _[GaleraInit](#galerainit)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `initContainer` _[InitContainer](#initcontainer)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | | `initJob` _[GaleraInitJob](#galerainitjob)_ | InitJob defines a Job that co-operates with mariadb-enterprise-operator by performing initialization tasks. | | | | `config` _[GaleraConfig](#galeraconfig)_ | GaleraConfig defines storage options for the Galera configuration files. | | | | `clusterName` _string_ | ClusterName is the name of the cluster to be used in the Galera config file. | | | @@ -859,6 +878,7 @@ _Appears in:_ - [MariaDBSpec](#mariadbspec) - [MariadbMetrics](#mariadbmetrics) - [MaxScaleAuth](#maxscaleauth) +- [ReplicaReplication](#replicareplication) | Field | Description | Default | Validation | | --- | --- | --- | --- | @@ -881,7 +901,7 @@ Grant is the Schema for the grants API. It is used to define grants as if you we | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `Grant` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[GrantSpec](#grantspec)_ | | | | @@ -898,8 +918,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | -| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | +| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | | `cleanupPolicy` _[CleanupPolicy](#cleanuppolicy)_ | CleanupPolicy defines the behavior for cleaning up a SQL resource. | | Enum: [Skip Delete]
| | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to a MariaDB object. | | Required: \{\}
| | `privileges` _string array_ | Privileges to use in the Grant. | | MinItems: 1
Required: \{\}
| @@ -910,11 +930,29 @@ _Appears in:_ | `grantOption` _boolean_ | GrantOption to use in the Grant. | false | | +#### Gtid + +_Underlying type:_ _string_ + +Gtid indicates which Global Transaction ID (GTID) position mode should be used when connecting a replica to the master. +See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos. + + + +_Appears in:_ +- [ReplicaReplication](#replicareplication) + +| Field | Description | +| --- | --- | +| `CurrentPos` | GtidCurrentPos indicates the union of gtid_binlog_pos and gtid_slave_pos will be used when replicating from master.
| +| `SlavePos` | GtidSlavePos indicates that gtid_slave_pos will be used when replicating from master.
| + + #### HTTPGetAction -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#httpgetaction-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#httpgetaction-v1-core. @@ -925,9 +963,9 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `path` _string_ | | | | -| `port` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#intorstring-intstr-util)_ | | | | +| `port` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#intorstring-intstr-util)_ | | | | | `host` _string_ | | | | -| `scheme` _[URIScheme](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#urischeme-v1-core)_ | | | | +| `scheme` _[URIScheme](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#urischeme-v1-core)_ | | | | #### HealthCheck @@ -944,15 +982,15 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | Interval used to perform health checks. | | | -| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RetryInterval is the interval used to perform health check retries. | | | +| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | Interval used to perform health checks. | | | +| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RetryInterval is the interval used to perform health check retries. | | | #### HostPathVolumeSource -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#hostpathvolumesource-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#hostpathvolumesource-v1-core @@ -967,6 +1005,36 @@ _Appears in:_ | `type` _string_ | | | | +#### InitContainer + + + +InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. + + + +_Appears in:_ +- [Galera](#galera) +- [GaleraSpec](#galeraspec) +- [Replication](#replication) +- [ReplicationSpec](#replicationspec) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `command` _string array_ | Command to be used in the Container. | | | +| `args` _string array_ | Args to be used in the Container. | | | +| `env` _[EnvVar](#envvar) array_ | Env represents the environment variables to be injected in a container. | | | +| `envFrom` _[EnvFromSource](#envfromsource) array_ | EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container. | | | +| `volumeMounts` _[VolumeMount](#volumemount) array_ | VolumeMounts to be used in the Container. | | | +| `livenessProbe` _[Probe](#probe)_ | LivenessProbe to be used in the Container. | | | +| `readinessProbe` _[Probe](#probe)_ | ReadinessProbe to be used in the Container. | | | +| `startupProbe` _[Probe](#probe)_ | StartupProbe to be used in the Container. | | | +| `resources` _[ResourceRequirements](#resourcerequirements)_ | Resources describes the compute resource requirements. | | | +| `securityContext` _[SecurityContext](#securitycontext)_ | SecurityContext holds security configuration that will be applied to a container. | | | +| `image` _string_ | Image name to be used by the MariaDB instances. The supported format is `:`. | | Required: \{\}
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| + + #### Job @@ -977,13 +1045,14 @@ Job defines a Job used to be used with MariaDB. _Appears in:_ - [BootstrapFrom](#bootstrapfrom) +- [ReplicaBootstrapFrom](#replicabootstrapfrom) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `metadata` _[Metadata](#metadata)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `resources` _[ResourceRequirements](#resourcerequirements)_ | Resources describes the compute resource requirements. | | | | `args` _string array_ | Args to be used in the Container. | | | @@ -1030,7 +1099,7 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | @@ -1044,7 +1113,7 @@ The agent validates the legitimacy of the service account token provided as an A _Appears in:_ -- [GaleraAgent](#galeraagent) +- [Agent](#agent) | Field | Description | Default | Validation | | --- | --- | --- | --- | @@ -1054,24 +1123,44 @@ _Appears in:_ #### LabelSelector -_Underlying type:_ _[struct{MatchLabels map[string]string "json:\"matchLabels,omitempty\""; MatchExpressions []LabelSelectorRequirement "json:\"matchExpressions,omitempty\""}](#struct{matchlabels-map[string]string-"json:\"matchlabels,omitempty\"";-matchexpressions-[]labelselectorrequirement-"json:\"matchexpressions,omitempty\""})_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#labelselector-v1-meta + +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselector-v1-meta _Appears in:_ - [PodAffinityTerm](#podaffinityterm) +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `matchLabels` _object (keys:string, values:string)_ | | | | +| `matchExpressions` _[LabelSelectorRequirement](#labelselectorrequirement) array_ | | | | + + +#### LabelSelectorRequirement + +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselectorrequirement-v1-meta + + + +_Appears in:_ +- [LabelSelector](#labelselector) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `key` _string_ | | | | +| `operator` _[LabelSelectorOperator](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselectoroperator-v1-meta)_ | | | | +| `values` _string array_ | | | | #### LocalObjectReference -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#localobjectreference-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#localobjectreference-v1-core. @@ -1084,6 +1173,7 @@ _Appears in:_ - [ConnectionSpec](#connectionspec) - [EnvFromSource](#envfromsource) - [Exporter](#exporter) +- [ExternalMariaDBSpec](#externalmariadbspec) - [GeneratedSecretKeyRef](#generatedsecretkeyref) - [JobPodTemplate](#jobpodtemplate) - [MariaDBSpec](#mariadbspec) @@ -1093,6 +1183,7 @@ _Appears in:_ - [PhysicalBackupPodTemplate](#physicalbackuppodtemplate) - [PhysicalBackupSpec](#physicalbackupspec) - [PodTemplate](#podtemplate) +- [ReplicaBootstrapFrom](#replicabootstrapfrom) - [RestoreSource](#restoresource) - [RestoreSpec](#restorespec) - [SecretKeySelector](#secretkeyselector) @@ -1118,7 +1209,7 @@ MariaDB is the Schema for the mariadbs API. It is used to define MariaDB cluster | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `MariaDB` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[MariaDBSpec](#mariadbspec)_ | | | | @@ -1137,7 +1228,7 @@ _Appears in:_ | --- | --- | --- | --- | | `enabled` _boolean_ | Enabled is a flag to enable a MaxScale instance to be used with the current MariaDB. | | | | `image` _string_ | Image name to be used by the MaxScale instances. The supported format is `:`.
Only MariaDB official images are supported. | | | -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| | `services` _[MaxScaleService](#maxscaleservice) array_ | Services define how the traffic is forwarded to the MariaDB servers. | | | | `monitor` _[MaxScaleMonitor](#maxscalemonitor)_ | Monitor monitors MariaDB server instances. | | | | `admin` _[MaxScaleAdmin](#maxscaleadmin)_ | Admin configures the admin REST API and GUI. | | | @@ -1148,10 +1239,10 @@ _Appears in:_ | `connection` _[ConnectionTemplate](#connectiontemplate)_ | Connection provides a template to define the Connection for MaxScale. | | | | `replicas` _integer_ | Replicas indicates the number of desired instances. | | | | `podDisruptionBudget` _[PodDisruptionBudget](#poddisruptionbudget)_ | PodDisruptionBudget defines the budget for replica availability. | | | -| `updateStrategy` _[StatefulSetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#statefulsetupdatestrategy-v1-apps)_ | UpdateStrategy defines the update strategy for the StatefulSet object. | | | +| `updateStrategy` _[StatefulSetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#statefulsetupdatestrategy-v1-apps)_ | UpdateStrategy defines the update strategy for the StatefulSet object. | | | | `kubernetesService` _[ServiceTemplate](#servicetemplate)_ | KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale. | | | | `guiKubernetesService` _[ServiceTemplate](#servicetemplate)_ | GuiKubernetesService define a template for a Kubernetes Service object to connect to MaxScale's GUI. | | | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | #### MariaDBRef @@ -1177,6 +1268,7 @@ _Appears in:_ | --- | --- | --- | --- | | `name` _string_ | | | | | `namespace` _string_ | | | | +| `kind` _string_ | Kind of the referent. | | | | `waitForIt` _boolean_ | WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready. | true | | @@ -1211,13 +1303,13 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `volumes` _[Volume](#volume) array_ | Volumes to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `topologySpreadConstraints` _[TopologySpreadConstraint](#topologyspreadconstraint) array_ | TopologySpreadConstraints to be used in the Pod. | | | | `suspend` _boolean_ | Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. | false | | | `image` _string_ | Image name to be used by the MariaDB instances. The supported format is `:`.
Only MariaDB official images are supported. | | | -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | | `rootPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | RootPasswordSecretKeyRef is a reference to a Secret key containing the root password. | | | | `rootEmptyPassword` _boolean_ | RootEmptyPassword indicates if the root password should be empty. Don't use this feature in production, it is only intended for development and test environments. | | | @@ -1233,6 +1325,7 @@ _Appears in:_ | `storage` _[Storage](#storage)_ | Storage defines the storage options to be used for provisioning the PVCs mounted by MariaDB. | | | | `metrics` _[MariadbMetrics](#mariadbmetrics)_ | Metrics configures metrics and how to scrape them. | | | | `tls` _[TLS](#tls)_ | TLS defines the PKI to be used with MariaDB. | | | +| `replication` _[Replication](#replication)_ | Replication configures high availability via replication. This feature is still in alpha, use Galera if you are looking for a more production-ready HA. | | | | `galera` _[Galera](#galera)_ | Galera configures high availability via Galera. | | | | `maxScaleRef` _[ObjectReference](#objectreference)_ | MaxScaleRef is a reference to a MaxScale resource to be used with the current MariaDB.
Providing this field implies delegating high availability tasks such as primary failover to MaxScale. | | | | `maxScale` _[MariaDBMaxScaleSpec](#mariadbmaxscalespec)_ | MaxScale is the MaxScale specification that defines the MaxScale resource to be used with the current MariaDB.
When enabling this field, MaxScaleRef is automatically set. | | | @@ -1284,7 +1377,7 @@ MaxScale is the Schema for the maxscales API. It is used to define MaxScale clus | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `MaxScale` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[MaxScaleSpec](#maxscalespec)_ | | | | @@ -1325,7 +1418,7 @@ _Appears in:_ | `adminPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | AdminPasswordSecretKeyRef is Secret key reference to the admin password to call the admin REST API. It is defaulted if not provided. | | | | `deleteDefaultAdmin` _boolean_ | DeleteDefaultAdmin determines whether the default admin user should be deleted after the initial configuration. If not provided, it defaults to true. | | | | `metricsUsername` _string_ | MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled. | | | -| `metricsPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled.
If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password. | | | +| `metricsPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. | | | | `clientUsername` _string_ | ClientUsername is the user to connect to MaxScale. It is defaulted if not provided. | | | | `clientPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided.
If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password. | | | | `clientMaxConnections` _integer_ | ClientMaxConnections defines the maximum number of connections that the client can establish.
If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.
It defaults to 30 times the number of MaxScale replicas. | | | @@ -1373,8 +1466,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `database` _string_ | Database is the MariaDB logical database where the 'maxscale_config' table will be created in order to persist and synchronize config changes. If not provided, it defaults to 'mysql'. | | | -| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | Interval defines the config synchronization interval. It is defaulted if not provided. | | | -| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | Interval defines the config synchronization timeout. It is defaulted if not provided. | | | +| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | Interval defines the config synchronization interval. It is defaulted if not provided. | | | +| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | Interval defines the config synchronization timeout. It is defaulted if not provided. | | | #### MaxScaleListener @@ -1433,7 +1526,7 @@ _Appears in:_ | `suspend` _boolean_ | Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. | false | | | `name` _string_ | Name is the identifier of the monitor. It is defaulted if not provided. | | | | `module` _[MonitorModule](#monitormodule)_ | Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided. | | | -| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | Interval used to monitor MariaDB servers. It is defaulted if not provided. | | | +| `interval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | Interval used to monitor MariaDB servers. It is defaulted if not provided. | | | | `cooperativeMonitoring` _[CooperativeMonitoring](#cooperativemonitoring)_ | CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled. | | Enum: [majority_of_all majority_of_running]
| | `params` _object (keys:string, values:string)_ | Params defines extra parameters to pass to the monitor.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/.
Monitor specific parameter are also supported:
https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters.
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration. | | | @@ -1457,7 +1550,7 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `topologySpreadConstraints` _[TopologySpreadConstraint](#topologyspreadconstraint) array_ | TopologySpreadConstraints to be used in the Pod. | | | @@ -1533,14 +1626,15 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `topologySpreadConstraints` _[TopologySpreadConstraint](#topologyspreadconstraint) array_ | TopologySpreadConstraints to be used in the Pod. | | | | `suspend` _boolean_ | Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. | false | | | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to the MariaDB that MaxScale points to. It is used to initialize the servers field. | | | +| `primaryServer` _string_ | PrimaryServer specifies the desired primary server. Setting this field triggers a switchover operation in MaxScale to the desired server.
This option is only valid when using monitors that support switchover, currently limited to the MariaDB monitor. | | | | `servers` _[MaxScaleServer](#maxscaleserver) array_ | Servers are the MariaDB servers to forward traffic to. It is required if 'spec.mariaDbRef' is not provided. | | | | `image` _string_ | Image name to be used by the MaxScale instances. The supported format is `:`.
Only MaxScale official images are supported. | | | -| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| +| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)_ | ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. | | Enum: [Always Never IfNotPresent]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | | `services` _[MaxScaleService](#maxscaleservice) array_ | Services define how the traffic is forwarded to the MariaDB servers. It is defaulted if not provided. | | | | `monitor` _[MaxScaleMonitor](#maxscalemonitor)_ | Monitor monitors MariaDB server instances. It is required if 'spec.mariaDbRef' is not provided. | | | @@ -1552,10 +1646,10 @@ _Appears in:_ | `connection` _[ConnectionTemplate](#connectiontemplate)_ | Connection provides a template to define the Connection for MaxScale. | | | | `replicas` _integer_ | Replicas indicates the number of desired instances. | 1 | | | `podDisruptionBudget` _[PodDisruptionBudget](#poddisruptionbudget)_ | PodDisruptionBudget defines the budget for replica availability. | | | -| `updateStrategy` _[StatefulSetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#statefulsetupdatestrategy-v1-apps)_ | UpdateStrategy defines the update strategy for the StatefulSet object. | | | +| `updateStrategy` _[StatefulSetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#statefulsetupdatestrategy-v1-apps)_ | UpdateStrategy defines the update strategy for the StatefulSet object. | | | | `kubernetesService` _[ServiceTemplate](#servicetemplate)_ | KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale. | | | | `guiKubernetesService` _[ServiceTemplate](#servicetemplate)_ | GuiKubernetesService defines a template for a Kubernetes Service object to connect to MaxScale's GUI. | | | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. If not defined, it defaults to 10s. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. If not defined, it defaults to 10s. | | | #### MaxScaleTLS @@ -1573,8 +1667,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `enabled` _boolean_ | Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MaxScale instance.
It is enabled by default when the referred MariaDB instance (via mariaDbRef) has TLS enabled and enforced. | | | -| `adminVersions` _string array_ | Versions specifies the supported TLS versions in the MaxScale REST API.
By default, the MaxScale's default supported versions are used. See: https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#admin_ssl_version | | | -| `serverVersions` _string array_ | ServerVersions specifies the supported TLS versions in both the servers and listeners managed by this MaxScale instance.
By default, the MaxScale's default supported versions are used. See: https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#ssl_version. | | | +| `adminVersions` _string array_ | Versions specifies the supported TLS versions in the MaxScale REST API.
By default, the MaxScale's default supported versions are used. See: https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#admin_ssl_version | | items:Enum: [TLSv10 TLSv11 TLSv12 TLSv13 MAX]
| +| `serverVersions` _string array_ | ServerVersions specifies the supported TLS versions in both the servers and listeners managed by this MaxScale instance.
By default, the MaxScale's default supported versions are used. See: https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#ssl_version. | | items:Enum: [TLSv10 TLSv11 TLSv12 TLSv13 MAX]
| | `adminCASecretRef` _[LocalObjectReference](#localobjectreference)_ | AdminCASecretRef is a reference to a Secret containing the admin certificate authority keypair. It is used to establish trust and issue certificates for the MaxScale's administrative REST API and GUI.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either adminCertSecretRef or adminCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate. | | | | `adminCertSecretRef` _[LocalObjectReference](#localobjectreference)_ | AdminCertSecretRef is a reference to a TLS Secret used by the MaxScale's administrative REST API and GUI. | | | | `adminCertIssuerRef` _[ObjectReference](#objectreference)_ | AdminCertIssuerRef is a reference to a cert-manager issuer object used to issue the MaxScale's administrative REST API and GUI certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with adminCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via adminCASecretRef. | | | @@ -1601,6 +1695,7 @@ Metadata defines the metadata to added to resources. _Appears in:_ - [BackupSpec](#backupspec) - [Exporter](#exporter) +- [ExternalMariaDBSpec](#externalmariadbspec) - [GaleraInitJob](#galerainitjob) - [GaleraRecoveryJob](#galerarecoveryjob) - [Job](#job) @@ -1645,7 +1740,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nfsvolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nfsvolumesource-v1-core. @@ -1665,7 +1760,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nodeaffinity-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeaffinity-v1-core @@ -1683,7 +1778,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nodeselector-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeselector-v1-core @@ -1695,13 +1790,29 @@ _Appears in:_ | `nodeSelectorTerms` _[NodeSelectorTerm](#nodeselectorterm) array_ | | | | +#### NodeSelectorRequirement + + + +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeselectorrequirement-v1-core + + + +_Appears in:_ +- [NodeSelectorTerm](#nodeselectorterm) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `key` _string_ | | | | +| `operator` _[NodeSelectorOperator](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeselectoroperator-v1-core)_ | | | | +| `values` _string array_ | | | | #### NodeSelectorTerm -_Underlying type:_ _[struct{MatchExpressions []NodeSelectorRequirement "json:\"matchExpressions,omitempty\""; MatchFields []NodeSelectorRequirement "json:\"matchFields,omitempty\""}](#struct{matchexpressions-[]nodeselectorrequirement-"json:\"matchexpressions,omitempty\"";-matchfields-[]nodeselectorrequirement-"json:\"matchfields,omitempty\""})_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nodeselectorterm-v1-core + +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeselectorterm-v1-core @@ -1709,13 +1820,17 @@ _Appears in:_ - [NodeSelector](#nodeselector) - [PreferredSchedulingTerm](#preferredschedulingterm) +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `matchExpressions` _[NodeSelectorRequirement](#nodeselectorrequirement) array_ | | | | +| `matchFields` _[NodeSelectorRequirement](#nodeselectorrequirement) array_ | | | | #### ObjectFieldSelector -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectfieldselector-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectfieldselector-v1-core. @@ -1732,7 +1847,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectreference-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectreference-v1-core. @@ -1769,7 +1884,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#persistentvolumeclaimspec-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#persistentvolumeclaimspec-v1-core. @@ -1781,9 +1896,9 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `accessModes` _[PersistentVolumeAccessMode](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#persistentvolumeaccessmode-v1-core) array_ | | | | -| `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#labelselector-v1-meta)_ | | | | -| `resources` _[VolumeResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volumeresourcerequirements-v1-core)_ | | | | +| `accessModes` _[PersistentVolumeAccessMode](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#persistentvolumeaccessmode-v1-core) array_ | | | | +| `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselector-v1-meta)_ | | | | +| `resources` _[VolumeResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volumeresourcerequirements-v1-core)_ | | | | | `storageClassName` _string_ | | | | @@ -1791,7 +1906,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#persistentvolumeclaimvolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#persistentvolumeclaimvolumesource-v1-core. @@ -1820,7 +1935,7 @@ PhysicalBackup is the Schema for the physicalbackups API. It is used to define p | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `PhysicalBackup` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[PhysicalBackupSpec](#physicalbackupspec)_ | | | | @@ -1841,7 +1956,7 @@ _Appears in:_ | `imagePullSecrets` _[LocalObjectReference](#localobjectreference) array_ | ImagePullSecrets is the list of pull Secrets to be used to pull the image. | | | | `podSecurityContext` _[PodSecurityContext](#podsecuritycontext)_ | SecurityContext holds pod-level security attributes and common container settings. | | | | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | @@ -1858,7 +1973,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `cron` _string_ | Cron is a cron expression that defines the schedule. | | Required: \{\}
| +| `cron` _string_ | Cron is a cron expression that defines the schedule. | | | | `suspend` _boolean_ | Suspend defines whether the schedule is active or not. | false | | | `immediate` _boolean_ | Immediate indicates whether the first backup should be taken immediately after creating the PhysicalBackup. | | | @@ -1883,18 +1998,18 @@ _Appears in:_ | `imagePullSecrets` _[LocalObjectReference](#localobjectreference) array_ | ImagePullSecrets is the list of pull Secrets to be used to pull the image. | | | | `podSecurityContext` _[PodSecurityContext](#podsecuritycontext)_ | SecurityContext holds pod-level security attributes and common container settings. | | | | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to a MariaDB object. | | Required: \{\}
| | `compression` _[CompressAlgorithm](#compressalgorithm)_ | Compression algorithm to be used in the Backup. | | Enum: [none bzip2 gzip]
| | `stagingStorage` _[BackupStagingStorage](#backupstagingstorage)_ | StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the PhysicalBackup Job is scheduled.
The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately. | | | | `storage` _[PhysicalBackupStorage](#physicalbackupstorage)_ | Storage defines the final storage for backups. | | Required: \{\}
| | `schedule` _[PhysicalBackupSchedule](#physicalbackupschedule)_ | Schedule defines when the PhysicalBackup will be taken. | | | -| `maxRetention` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days. | | | -| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | Timeout defines the maximum duration of a PhysicalBackup job or snapshot.
If this duration is exceeded, the job or snapshot is considered expired and is deleted by the operator.
A new job or snapshot will then be created according to the schedule.
It defaults to 1 hour. | | | +| `maxRetention` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days. | | | +| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | Timeout defines the maximum duration of a PhysicalBackup job or snapshot.
If this duration is exceeded, the job or snapshot is considered expired and is deleted by the operator.
A new job or snapshot will then be created according to the schedule.
It defaults to 1 hour. | | | | `podAffinity` _boolean_ | PodAffinity indicates whether the Jobs should run in the same Node as the MariaDB Pods to be able to attach the PVC.
It defaults to true. | | | | `backoffLimit` _integer_ | BackoffLimit defines the maximum number of attempts to successfully take a PhysicalBackup. | | | -| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#restartpolicy-v1-core)_ | RestartPolicy to be added to the PhysicalBackup Pod. | OnFailure | Enum: [Always OnFailure Never]
| +| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#restartpolicy-v1-core)_ | RestartPolicy to be added to the PhysicalBackup Pod. | OnFailure | Enum: [Always OnFailure Never]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | | `successfulJobsHistoryLimit` _integer_ | SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. It defaults to 5. | | Minimum: 0
| @@ -1939,7 +2054,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#podaffinityterm-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podaffinityterm-v1-core. @@ -1957,7 +2072,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#podantiaffinity-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podantiaffinity-v1-core. @@ -1986,15 +2101,15 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `minAvailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#intorstring-intstr-util)_ | MinAvailable defines the number of minimum available Pods. | | | -| `maxUnavailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#intorstring-intstr-util)_ | MaxUnavailable defines the number of maximum unavailable Pods. | | | +| `minAvailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#intorstring-intstr-util)_ | MinAvailable defines the number of minimum available Pods. | | | +| `maxUnavailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#intorstring-intstr-util)_ | MaxUnavailable defines the number of maximum unavailable Pods. | | | #### PodSecurityContext -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#podsecuritycontext-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podsecuritycontext-v1-core @@ -2013,15 +2128,15 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `seLinuxOptions` _[SELinuxOptions](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#selinuxoptions-v1-core)_ | | | | +| `seLinuxOptions` _[SELinuxOptions](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#selinuxoptions-v1-core)_ | | | | | `runAsUser` _integer_ | | | | | `runAsGroup` _integer_ | | | | | `runAsNonRoot` _boolean_ | | | | | `supplementalGroups` _integer array_ | | | | | `fsGroup` _integer_ | | | | -| `fsGroupChangePolicy` _[PodFSGroupChangePolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#podfsgroupchangepolicy-v1-core)_ | | | | -| `seccompProfile` _[SeccompProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#seccompprofile-v1-core)_ | | | | -| `appArmorProfile` _[AppArmorProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#apparmorprofile-v1-core)_ | | | | +| `fsGroupChangePolicy` _[PodFSGroupChangePolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podfsgroupchangepolicy-v1-core)_ | | | | +| `seccompProfile` _[SeccompProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#seccompprofile-v1-core)_ | | | | +| `appArmorProfile` _[AppArmorProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#apparmorprofile-v1-core)_ | | | | #### PodTemplate @@ -2045,7 +2160,7 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `volumes` _[Volume](#volume) array_ | Volumes to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `topologySpreadConstraints` _[TopologySpreadConstraint](#topologyspreadconstraint) array_ | TopologySpreadConstraints to be used in the Pod. | | | @@ -2055,7 +2170,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#preferredschedulingterm-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#preferredschedulingterm-v1-core @@ -2083,21 +2198,40 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `podIndex` _integer_ | PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover. | | | -| `automaticFailover` _boolean_ | AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover. | | | +| `autoFailover` _boolean_ | AutoFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover. | | | + + +#### PrimaryReplication + + + +PrimaryReplication is the replication configuration and operation parameters for the primary. + + + +_Appears in:_ +- [Replication](#replication) +- [ReplicationSpec](#replicationspec) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `podIndex` _integer_ | PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover. | | | +| `autoFailover` _boolean_ | AutoFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
It is enabled by default. | | | +| `autoFailoverDelay` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | AutoFailoverDelay indicates the duration before performing an automatic primary failover.
By default, no extra delay is added. | | | #### Probe -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#probe-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#probe-v1-core. _Appears in:_ +- [Agent](#agent) - [ContainerTemplate](#containertemplate) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [InitContainer](#initcontainer) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -2117,7 +2251,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#probe-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#probe-v1-core. @@ -2131,23 +2265,135 @@ _Appears in:_ | `tcpSocket` _[TCPSocketAction](#tcpsocketaction)_ | | | | +#### ReplicaBootstrapFrom + + + +ReplicaBootstrapFrom defines the sources for bootstrapping new relicas. + + + +_Appears in:_ +- [ReplicaReplication](#replicareplication) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `physicalBackupTemplateRef` _[LocalObjectReference](#localobjectreference)_ | PhysicalBackupTemplateRef is a reference to a PhysicalBackup object that will be used as template to create a new PhysicalBackup object
used synchronize the data from an up to date replica to the new replica to be bootstrapped. | | Required: \{\}
| +| `restoreJob` _[Job](#job)_ | RestoreJob defines additional properties for the Job used to perform the restoration. | | | + + +#### ReplicaRecovery + + + +ReplicaRecovery defines how the replicas should be recovered after they enter an error state. + + + +_Appears in:_ +- [ReplicaReplication](#replicareplication) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `enabled` _boolean_ | Enabled is a flag to enable replica recovery. | | Required: \{\}
| +| `errorDurationThreshold` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | ErrorDurationThreshold defines the time duration after which, if a replica continues to report errors,
the operator will initiate the recovery process for that replica.
This threshold applies only to error codes not identified as recoverable by the operator.
Errors identified as recoverable will trigger the recovery process immediately.
It defaults to 5 minutes. | | | + + +#### ReplicaReplication + + + +ReplicaReplication is the replication configuration and operation parameters for the replicas. + + + +_Appears in:_ +- [Replication](#replication) +- [ReplicationSpec](#replicationspec) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `replPasswordSecretKeyRef` _[GeneratedSecretKeyRef](#generatedsecretkeyref)_ | ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user.
By default, a random password will be generated. | | | +| `gtid` _[Gtid](#gtid)_ | Gtid indicates which Global Transaction ID (GTID) position mode should be used when connecting a replica to the master.
By default, CurrentPos is used.
See: https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_use_gtid. | | Enum: [CurrentPos SlavePos]
| +| `connectionRetrySeconds` _integer_ | ConnectionRetrySeconds is the number of seconds that the replica will wait between connection retries.
See: https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_connect_retry. | | | +| `maxLagSeconds` _integer_ | MaxLagSeconds is the maximum number of seconds that replicas are allowed to lag behind the primary.
If a replica exceeds this threshold, it is marked as not ready and read queries will no longer be forwarded to it.
If not provided, it defaults to 0, which means that replicas are not allowed to lag behind the primary (recommended).
Lagged replicas will not be taken into account as candidates for the new primary during failover,
and they will block other operations, such as switchover and upgrade.
This field is not taken into account by MaxScale, you can define the maximum lag as router parameters.
See: https://mariadb.com/docs/maxscale/reference/maxscale-routers/maxscale-readwritesplit#max_replication_lag. | | | +| `syncTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | SyncTimeout defines the timeout for the synchronization phase during switchover and failover operations.
During switchover, all replicas must be synced with the current primary before promoting the new primary.
During failover, the new primary must be synced before being promoted as primary. This implies processing all the events in the relay log.
When the timeout is reached, the operator restarts the operation from the beginning.
It defaults to 10s.
See: https://mariadb.com/docs/server/reference/sql-functions/secondary-functions/miscellaneous-functions/master_gtid_wait | | | +| `bootstrapFrom` _[ReplicaBootstrapFrom](#replicabootstrapfrom)_ | ReplicaBootstrapFrom defines the data sources used to bootstrap new replicas.
This will be used as part of the scaling out and recovery operations, when new replicas are created.
If not provided, scale out and recovery operations will return an error. | | | +| `recovery` _[ReplicaRecovery](#replicarecovery)_ | ReplicaRecovery defines how the replicas should be recovered after they enter an error state.
This process deletes data from faulty replicas and recreates them using the source defined in the bootstrapFrom field.
It is disabled by default, and it requires the bootstrapFrom field to be set. | | | + + + + +#### Replication + + + +Replication defines replication configuration for a MariaDB cluster. + + + +_Appears in:_ +- [MariaDBSpec](#mariadbspec) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `primary` _[PrimaryReplication](#primaryreplication)_ | Primary is the replication configuration for the primary node. | | | +| `replica` _[ReplicaReplication](#replicareplication)_ | ReplicaReplication is the replication configuration for the replica nodes. | | | +| `gtidStrictMode` _boolean_ | GtidStrictMode determines whether the GTID strict mode is enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_strict_mode.
It is enabled by default. | | | +| `semiSyncEnabled` _boolean_ | SemiSyncEnabled determines whether semi-synchronous replication is enabled.
Semi-synchronous replication requires that at least one replica should have sent an ACK to the primary node
before committing the transaction back to the client.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication
It is enabled by default | | | +| `semiSyncAckTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | SemiSyncAckTimeout for the replica to acknowledge transactions to the primary.
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_timeout | | | +| `semiSyncWaitPoint` _[WaitPoint](#waitpoint)_ | SemiSyncWaitPoint determines whether the transaction should wait for an ACK after having synced the binlog (AfterSync)
or after having committed to the storage engine (AfterCommit, the default).
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point. | | Enum: [AfterSync AfterCommit]
| +| `syncBinlog` _integer_ | SyncBinlog indicates after how many events the binary log is synchronized to the disk.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#sync_binlog | | | +| `initContainer` _[InitContainer](#initcontainer)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `agent` _[Agent](#agent)_ | Agent is a sidecar agent that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `standaloneProbes` _boolean_ | StandaloneProbes indicates whether to use the default non-HA startup and liveness probes.
It is disabled by default | | | +| `enabled` _boolean_ | Enabled is a flag to enable replication. | | | + + + + +#### ReplicationSpec + + + +ReplicationSpec is the replication desired state. + + + +_Appears in:_ +- [Replication](#replication) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `primary` _[PrimaryReplication](#primaryreplication)_ | Primary is the replication configuration for the primary node. | | | +| `replica` _[ReplicaReplication](#replicareplication)_ | ReplicaReplication is the replication configuration for the replica nodes. | | | +| `gtidStrictMode` _boolean_ | GtidStrictMode determines whether the GTID strict mode is enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_strict_mode.
It is enabled by default. | | | +| `semiSyncEnabled` _boolean_ | SemiSyncEnabled determines whether semi-synchronous replication is enabled.
Semi-synchronous replication requires that at least one replica should have sent an ACK to the primary node
before committing the transaction back to the client.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication
It is enabled by default | | | +| `semiSyncAckTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | SemiSyncAckTimeout for the replica to acknowledge transactions to the primary.
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_timeout | | | +| `semiSyncWaitPoint` _[WaitPoint](#waitpoint)_ | SemiSyncWaitPoint determines whether the transaction should wait for an ACK after having synced the binlog (AfterSync)
or after having committed to the storage engine (AfterCommit, the default).
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point. | | Enum: [AfterSync AfterCommit]
| +| `syncBinlog` _integer_ | SyncBinlog indicates after how many events the binary log is synchronized to the disk.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#sync_binlog | | | +| `initContainer` _[InitContainer](#initcontainer)_ | InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `agent` _[Agent](#agent)_ | Agent is a sidecar agent that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator. | | | +| `standaloneProbes` _boolean_ | StandaloneProbes indicates whether to use the default non-HA startup and liveness probes.
It is disabled by default | | | + + #### ResourceRequirements -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#resourcerequirements-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#resourcerequirements-v1-core. _Appears in:_ +- [Agent](#agent) - [BackupSpec](#backupspec) - [Container](#container) - [ContainerTemplate](#containertemplate) - [Exporter](#exporter) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) - [GaleraInitJob](#galerainitjob) - [GaleraRecoveryJob](#galerarecoveryjob) +- [InitContainer](#initcontainer) - [Job](#job) - [JobContainerTemplate](#jobcontainertemplate) - [MariaDBSpec](#mariadbspec) @@ -2172,7 +2418,7 @@ Restore is the Schema for the restores API. It is used to define restore jobs an | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `Restore` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[RestoreSpec](#restorespec)_ | | | | @@ -2192,7 +2438,7 @@ _Appears in:_ | `backupRef` _[LocalObjectReference](#localobjectreference)_ | BackupRef is a reference to a Backup object. It has priority over S3 and Volume. | | | | `s3` _[S3](#s3)_ | S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. | | | | `volume` _[StorageVolumeSource](#storagevolumesource)_ | Volume is a Kubernetes Volume object that contains a backup. | | | -| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | +| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | | `stagingStorage` _[BackupStagingStorage](#backupstagingstorage)_ | StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled. | | | @@ -2218,18 +2464,18 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `backupRef` _[LocalObjectReference](#localobjectreference)_ | BackupRef is a reference to a Backup object. It has priority over S3 and Volume. | | | | `s3` _[S3](#s3)_ | S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume. | | | | `volume` _[StorageVolumeSource](#storagevolumesource)_ | Volume is a Kubernetes Volume object that contains a backup. | | | -| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | +| `targetRecoveryTime` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)_ | TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time. | | | | `stagingStorage` _[BackupStagingStorage](#backupstagingstorage)_ | StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled. | | | | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to a MariaDB object. | | Required: \{\}
| | `database` _string_ | Database defines the logical database to be restored. If not provided, all databases available in the backup are restored.
IMPORTANT: The database must previously exist. | | | | `logLevel` _string_ | LogLevel to be used n the Backup Job. It defaults to 'info'. | info | | | `backoffLimit` _integer_ | BackoffLimit defines the maximum number of attempts to successfully perform a Backup. | 5 | | -| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#restartpolicy-v1-core)_ | RestartPolicy to be added to the Backup Job. | OnFailure | Enum: [Always OnFailure Never]
| +| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#restartpolicy-v1-core)_ | RestartPolicy to be added to the Backup Job. | OnFailure | Enum: [Always OnFailure Never]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | @@ -2275,8 +2521,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | -| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | +| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | | `cleanupPolicy` _[CleanupPolicy](#cleanuppolicy)_ | CleanupPolicy defines the behavior for cleaning up a SQL resource. | | Enum: [Skip Delete]
| @@ -2322,13 +2568,14 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#secretkeyselector-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core. _Appears in:_ - [ConnectionSpec](#connectionspec) - [EnvVarSource](#envvarsource) +- [ExternalMariaDBSpec](#externalmariadbspec) - [GeneratedSecretKeyRef](#generatedsecretkeyref) - [MariaDBSpec](#mariadbspec) - [PasswordPlugin](#passwordplugin) @@ -2371,7 +2618,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#secretvolumesource-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretvolumesource-v1-core. @@ -2389,16 +2636,16 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#securitycontext-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#securitycontext-v1-core. _Appears in:_ +- [Agent](#agent) - [BackupSpec](#backupspec) - [ContainerTemplate](#containertemplate) - [Exporter](#exporter) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [InitContainer](#initcontainer) - [JobContainerTemplate](#jobcontainertemplate) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -2408,7 +2655,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `capabilities` _[Capabilities](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#capabilities-v1-core)_ | | | | +| `capabilities` _[Capabilities](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#capabilities-v1-core)_ | | | | | `privileged` _boolean_ | | | | | `runAsUser` _integer_ | | | | | `runAsGroup` _integer_ | | | | @@ -2441,7 +2688,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#serviceport-v1-core +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#serviceport-v1-core @@ -2486,12 +2733,12 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#servicetype-v1-core)_ | Type is the Service type. One of `ClusterIP`, `NodePort` or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer]
| +| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#servicetype-v1-core)_ | Type is the Service type. One of `ClusterIP`, `NodePort` or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer]
| | `metadata` _[Metadata](#metadata)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `loadBalancerIP` _string_ | LoadBalancerIP Service field. | | | | `loadBalancerSourceRanges` _string array_ | LoadBalancerSourceRanges Service field. | | | -| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy Service field. | | | -| `sessionAffinity` _[ServiceAffinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#serviceaffinity-v1-core)_ | SessionAffinity Service field. | | | +| `externalTrafficPolicy` _[ServiceExternalTrafficPolicyType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#serviceexternaltrafficpolicytype-v1-core)_ | ExternalTrafficPolicy Service field. | | | +| `sessionAffinity` _[ServiceAffinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#serviceaffinity-v1-core)_ | SessionAffinity Service field. | | | | `allocateLoadBalancerNodePorts` _boolean_ | AllocateLoadBalancerNodePorts Service field. | | | @@ -2509,7 +2756,7 @@ SqlJob is the Schema for the sqljobs API. It is used to run sql scripts as jobs. | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `SqlJob` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[SqlJobSpec](#sqljobspec)_ | | | | @@ -2535,7 +2782,7 @@ _Appears in:_ | `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to be used by the Pods. | | | | `affinity` _[AffinityConfig](#affinityconfig)_ | Affinity to be used in the Pod. | | | | `nodeSelector` _object (keys:string, values:string)_ | NodeSelector to be used in the Pod. | | | -| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | +| `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array_ | Tolerations to be used in the Pod. | | | | `priorityClassName` _string_ | PriorityClassName to be used in the Pod. | | | | `successfulJobsHistoryLimit` _integer_ | SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. | | Minimum: 0
| | `failedJobsHistoryLimit` _integer_ | FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. | | Minimum: 0
| @@ -2551,7 +2798,7 @@ _Appears in:_ | `sql` _string_ | Sql is the script to be executed by the SqlJob. | | | | `sqlConfigMapKeyRef` _[ConfigMapKeySelector](#configmapkeyselector)_ | SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script.
It is defaulted to a ConfigMap with the contents of the Sql field. | | | | `backoffLimit` _integer_ | BackoffLimit defines the maximum number of attempts to successfully execute a SqlJob. | 5 | | -| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#restartpolicy-v1-core)_ | RestartPolicy to be added to the SqlJob Pod. | OnFailure | Enum: [Always OnFailure Never]
| +| `restartPolicy` _[RestartPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#restartpolicy-v1-core)_ | RestartPolicy to be added to the SqlJob Pod. | OnFailure | Enum: [Always OnFailure Never]
| | `inheritMetadata` _[Metadata](#metadata)_ | InheritMetadata defines the metadata to be inherited by children resources. | | | @@ -2569,7 +2816,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `ephemeral` _boolean_ | Ephemeral indicates whether to use ephemeral storage in the PVCs. It is only compatible with non HA MariaDBs. | | | -| `size` _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#quantity-resource-api)_ | Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It supersedes the storage size specified in 'VolumeClaimTemplate'. | | | +| `size` _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#quantity-resource-api)_ | Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It supersedes the storage size specified in 'VolumeClaimTemplate'. | | | | `storageClassName` _string_ | StorageClassName to be used to provision the PVCS. It supersedes the 'StorageClassName' specified in 'VolumeClaimTemplate'.
If not provided, the default 'StorageClass' configured in the cluster is used. | | | | `resizeInUseVolumes` _boolean_ | ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing.
It defaults to true. | | | | `waitForVolumeResize` _boolean_ | WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress.
It defaults to true. | | | @@ -2580,7 +2827,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volume-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volume-v1-core. @@ -2627,7 +2874,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#tcpsocketaction-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#tcpsocketaction-v1-core. @@ -2637,7 +2884,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `port` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#intorstring-intstr-util)_ | | | | +| `port` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#intorstring-intstr-util)_ | | | | | `host` _string_ | | | | @@ -2650,13 +2897,14 @@ TLS defines the PKI to be used with MariaDB. _Appears in:_ +- [ExternalMariaDBSpec](#externalmariadbspec) - [MariaDBSpec](#mariadbspec) | Field | Description | Default | Validation | | --- | --- | --- | --- | | `enabled` _boolean_ | Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance.
It is enabled by default. | | | | `required` _boolean_ | Required specifies whether TLS must be enforced for all connections.
User TLS requirements take precedence over this.
It disabled by default. | | | -| `versions` _string array_ | Versions specifies the supported TLS versions for this MariaDB instance.
By default, the MariaDB's default supported versions are used. See: https://mariadb.com/kb/en/ssltls-system-variables/#tls_version. | | | +| `versions` _string array_ | Versions specifies the supported TLS versions for this MariaDB instance.
By default, the MariaDB's default supported versions are used. See: https://mariadb.com/kb/en/ssltls-system-variables/#tls_version. | | items:Enum: [TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3]
| | `serverCASecretRef` _[LocalObjectReference](#localobjectreference)_ | ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate. | | | | `serverCertSecretRef` _[LocalObjectReference](#localobjectreference)_ | ServerCertSecretRef is a reference to a TLS Secret containing the server certificate.
It is mutually exclusive with serverCertIssuerRef. | | | | `serverCertIssuerRef` _[ObjectReference](#objectreference)_ | ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with serverCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef. | | | @@ -2684,8 +2932,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `caLifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | CALifetime defines the CA certificate validity. | | | -| `certLifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | CertLifetime defines the certificate validity. | | | +| `caLifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | CALifetime defines the CA certificate validity. | | | +| `certLifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | CertLifetime defines the certificate validity. | | | | `privateKeyAlgorithm` _string_ | PrivateKeyAlgorithm is the algorithm to be used for the CA and leaf certificate private keys.
One of: ECDSA or RSA | | Enum: [ECDSA RSA]
| | `privateKeySize` _integer_ | PrivateKeyAlgorithm is the key size to be used for the CA and leaf certificate private keys.
Supported values: ECDSA(256, 384, 521), RSA(2048, 3072, 4096) | | | @@ -2726,11 +2974,13 @@ _Appears in:_ | `caSecretKeyRef` _[SecretKeySelector](#secretkeyselector)_ | CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. | | | + + #### TopologySpreadConstraint -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#topologyspreadconstraint-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#topologyspreadconstraint-v1-core. @@ -2744,11 +2994,11 @@ _Appears in:_ | --- | --- | --- | --- | | `maxSkew` _integer_ | | | | | `topologyKey` _string_ | | | | -| `whenUnsatisfiable` _[UnsatisfiableConstraintAction](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#unsatisfiableconstraintaction-v1-core)_ | | | | -| `labelSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#labelselector-v1-meta)_ | | | | +| `whenUnsatisfiable` _[UnsatisfiableConstraintAction](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#unsatisfiableconstraintaction-v1-core)_ | | | | +| `labelSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselector-v1-meta)_ | | | | | `minDomains` _integer_ | | | | -| `nodeAffinityPolicy` _[NodeInclusionPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nodeinclusionpolicy-v1-core)_ | | | | -| `nodeTaintsPolicy` _[NodeInclusionPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#nodeinclusionpolicy-v1-core)_ | | | | +| `nodeAffinityPolicy` _[NodeInclusionPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeinclusionpolicy-v1-core)_ | | | | +| `nodeTaintsPolicy` _[NodeInclusionPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeinclusionpolicy-v1-core)_ | | | | | `matchLabelKeys` _string array_ | | | | @@ -2783,7 +3033,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | | `type` _[UpdateType](#updatetype)_ | Type defines the type of updates. One of `ReplicasFirstPrimaryLast`, `RollingUpdate` or `OnDelete`. If not defined, it defaults to `ReplicasFirstPrimaryLast`. | ReplicasFirstPrimaryLast | Enum: [ReplicasFirstPrimaryLast RollingUpdate OnDelete Never]
| -| `rollingUpdate` _[RollingUpdateStatefulSetStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#rollingupdatestatefulsetstrategy-v1-apps)_ | RollingUpdate defines parameters for the RollingUpdate type. | | | +| `rollingUpdate` _[RollingUpdateStatefulSetStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#rollingupdatestatefulsetstrategy-v1-apps)_ | RollingUpdate defines parameters for the RollingUpdate type. | | | | `autoUpdateDataPlane` _boolean_ | AutoUpdateDataPlane indicates whether the Galera data-plane version (agent and init containers) should be automatically updated based on the operator version. It defaults to false.
Updating the operator will trigger updates on all the MariaDB instances that have this flag set to true. Thus, it is recommended to progressively set this flag after having updated the operator. | | | @@ -2820,7 +3070,7 @@ User is the Schema for the users API. It is used to define grants as if you wer | --- | --- | --- | --- | | `apiVersion` _string_ | `enterprise.mariadb.com/v1alpha1` | | | | `kind` _string_ | `User` | | | -| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | | `spec` _[UserSpec](#userspec)_ | | | | @@ -2837,8 +3087,8 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | -| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | +| `requeueInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RequeueInterval is used to perform requeue reconciliations. | | | +| `retryInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)_ | RetryInterval is the interval used to perform retries. | | | | `cleanupPolicy` _[CleanupPolicy](#cleanuppolicy)_ | CleanupPolicy defines the behavior for cleaning up a SQL resource. | | Enum: [Skip Delete]
| | `mariaDbRef` _[MariaDBRef](#mariadbref)_ | MariaDBRef is a reference to a MariaDB object. | | Required: \{\}
| | `passwordSecretKeyRef` _[SecretKeySelector](#secretkeyselector)_ | PasswordSecretKeyRef is a reference to the password to be used by the User.
If not provided, the account will be locked and the password will expire.
If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password. | | | @@ -2854,7 +3104,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volume-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volume-v1-core. @@ -2889,9 +3139,9 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `accessModes` _[PersistentVolumeAccessMode](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#persistentvolumeaccessmode-v1-core) array_ | | | | -| `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#labelselector-v1-meta)_ | | | | -| `resources` _[VolumeResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volumeresourcerequirements-v1-core)_ | | | | +| `accessModes` _[PersistentVolumeAccessMode](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#persistentvolumeaccessmode-v1-core) array_ | | | | +| `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#labelselector-v1-meta)_ | | | | +| `resources` _[VolumeResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volumeresourcerequirements-v1-core)_ | | | | | `storageClassName` _string_ | | | | | `metadata` _[Metadata](#metadata)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | @@ -2900,15 +3150,15 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volumemount-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volumemount-v1-core. _Appears in:_ +- [Agent](#agent) - [Container](#container) - [ContainerTemplate](#containertemplate) -- [GaleraAgent](#galeraagent) -- [GaleraInit](#galerainit) +- [InitContainer](#initcontainer) - [MariaDBSpec](#mariadbspec) - [MaxScaleSpec](#maxscalespec) @@ -2924,7 +3174,7 @@ _Appears in:_ -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#volume-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#volume-v1-core. @@ -2942,11 +3192,30 @@ _Appears in:_ | `configMap` _[ConfigMapVolumeSource](#configmapvolumesource)_ | | | | +#### WaitPoint + +_Underlying type:_ _string_ + +WaitPoint defines whether the transaction should wait for ACK before committing to the storage engine. +More info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point. + + + +_Appears in:_ +- [Replication](#replication) +- [ReplicationSpec](#replicationspec) + +| Field | Description | +| --- | --- | +| `AfterSync` | WaitPointAfterSync indicates that the primary waits for the replica ACK before committing the transaction to the storage engine.
It trades off performance for consistency.
| +| `AfterCommit` | WaitPointAfterCommit indicates that the primary commits the transaction to the storage engine and waits for the replica ACK afterwards.
It trades off consistency for performance.
| + + #### WeightedPodAffinityTerm -Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#weightedpodaffinityterm-v1-core. +Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#weightedpodaffinityterm-v1-core. diff --git a/tools/mariadb-enterprise-operator/docker-images.md b/tools/mariadb-enterprise-operator/docker-images.md index 3156c34c98..2a3f6cec4a 100644 --- a/tools/mariadb-enterprise-operator/docker-images.md +++ b/tools/mariadb-enterprise-operator/docker-images.md @@ -19,11 +19,11 @@ MariaDB Enterprise Kubernetes Operator is compatible with the following Docker i | Component | Image | Supported Tags | CPU Architecture | |-----------|-------|----------------|------------------| -| MariaDB Enterprise Kubernetes Operator (ppc64le support) | docker.mariadb.com/mariadb-enterprise-operator | 25.8.0
| amd64
arm64
ppc64le
| +| MariaDB Enterprise Kubernetes Operator (ppc64le support) | docker.mariadb.com/mariadb-enterprise-operator | 25.8.0
25.10.0
| amd64
arm64
ppc64le
| | MariaDB Enterprise Kubernetes Operator | docker.mariadb.com/mariadb-enterprise-operator | 1.0.0
| amd64
arm64
| -| MariaDB Enterprise Server (ppc64le support) | docker.mariadb.com/enterprise-server | 11.4.7-4.3
11.4.7-4.2
11.4.7-4.1
11.4
10.6.22-18.1
10.6
| amd64
arm64
ppc64le
| +| MariaDB Enterprise Server (ppc64le support) | docker.mariadb.com/enterprise-server | 11.8.3-1
11.4.8-5
11.4.7-4.3
11.4.7-4.2
11.4.7-4.1
11.4
10.6.23-19
10.6.22-18.1
10.6
| amd64
arm64
ppc64le
| | MariaDB Enterprise Server | docker.mariadb.com/enterprise-server | 11.4.5-3
11.4.4-2
10.6.21-17
10.6.20-16.1
10.6.19-15.1
10.6.18-14.2
10.6.17-13.2
| amd64
arm64
| -| MaxScale Enterprise (ppc64le support) | docker.mariadb.com/maxscale | 25.01.3-1
25.01
| amd64
arm64
ppc64le
| +| MaxScale Enterprise (ppc64le support) | docker.mariadb.com/maxscale | 25.10.0
25.01.4
25.01.3-1
25.01
| amd64
arm64
ppc64le
| | MaxScale Enterprise | docker.mariadb.com/maxscale-enterprise | 25.01.2
25.01.1
| amd64
arm64
| | MaxScale | mariadb/maxscale | 24.02.5-ubi
24.02-ubi
23.08.9-ubi
23.08-ubi
| amd64
arm64
| | MariaDB Prometheus Exporter (ppc64le support) | mariadb/mariadb-prometheus-exporter-ubi | 1.1.0
| amd64
arm64
ppc64le
| diff --git a/tools/mariadb-enterprise-operator/examples-catalog.md b/tools/mariadb-enterprise-operator/examples-catalog.md index 054cea6fea..22ff5c27ee 100644 --- a/tools/mariadb-enterprise-operator/examples-catalog.md +++ b/tools/mariadb-enterprise-operator/examples-catalog.md @@ -35,10 +35,11 @@ Some examples rely on external dependencies for specific tasks, make sure to ins It is recommended to complement the examples with the [API reference](api-reference.md) documentation to understand the full range of configuration options available. -If you are looking for production-grade examples, you can check the `mariadb_galera_production.yaml` and `maxscale_galera_production.yaml` examples. +If you are looking for production-grade examples, you can check the following manifests: +- `mariadb_replication_production.yaml` and `maxscale_replication_production.yaml` for [asynchronous replication](./topologies/replication.md) +- `mariadb_galera_production.yaml` and `maxscale_galera_production.yaml` for [Galera](./topologies/galera.md) {% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} - {% @marketo/form formId="4316" %} diff --git a/tools/mariadb-enterprise-operator/external-mariadb.md b/tools/mariadb-enterprise-operator/external-mariadb.md new file mode 100644 index 0000000000..ec577ff7e0 --- /dev/null +++ b/tools/mariadb-enterprise-operator/external-mariadb.md @@ -0,0 +1,92 @@ +# External MariaDB + +`mariadb-enterprise-operator` supports managing resources in external MariaDB instances i.e running outside of the Kubernetes cluster where the operator runs. This feature allows to manage users, privileges, databases, run SQL jobs declaratively and taking backups using the same CRs that you use to manage internal MariaDB instances. + +## `ExternalMariaDB` configuration + +The `ExternalMariaDB` resource is similar to the internal `MariaDB` resource, but we need to provide a `host`, `username` and a reference to a `Secret` containing the user password. These will be the connection details that the operator will use to connect to the external MariaDB in order to manage resources, make sure that the specified user has enough privileges: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: ExternalMariaDB +metadata: + name: external-mariadb +spec: + host: mariadb.example.com + port: 3306 + username: root + passwordSecretKeyRef: + name: mariadb + key: password + connection: + secretName: external-mariadb + healthCheck: + interval: 5s +``` +If you need to use TLS to connect to the external MariaDB, you can provide the server CA certificate and the client certificate `Secrets` via the `tls` field: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: ExternalMariaDB +metadata: + name: external-mariadb +spec: + host: mariadb.example.com + port: 3306 + username: root + passwordSecretKeyRef: + name: mariadb + key: password + tls: + enabled: true + clientCertSecretRef: + name: client-cert-secret + serverCASecretRef: + name: ca-cert-secret + connection: + secretName: external-mariadb + healthCheck: + interval: 5s + retryInterval: 10s +``` +As a result, you will be able to specify the `ExternalMariaDB` as a reference in [multiple objects](#supported-objects), the same way you would do for a internal `MariaDB` resource. + +As part of the `ExternalMariaDB` reconciliation, a `Connection` will be created whenever the `connection` template is specified. This could be handy to track the external connection status and declaratively create a connection string in a `Secret` to be consumed by applications to connect to the external `MariaDB`. + +## Supported objects + +Currently, the `ExternalMariaDB` resource is supported by the following objects: +- `Connection` +- `User` +- `Grant` +- `Database` +- `Backup` +- `SqlJob` + +You can use it as an internal `MariaDB` resource, just by setting `kind` to `ExternalMariaDB` in the `mariaDBRef` field: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: User +metadata: + name: user-external +spec: + name: user + mariaDbRef: + name: external-mariadb + kind: ExternalMariaDB + passwordSecretKeyRef: + name: mariadb + key: password + maxUserConnections: 20 + host: "%" + cleanupPolicy: Delete + requeueInterval: 10h + retryInterval: 30s +``` + +When the previous example gets reconciled, an user will be created in the referred external MariaDB instance. + +{% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} + +{% @marketo/form formId="4316" %} diff --git a/tools/mariadb-enterprise-operator/installation/helm.md b/tools/mariadb-enterprise-operator/installation/helm.md index b2d8421c6a..af3314049f 100644 --- a/tools/mariadb-enterprise-operator/installation/helm.md +++ b/tools/mariadb-enterprise-operator/installation/helm.md @@ -65,9 +65,27 @@ helm install mariadb-enterprise-operator mariadb-enterprise-operator/mariadb-ent -f values.yaml \ --set metrics.enabled=true --set webhook.cert.certManager.enabled=true ``` - Refer to the [operator helm values](helm.md#operator-helm-values) section for detailed information about the supported values. +## Long-Term Support Versions + +MariaDB Enterprise Kubernetes Operator provides stable Long-Term Support (LTS) versions. + +| Version | Supported Kubernetes Versions | Description | +|---------|------------------------------|-------------| +| `25.10` | `>=1.32.0-0 <= 1.34.0-0` | LTS 25.10. It was tested to work up to kubernetes v1.34. | + +If you instead wish to install a specific LTS release, you can do: + +```sh +helm install --version "25.10.*" mariadb-enterprise-operator-crds mariadb-enterprise-operator/mariadb-enterprise-operator-crds +helm install mariadb-enterprise-operator mariadb-enterprise-operator/mariadb-enterprise-operator \ + -f values.yaml \ + --version "25.10.*" +``` + +Where: `--version "25.10.*"` installs the most recent available release within the 25.10 series. + ## Deployment modes The following deployment modes are supported: @@ -100,6 +118,11 @@ helm install mariadb-enterprise-operator \ Make sure you read and understand the [updates documentation](../updates.md) before proceeding to update the operator. {% endhint %} +{% hint style="warning" %} +To install a [Long-Term Support (LTS)](#long-term-support-versions) version instead, replace `` with your desired LTS release. +For example: `--version "25.10.*"` will automatically install the latest available patch within that LTS series. +{% endhint %} + The first step is upgrading the CRDs that the operator depends on: ```sh diff --git a/tools/mariadb-enterprise-operator/installation/openshift.md b/tools/mariadb-enterprise-operator/installation/openshift.md index 17008d07b9..c3ab90a96f 100644 --- a/tools/mariadb-enterprise-operator/installation/openshift.md +++ b/tools/mariadb-enterprise-operator/installation/openshift.md @@ -57,7 +57,6 @@ spec: name: mariadb-enterprise-operator source: certified-operators sourceNamespace: openshift-marketplace - startingCSV: mariadb-enterprise-operator.v1.0.0 ``` This will use the `global-operators` `OperatorGroup` that is created by default in the `openshift-operators` namespace. This `OperatorGroup` will watch all namespaces in the cluster, and the operator will be able to manage resources across all namespaces. @@ -98,12 +97,32 @@ spec: name: mariadb-enterprise-operator source: certified-operators sourceNamespace: openshift-marketplace - startingCSV: mariadb-enterprise-operator.v1.0.0 ``` ## Release channels -Currently, the only release channel available to install the operator is `stable`, which contains supported releases of the operator. This is controlled by the `channel` field in the `Subscription` object. +We maintain support across a variety of OpenShift channels to ensure compatibility with different release schedules and stability requirements. Below, you will find an overview of the specific OpenShift channels we support. + +| Channel | Supported OpenShift Versions | Description | +|---------|------------------------------|-------------| +| `stable` | 4.18, 4.16 | Points to the latest stable version of the operator. This channel may span multiple major versions. | `mariadb-enterprise-operator:25.8.1-1` | +| `stable-v25.10` | 4.18, 4.16 | v25.10.x is an LTS release. This channel points to the latest **patch** release of 25.10. Use this if you require version pinning to a stable version of the operator without necessarily looking for newer features. | + +An example Subscription would look like this: + +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: mariadb-enterprise-operator + namespace: openshift-operators +spec: + channel: stable # Change this to the actual channel you want + installPlanApproval: Automatic + name: mariadb-enterprise-operator + source: certified-operators + sourceNamespace: openshift-marketplace +``` ## Updates diff --git a/tools/mariadb-enterprise-operator/introduction.md b/tools/mariadb-enterprise-operator/introduction.md index 9149b28874..133718cfec 100644 --- a/tools/mariadb-enterprise-operator/introduction.md +++ b/tools/mariadb-enterprise-operator/introduction.md @@ -41,8 +41,10 @@ Operational expertise is baked into the `MariaDB` and `MaxScale` APIs and seamle ## MariaDB Enterprise Kubernetes Operator Features * Provision and Configure MariaDB and MaxScale Declaratively: Define MariaDB Enterprise Server and MaxScale clusters in YAML manifests and deploy them with ease in Kubernetes. -* High Availability with Galera: Ensure availability with MariaDB Enterprise Cluster, providing synchronous multi-master replication. -* Query and Connection-Based Routing with MaxScale: MaxScale provides query routing and connection load balancing for improved application performance. +* Multiple [Highly Available](./topologies/high-availability.md) Topologies supported: + * [Asynchronous Replication](./topologies/replication.md) + * [Synchronous Multi-Master with MariaDb Enterprise Cluster](./topologies/galera.md) + * [MaxScale](./topologies/maxscale.md) as a Database proxy to load balance requests and perform failover/switchover operations. * Cluster-Aware Rolling Updates: Perform rolling updates on MariaDB and MaxScale clusters, ensuring zero-downtime upgrades with no disruptions to your applications. * Flexible Storage Configuration and Volume Expansion: Easily configure storage for MariaDB instances, including the ability to expand volumes as needed. * Physical Backups based on [mariadb-backup](https://mariadb.com/docs/server/server-usage/backup-and-restore/mariadb-backup/full-backup-and-restore-with-mariadb-backup) and [Kubernetes VolumeSnapshots](https://kubernetes.io/docs/concepts/storage/volume-snapshots/). By leveraging the [BACKUP STAGE](https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/backup-commands/backup-stage) feature, backups are taken without long read locks or service interruptions. diff --git a/tools/mariadb-enterprise-operator/migrations/enabling-tls-in-existing-instances.md b/tools/mariadb-enterprise-operator/migrations/enabling-tls-in-existing-instances.md index 1c023d68db..fdb76c2826 100644 --- a/tools/mariadb-enterprise-operator/migrations/enabling-tls-in-existing-instances.md +++ b/tools/mariadb-enterprise-operator/migrations/enabling-tls-in-existing-instances.md @@ -90,7 +90,7 @@ spec: + enabled: true ``` -**8.** `MaxScale` is now accepting TLS connections. Next, you need to [migrate your applications to use TLS](../tls.md) by pointing them back to `MaxScale` securely. You have done this previously for `MariaDB`, you just need to update your application configuration to use the [MaxScale Service](../maxscale-database-proxy.md#kubernetes-services) and its CA bundle. +**8.** `MaxScale` is now accepting TLS connections. Next, you need to [migrate your applications to use TLS](../tls.md) by pointing them back to `MaxScale` securely. You have done this previously for `MariaDB`, you just need to update your application configuration to use the [MaxScale Service](../topologies/maxscale.md#kubernetes-services) and its CA bundle. {% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} diff --git a/tools/mariadb-enterprise-operator/migrations/migrate-25.10.md b/tools/mariadb-enterprise-operator/migrations/migrate-25.10.md new file mode 100644 index 0000000000..8cbf44bcc2 --- /dev/null +++ b/tools/mariadb-enterprise-operator/migrations/migrate-25.10.md @@ -0,0 +1,84 @@ +# 25.10 LTS migration guide + +This guide illustrates, step by step, how to migrate to `25.10.0` from previous versions. + + +- The Galera data-plane must be updated to the `25.10.0` version. You must set `updateStrategy.autoUpdateDataPlane=true` in your `MariaDB` resources before updating the operator. Then, once updated, the operator will also be updating the data-plane based on its version: +```diff +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-galera +spec: + updateStrategy: ++ autoUpdateDataPlane: true +``` + +- Then, you may proceeed to update the operator. If you are using __Helm__: + +Upgrade `mariadb-enterprise-operator-crds` to `25.10.0`: +```bash +helm repo update mariadb-enterprise-operator +helm upgrade --install mariadb-enterprise-operator-crds mariadb-enterprise-operator/mariadb-enterprise-operator-crds --version 25.10.0 +``` + +Upgrade `mariadb-enterprise-operator` to `25.10.0`: +```bash +helm repo update mariadb-enterprise-operator +helm upgrade --install mariadb-enterprise-operator mariadb-enterprise-operator/mariadb-enterprise-operator --version 25.10.0 +``` + +As part of the 25.10 LTS release, we have introduced support for LTS versions. Refer to the [Helm docs](https://mariadb.com/docs/tools/mariadb-enterprise-operator/installation/helm#long-term-support-versions) for sticking to LTS versions. + +- If you are on __OpenShift__: + + +Update the `startingCSV` in your `Subscription` object: +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: mariadb-enterprise-operator + namespace: openshift-operators +spec: + channel: stable + installPlanApproval: Manual + name: mariadb-enterprise-operator + source: certified-operators + sourceNamespace: openshift-marketplace + startingCSV: mariadb-enterprise-operator.v25.10.0 +``` + +As part of the 25.10 LTS release, we have introduced new [release channels](https://mariadb.com/docs/tools/mariadb-enterprise-operator/installation/openshift#release-channels). Consider switching to the `stable-v25.10` if you are willing to stay in the `25.10.x` version: + +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: mariadb-enterprise-operator + namespace: openshift-operators +spec: + channel: stable-v25.10 + installPlanApproval: Automatic + name: mariadb-enterprise-operator + source: certified-operators + sourceNamespace: openshift-marketplace +``` + +- Consider reverting `updateStrategy.autoUpdateDataPlane` back to `false` to avoid unexpected updates: + +```diff +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-galera +spec: + updateStrategy: ++ autoUpdateDataPlane: false +- autoUpdateDataPlane: true +``` + +{% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} + + +{% @marketo/form formId="4316" %} \ No newline at end of file diff --git a/tools/mariadb-enterprise-operator/plugins/supported-docker-images.md b/tools/mariadb-enterprise-operator/plugins/supported-docker-images.md index f57992c9fb..db421d2173 100644 --- a/tools/mariadb-enterprise-operator/plugins/supported-docker-images.md +++ b/tools/mariadb-enterprise-operator/plugins/supported-docker-images.md @@ -23,7 +23,8 @@ Each supported plugin will have a section on how to install it. | Component | Image | Supported Tags | CPU Architecture | |-----------|-------|----------------|------------------| -| MariaDB Enterprise Server (ppc64le support) | docker.mariadb.com/enterprise-server | 11.4.7-4.3
11.4
| amd64
arm64
ppc64le
| +| MariaDB Enterprise Server (ppc64le support) | docker.mariadb.com/enterprise-server | 11.8.3-1
11.4.8-5
11.4.7-4.3
11.4.7-4.2
11.4.7-4.1
11.4
10.6.23-19
10.6.22-18.1
10.6
| amd64
arm64
ppc64le
| + {% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} diff --git a/tools/mariadb-enterprise-operator/storage.md b/tools/mariadb-enterprise-operator/storage.md index 6cb12a102e..aed6222616 100644 --- a/tools/mariadb-enterprise-operator/storage.md +++ b/tools/mariadb-enterprise-operator/storage.md @@ -78,7 +78,7 @@ spec: waitForVolumeResize: true ``` -Depending on your storage provider, this operation might take a while, and you can decide to wait for this operation before the `MariaDB` becomes ready by setting `waitForVolumeResize = true`. Operations such as [Galera cluster recovery](galera-cluster.md#galera-cluster-recovery) and [primary switchover](https://app.gitbook.com/s/3VYeeVGUV4AMqrA3zwy7/high-availability) will not be performed if the `MariaDB` resource is not ready. +Depending on your storage provider, this operation might take a while, and you can decide to wait for this operation before the `MariaDB` becomes ready by setting `waitForVolumeResize = true`. Operations such as [Galera cluster recovery](./topologies/galera.md#galera-cluster-recovery) and [primary switchover](https://app.gitbook.com/s/3VYeeVGUV4AMqrA3zwy7/high-availability) will not be performed if the `MariaDB` resource is not ready. ## Ephemeral storage diff --git a/tools/mariadb-enterprise-operator/tls.md b/tools/mariadb-enterprise-operator/tls.md index cfaca56ebe..20dedfcaed 100644 --- a/tools/mariadb-enterprise-operator/tls.md +++ b/tools/mariadb-enterprise-operator/tls.md @@ -869,7 +869,7 @@ If you are willing to increase the enforcement level in an existing instance, ma ## Secure application connections with TLS -In this guide, we will configure TLS for an application running in the `app` namespace to connect with `MariaDB` and `MaxScale` instances deployed in the `default` namespace. We assume that the following resources are already present in the `default` namespace: +In this guide, we will configure TLS for an application running in the `app` namespace to connect with `MariaDB` and `MaxScale` instances deployed in the `default` namespace. We assume that the following resources are already present in the `default` namespace with TLS enabled: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 diff --git a/tools/mariadb-enterprise-operator/topologies/README.md b/tools/mariadb-enterprise-operator/topologies/README.md new file mode 100644 index 0000000000..4b4de4678b --- /dev/null +++ b/tools/mariadb-enterprise-operator/topologies/README.md @@ -0,0 +1,6 @@ +--- +description: >- + Different topologies supported by the operator. +--- + +# Topologies diff --git a/tools/mariadb-enterprise-operator/topologies/data-plane.md b/tools/mariadb-enterprise-operator/topologies/data-plane.md new file mode 100644 index 0000000000..5c0a241ce1 --- /dev/null +++ b/tools/mariadb-enterprise-operator/topologies/data-plane.md @@ -0,0 +1,65 @@ +# Data-plane + +In order to effectively manage the full lifecycle of both [replication](./replication.md) and [Galera](./galera.md) topologies, the operator relies on a set of components that run alonside the MariaDB instances and expose APIs for remote management. These components are collectively referred to as the "data-plane". + +## Components + +The mariadb-enterprise-operator data-plane components are implemented as lightweight containers that run alongside the MariaDB instances within the same `Pod`. These components are available in the operator image. More preciselly, they are subcommands of the CLI shipped as binary inside the image. + +#### Init container + +The init container is reponsible for dynamically generating the Pod-specifc configuration files before the MariaDB container starts. It also plays a crucial role in the MariaDB container startup, enabling replica recovery for the replication topolology and guaranteeing ordered deployment of Pods for the Galera topology. + +#### Agent sidecar + +The agent sidecar provides an HTTP API that enables the operator to remotely manage MariaDB instances. Through this API, the operator is able to remotely operate the data directory and handle the instance lifecycle, including operations such as replica recovery for replication and cluster recovery for the Galera topology. + +It supports [multiple authentication](#agent-auth-methods) methods to ensure that only the operator is able to call the agent API. + +## Agent auth methods + +As previously mentioned, the agent exposes an API to remotely manage the replication and Galera clusters. The following authentication methods are supported to ensure that only the operator is able to call the agent: + +#### `ServiceAccount` based authentication + +The operator uses its `ServiceAccount` token as a mean of authentication for communicating with the agent, which subsequently verifies the token by creating a [`TokenReview` object](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/). This is the default authentication method and will be automatically applied by setting: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replication: + agent: + kubernetesAuth: + enabled: true +``` +This Kubernetes-native authentication mechanism eliminates the need for the operator to manage credentials, as it relies entirely on Kubernetes for this purpose. However, the drawback is that the agent requires cluster-wide permissions to impersonate the [`system:auth-delegator`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#other-component-roles) `ClusterRole` and to create [`TokenReviews`](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/), which are cluster-scoped objects. + +#### Basic authentication + +As an alternative, the agent also supports basic authentication: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replication: + agent: + basicAuth: + enabled: true +``` + +Unlike the [`ServiceAccount` based authentication](#serviceaccount-based-authentication), the operator needs to explicitly generate credentials to authenticate. The advantage of this approach is that it is entirely decoupled from Kubernetes and it does not require cluster-wide permissions on the Kubernetes API. + + +## Updates + +Please refer to the updates documentation for more information about [how to update the data-plane](../updates.md#data-plane-updates). + +{% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} + +{% @marketo/form formId="4316" %} diff --git a/tools/mariadb-enterprise-operator/galera-cluster.md b/tools/mariadb-enterprise-operator/topologies/galera.md similarity index 83% rename from tools/mariadb-enterprise-operator/galera-cluster.md rename to tools/mariadb-enterprise-operator/topologies/galera.md index c562cf8b83..75c501bd60 100644 --- a/tools/mariadb-enterprise-operator/galera-cluster.md +++ b/tools/mariadb-enterprise-operator/topologies/galera.md @@ -2,18 +2,9 @@ MariaDB Enterprise Kubernetes Operator provides cloud native support for provisioning and operating multi-master MariaDB clusters using Galera. This setup enables the ability to perform writes on a single node and reads in all nodes, enhancing availability and allowing scalability across multiple nodes. -In certain circumstances, it could be the case that all the nodes of your cluster go down at the same time, something that Galera is not able to recover by itself, and it requires manual action to bring the cluster up again, as documented in the [Galera documentation](https://galeracluster.com/library/documentation/crash-recovery.html). The MariaDB Enterprise Kubernetes Operator encapsulates this operational expertise in the `MariaDB` CR. You just need to declaratively specify `spec.galera`, as explained in more detail [later in this guide](galera-cluster.md#mariadb-configuration). +In certain circumstances, it could be the case that all the nodes of your cluster go down at the same time, something that Galera is not able to recover by itself, and it requires manual action to bring the cluster up again, as documented in the [Galera documentation](https://galeracluster.com/library/documentation/crash-recovery.html). The MariaDB Enterprise Kubernetes Operator encapsulates this operational expertise in the `MariaDB` CR. You just need to declaratively specify `spec.galera`, as explained in more detail [later in this guide](#mariadb-configuration). -To accomplish this, after the MariaDB cluster has been provisioned, the operator will regularly monitor the cluster's status to make sure it is healthy. If any issues are detected, the operator will initiate the [recovery process](galera-cluster.md#galera-cluster-recovery) to restore the cluster to a healthy state. During this process, the operator will set status conditions in the `MariaDB` and emit `Events` so you have a better understanding of the recovery progress and the underlying activities being performed. For example, you may want to know which `Pods` were out of sync to further investigate infrastructure-related issues (i.e. networking, storage...) on the nodes where these `Pods` were scheduled. - -## Data-plane - -To be able to effectively provision and recover MariaDB Galera clusters, the following data-plane components run alongside MariaDB and co-operate with MariaDB Enterprise Kubernetes Operator: - -* init: Init container that dynamically provisions the Galera configuration file before the MariaDB container starts. Guarantees ordered deployment of `Pods` even if `spec.podManagementPolicy=Parallel` is set on the MariaDB `StatefulSet`, something crucial for performing the Galera recovery, as the operator needs to restart `Pods` independently. -* agent: Sidecar agent that exposes the Galera state ([grastate.dat](https://galeracluster.com/2016/11/introducing-the-safe-to-bootstrap-feature-in-galera-cluster/)) via HTTP and allows the operator to remotely bootstrap and recover the Galera cluster. It comes with [multiple auth methods](galera-cluster.md#agent-auth-methods) to ensure that only the operator is able to call the agent. - -All these components are available in the operator image. More preciselly, they are subcommands of the CLI shipped as binary inside the image. +To accomplish this, after the MariaDB cluster has been provisioned, the operator will regularly monitor the cluster's status to make sure it is healthy. If any issues are detected, the operator will initiate the [recovery process](#galera-cluster-recovery) to restore the cluster to a healthy state. During this process, the operator will set status conditions in the `MariaDB` and emit `Events` so you have a better understanding of the recovery progress and the underlying activities being performed. For example, you may want to know which `Pods` were out of sync to further investigate infrastructure-related issues (i.e. networking, storage...) on the nodes where these `Pods` were scheduled. ## `MariaDB` configuration @@ -80,47 +71,8 @@ A list of the available options can be found in the [MariaDB documentation](http ## IPv6 support -If you have a Kubernetes cluster running with IPv6, the operator will automatically detect the IPv6 addresses of your `Pods` and it will configure several [wsrep provider](galera-cluster.md#wsrep-provider) options to ensure that the Galera protocol runs smoothly with IPv6. - -## Agent auth methods - -As previously mentioned in the [data-plane](galera-cluster.md#data-plane) section, the agent exposes an API to remotely manage the MariaDB Galera cluster. The following authentication methods are supported to ensure that only the operator is able to call the agent: - -#### `ServiceAccount` based authentication - -The operator uses its `ServiceAccount` token as a mean of authentication for communicating with the agent, which subsequently verifies the token by creating a [TokenReview object](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/). This is the default authentication method and will be automatically applied by setting: - -```yaml -apiVersion: enterprise.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-galera -spec: - galera: - agent: - kubernetesAuth: - enabled: true -``` - -This Kubernetes-native authentication mechanism eliminates the need for the operator to manage credentials, as it relies entirely on Kubernetes for this purpose. However, the drawback is that the agent requires cluster-wide permissions to impersonate the [system:auth-delegator](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#other-component-roles) `ClusterRole` and to create [TokenReviews](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/), which are cluster-scoped objects. - -#### Basic authentication - -As an alternative, the agent also supports basic authentication: - -```yaml -apiVersion: enterprise.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-galera -spec: - galera: - agent: - basicAuth: - enabled: true -``` +If you have a Kubernetes cluster running with IPv6, the operator will automatically detect the IPv6 addresses of your `Pods` and it will configure several [wsrep provider](#wsrep-provider) options to ensure that the Galera protocol runs smoothly with IPv6. -Unlike the [ServiceAccount based authentication](galera-cluster.md#serviceaccount-based-authentication), the operator needs to explicitly generate credentials to authenticate. The advantage of this approach is that it is entirely decoupled from Kubernetes and it does not require cluster-wide permissions on the Kubernetes API. ## Galera cluster recovery @@ -148,7 +100,7 @@ spec: The `minClusterSize` field indicates the minimum cluster size (either absolut number of replicas or percentage) for the operator to consider the cluster healthy. If the cluster is unhealthy for more than the period defined in `clusterHealthyTimeout` (`30s` by default), a cluster recovery process is initiated by the operator. The process is explained in the [Galera documentation](https://galeracluster.com/library/documentation/crash-recovery.html) and consists of the following steps: * Recover the sequence number from the `grastate.dat` on each node. -* Trigger a [recovery Job](galera-cluster.md#galera-recovery-job) to obtain the sequence numbers in case that the previous step didn't manage to. +* Trigger a [recovery Job](#galera-recovery-job) to obtain the sequence numbers in case that the previous step didn't manage to. * Mark the node with highest sequence (bootstrap node) as safe to bootstrap. * Bootstrap a new cluster in the bootstrap node. * Restart and wait until the bootstrap node becomes ready. @@ -263,7 +215,7 @@ Finally, after your cluster has been bootstrapped, remember to unset `forceClust MariaDB Enterprise Kubernetes Operator will never delete your `MariaDB` PVCs. Whenever you delete a `MariaDB` resource, the PVCs will remain intact so you could reuse them to re-provision a new cluster. -That said, Galera is unable to form a cluster from pre-existing state, it requires a [cluster recovery](galera-cluster.md#galera-cluster-recovery) process to identify which `Pod` has the highest sequence number to bootstrap a new cluster. That's exactly what the operator does: whenever a new `MariaDB` Galera cluster is created and previously created PVCs exist, a cluster recovery process is automatically triggered. +That said, Galera is unable to form a cluster from pre-existing state, it requires a [cluster recovery](#galera-cluster-recovery) process to identify which `Pod` has the highest sequence number to bootstrap a new cluster. That's exactly what the operator does: whenever a new `MariaDB` Galera cluster is created and previously created PVCs exist, a cluster recovery process is automatically triggered. ## Quickstart @@ -570,7 +522,7 @@ kubectl logs mariadb-galera-0 -c mariadb 2023-08-03 19:27:10 2 [Note] WSREP: Synchronized with group, ready for connections ``` -Once you are done with these steps, you will have the context required to jump ahead to the [Common errors](galera-cluster.md#common-errors) section to see if any of them matches your case. +Once you are done with these steps, you will have the context required to jump ahead to the [Common errors](#common-errors) section to see if any of them matches your case. ### Common errors @@ -593,16 +545,16 @@ kubectl get events --field-selector involvedObject.name=mariadb-galera * If you have `Pods` named `--recovery-` running for a long time, check its logs to understand if something is wrong. -One of the reasons could be misconfigured Galera recovery `Jobs`, please make sure you read [this section](galera-cluster.md#galera-recovery-job). If after checking all the points above, there are still no clear symptoms of what could be wrong, continue reading. +One of the reasons could be misconfigured Galera recovery `Jobs`, please make sure you read [this section](#galera-recovery-job). If after checking all the points above, there are still no clear symptoms of what could be wrong, continue reading. -First af all, you could attempt to forcefully bootstrap a new cluster as it is described in [this section](galera-cluster.md#force-cluster-bootstrap). Please, refrain from doing so if the conditions described in the docs are not met. +First af all, you could attempt to forcefully bootstrap a new cluster as it is described in [this section](#force-cluster-bootstrap). Please, refrain from doing so if the conditions described in the docs are not met. Alternatively, if you can afford some downtime and your PVCs are in healthy state, you may follow this procedure: * Delete your existing `MariaDB`, this will leave your PVCs intact. -* Create your `MariaDB` again, this will trigger a Galera recovery process as described in [this section](galera-cluster.md#bootstrap-galera-cluster-from-existing-pvcs). +* Create your `MariaDB` again, this will trigger a Galera recovery process as described in [this section](#bootstrap-galera-cluster-from-existing-pvcs). -As a last resource, you can always delete the PVCs and bootstrap a new `MariaDB` from a backup as documented [here](backup-and-restore.md#bootstrap-new-mariadb-instances). +As a last resource, you can always delete the PVCs and bootstrap a new `MariaDB` from a backup as documented [here](../backup-and-restore/logical_backup.md#bootstrap-new-mariadb-instances). #### Permission denied writing Galera configuration diff --git a/tools/mariadb-enterprise-operator/high-availability.md b/tools/mariadb-enterprise-operator/topologies/high-availability.md similarity index 69% rename from tools/mariadb-enterprise-operator/high-availability.md rename to tools/mariadb-enterprise-operator/topologies/high-availability.md index c6fbbc2693..6a4e9889b8 100644 --- a/tools/mariadb-enterprise-operator/high-availability.md +++ b/tools/mariadb-enterprise-operator/topologies/high-availability.md @@ -2,32 +2,45 @@ {% include "https://app.gitbook.com/s/GxVnu02ec8KJuFSxmB93/~/reusable/6PNX0xBioKkO8lDBFeGN/" %} -This section provide guidance on how to run `MariaDB` and `MaxScale` in high availability mode. If you are looking to run the operator in HA as well, please refer to the [Helm documentation](installation/helm.md). +This section provides guidance on how to configure high availability in `MariaDB` and `MaxScale` instances. If you are looking for an HA setup for the operator, please refer to the [Helm documentation](../installation/helm.md#operator-high-availability). -Our recommended HA setup for production is: +Our recommended setup for production is: +* Use a **[highly available topology](#highly-available-topologies)** for MariaDB: + * **[Asynchronous replication](./replication.md)** with a primary node and at least 2 replicas. + * Synchronous multi-master **[Galera](./galera.md)** with at least 3 nodes. Always an odd number of nodes, as it is quorum-based. +* Leverage **[MaxScale](./maxscale.md)** as database proxy to load balance requests and perform failover/switchover operations. Configure 2 replicas to enable MaxScale upgrades without downtime. +* Use [dedicated nodes](#dedicated-nodes) to avoid noisy neighbours. +* Define [pod disruption budgets](#pod-disruption-budgets). -* [Galera](galera-cluster.md) with at least 3 nodes. Always an odd number of nodes. -* [MaxScale](maxscale-database-proxy.md) with at least 2 nodes to load balance requests to the [Galera](galera-cluster.md) cluster. -* Use [dedicated nodes](high-availability.md#dedicated-nodes) to avoid noisy neighbours. -* Define [pod disruption budgets](high-availability.md#pod-disruption-budgets). +## Highly Available Topologies -Refer to the following sections for further detail. +* **[Asynchronous replication](./replication.md)**: The primary node allows both reads and writes, while secondary nodes only serve reads. The primary has a binary log and the replicas asynchronously replicate the binary log events. +* **[Synchronous multi-master Galera](./galera.md)**: All nodes support reads and writes, but writes are only sent to one node to avoid contention. The fact that is synchronous and that all nodes are equally configured makes the primary failover/switchover operation seamless and usually instantaneous. ## Kubernetes Services In order to address nodes, MariaDB Enterprise Kubernetes Operator provides you with the following Kubernetes `Services`: -* ``: To be used for read requests. It will point to all nodes. -* `-primary`: To be used for write requests. It will point to a single node, the primary. -* `-secondary`: To be used for read requests. It will point to all nodes, except the primary. +* ``: This is the default `Service`, only intended for the [standalone topology](./standalone.md). +* `-primary`: To be used for write requests. It will point to the primary node. +* `-secondary`: To be used for read requests. It will load balance requests to all nodes except the primary. Whenever the primary changes, either by the user or by the operator, both the `-primary` and `-secondary` `Services` will be automatically updated by the operator to address the right nodes. -The primary may be manually changed by the user at any point by updating the `spec.galera.primary.podIndex` field. Alternatively, automatic primary failover can be enabled by setting `spec.galera.primary.automaticFailover`, which will make the operator to switch primary whenever the primary `Pod` goes down. +The primary may be manually changed by the user at any point by updating the `spec.[replication|galera].primary.podIndex` field. Alternatively, automatic primary failover can be enabled by setting `spec.[replication|galera].primary.autoFailover`, which will make the operator to switch primary whenever the primary `Pod` goes down. + ## MaxScale -While Kubernetes `Services` can be utilized to dynamically address primary and secondary instances, the most robust high availability configuration we recommend relies on MaxScale. Please refer to [MaxScale docs](maxscale-database-proxy.md) for further detail. +While Kubernetes `Services` can be used for addressing primary and secondary instances, we recommend utilizing [MaxScale](./maxscale.md) as database proxy for doing so, as it comes with additional advantages: +* Enhanced failover/switchover operations for both replication and Galera +* Single entrypoint for both reads and writes +* Multiple router modules available to define how to route requests +* Replay pending transaction when primary goes down +* Ability to choose whether the old primary rejoins as a replica +* Connection pooling + +The full lifecyle of the MaxScale proxy is covered by this operator. Please refer to [MaxScale docs](./maxscale.md) for further detail. ## Pod Anti-Affinity @@ -149,7 +162,7 @@ Tainting your `Nodes` is not covered by this operator, it is something you need Although you can use the default `Node` labels, you may consider adding more significative labels to your `Nodes`, as you will have to set to them in your `Pod` `nodeSelector`. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/#add-a-label-to-a-node). {% endhint %} -* Add `podAntiAffinity` to your `Pods` as described in the [Pod Anti-Affinity](high-availability.md#pod-anti-affinity) section. +* Add `podAntiAffinity` to your `Pods` as described in the [Pod Anti-Affinity](#pod-anti-affinity) section. The previous steps can be achieved by setting these fields in the `MariaDB` resource: diff --git a/tools/mariadb-enterprise-operator/maxscale-database-proxy.md b/tools/mariadb-enterprise-operator/topologies/maxscale.md similarity index 72% rename from tools/mariadb-enterprise-operator/maxscale-database-proxy.md rename to tools/mariadb-enterprise-operator/topologies/maxscale.md index 4d08da7830..bbe2ee8424 100644 --- a/tools/mariadb-enterprise-operator/maxscale-database-proxy.md +++ b/tools/mariadb-enterprise-operator/topologies/maxscale.md @@ -24,12 +24,12 @@ A server defines the backend database servers that MaxScale forwards traffic to. #### Monitors -A monitor is an agent that queries the state of the servers and makes it available to the services in order to route traffic based on it. For more detailed information, please consult the [monitor reference](broken-reference/). +A monitor is an agent that queries the state of the servers and makes it available to the services in order to route traffic based on it. For more detailed information, please consult the [monitor reference](https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#monitor). Depending on which highly available configuration your servers have, you will need to choose betweeen the following modules: -* [Galera Monitor](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/reference/mariadb-maxscale-2501-maxscale-25-01-monitors/mariadb-maxscale-2501-maxscale-2501-galera-monitor): Detects whether servers are part of the cluster, ensuring synchronization among them, and assigning primary and replica roles as needed. -* [MariaDB Monitor](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/reference/mariadb-maxscale-2501-maxscale-25-01-monitors/mariadb-maxscale-2501-maxscale-2501-mariadb-monitor): Probes the state of the cluster, assigns roles to the servers, and executes failover, switchover, and rejoin operations as necessary. +* [Galera Monitor](https://mariadb.com/docs/maxscale/reference/maxscale-monitors/galera-monitor): Detects whether servers are part of the cluster, ensuring synchronization among them, and assigning primary and replica roles as needed. +* [MariaDB Monitor](https://mariadb.com/docs/maxscale/reference/maxscale-monitors/mariadb-monitor): Probes the state of the cluster, assigns roles to the servers, and executes failover, switchover, and rejoin operations as necessary. #### Services @@ -37,8 +37,8 @@ A service defines how the traffic is routed to the servers based on a routing al Depending on your requirements to route traffic, you may choose between the following routers: -* [Readwritesplit](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/reference/mariadb-maxscale-25-01-routers/mariadb-maxscale-2501-maxscale-2501-readwritesplit): Route write queries to the primary server and read queries to the replica servers. -* [Readconnroute](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/reference/mariadb-maxscale-25-01-routers/mariadb-maxscale-2501-maxscale-2501-readconnroute): Load balance connections between multiple servers. +* [Readwritesplit](https://mariadb.com/docs/maxscale/reference/maxscale-routers/maxscale-readwritesplit): Route write queries to the primary server and read queries to the replica servers. +* [Readconnroute](https://mariadb.com/docs/maxscale/reference/maxscale-routers/maxscale-readconnroute): Load balance connections between multiple servers. #### Listeners @@ -58,9 +58,9 @@ spec: name: mariadb-galera ``` -This will provision a new `StatefulSet` for running MaxScale and configure the servers specified by the `MariaDB` resource. Refer to the [Server configuration](maxscale-database-proxy.md#server-configuration) section if you want to manually configure the MariaDB servers. +This will provision a new `StatefulSet` for running MaxScale and configure the servers specified by the `MariaDB` resource. Refer to the [Server configuration](#server-configuration) section if you want to manually configure the MariaDB servers. -The rest of the configuration uses reasonable [defaults](maxscale-database-proxy.md#defaults) set automatically by the operator. If you need a more fine grained configuration, you can provide this values yourself: +The rest of the configuration uses reasonable [defaults](#defaults) set automatically by the operator. If you need a more fine grained configuration, you can provide this values yourself: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -93,11 +93,69 @@ spec: metallb.universe.tf/loadBalancerIPs: 172.18.0.224 ``` -As you can see, the [MaxScale resources](maxscale-database-proxy.md#maxscale-resources) we previously mentioned have a counterpart resource in the `MaxScale` CR. +As you can see, the [MaxScale resources](#maxscale-resources) we previously mentioned have a counterpart resource in the `MaxScale` CR. -You also need to set a reference in the `MariaDB` resource to make it `MaxScale`-aware. This is explained in the [MariaDB CR](maxscale-database-proxy.md#mariadb-cr) section. +The previous example configured a `MaxScale` for a Galera cluster, but you may also configure `MaxScale` with a `MariaDB` that uses replication. It is important to note that the monitor module is automatically inferred by the operator based on the `MariaDB` reference you provided, however, its parameters are specific to each monitor module: -Refer to the [API reference](api-reference.md) for further detail. +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MaxScale +metadata: + name: maxscale-repl +spec: +... + mariaDbRef: + name: mariadb-repl + + services: + - name: rw-router + router: readwritesplit + params: + transaction_replay: "true" + transaction_replay_attempts: "10" + transaction_replay_timeout: "5s" + max_slave_connections: "255" + max_replication_lag: "3s" + master_accept_reads: "true" + listener: + port: 3306 + protocol: MariaDBProtocol + params: + connection_metadata: "tx_isolation=auto" + - name: rconn-master-router + router: readconnroute + params: + router_options: "master" + max_replication_lag: "3s" + master_accept_reads: "true" + listener: + port: 3307 + - name: rconn-slave-router + router: readconnroute + params: + router_options: "slave" + max_replication_lag: "3s" + listener: + port: 3308 + + monitor: + interval: 2s + cooperativeMonitoring: majority_of_all + params: + auto_failover: "true" + auto_rejoin: "true" + switchover_on_low_disk_space: "true" + + kubernetesService: + type: LoadBalancer + metadata: + annotations: + metallb.universe.tf/loadBalancerIPs: 172.18.0.214 +``` + +You also need to set a reference in the `MariaDB` resource to make it `MaxScale`-aware. This is explained in the [MariaDB CR](#mariadb-cr) section. + +Refer to the [API reference](../api-reference.md) for further detail. ## `MariaDB` CR @@ -117,11 +175,11 @@ spec: enabled: true ``` -Refer to the [API reference](api-reference.md) for further detail. +Refer to the [API reference](../api-reference.md) for further detail. ## `MaxScale` embedded in `MariaDB` -To streamline the setup outlined in the [MaxScale CR](maxscale-database-proxy.md#mariadb-cr) and [MariaDB CR](maxscale-database-proxy.md#mariadb-cr) sections, you can provision a `MaxScale` to be used with `MariaDB` in just one resource: +To streamline the setup outlined in the [MaxScale CR](#maxscale-cr) and [MariaDB CR](#mariadb-cr) sections, you can provision a `MaxScale` to be used with `MariaDB` in just one resource: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -142,12 +200,11 @@ spec: galera: enabled: true ``` +This will automatically set the references between `MariaDB` and `MaxScale` and [default](#defaults) the rest of the fields. -This will automatically set the references between `MariaDB` and `MaxScale` and [default](maxscale-database-proxy.md#defaults) the rest of the fields. - -It is important to note that, this is intended for simple use cases that only require a single replica and where no further modifications are done on the `spec.maxscale` field. If you need a more fine grained configuration and perform further updates to the `MaxScale` resource, please use a dedicated `MaxScale` as described in the [MaxScale CR](maxscale-database-proxy.md#mariadb-cr) section. +It is important to note that, this is intended for simple use cases that only require a single replica and where no further modifications are done on the `spec.maxscale` field. If you need a more fine grained configuration and perform further updates to the `MaxScale` resource, please use a dedicated `MaxScale` as described in the [MaxScale CR](#maxscale-cr) section. -Refer to the [API reference](api-reference.md) for further detail. +Refer to the [API reference](../api-reference.md) for further detail. ## Defaults @@ -155,7 +212,7 @@ MariaDB Enterprise Kubernetes Operator aims to provide highly configurable CRs, * `spec.servers` are inferred from `spec.mariaDbRef`. * `spec.monitor.module` is inferred from the `spec.mariaDbRef`. -* `spec.monitor.cooperativeMonitoring` is set if [high availability](maxscale-database-proxy.md#high-availability) is enabled. +* `spec.monitor.cooperativeMonitoring` is set if [high availability](#high-availability) is enabled. * If `spec.services` is not provided, a `readwritesplit` service is configured on port `3306` by default. ## Server configuration @@ -229,14 +286,43 @@ spec: key: password ``` -Pointing to external MariaDBs has a some limitations: Since the operator doesn't have a reference to a `MariaDB` resource (`spec.mariaDbRef`), it will be unable to perform the following actions: +Pointing to external MariaDBs has some limitations: Since the operator doesn't have a reference to a `MariaDB` resource (`spec.mariaDbRef`), it will be unable to perform the following actions: * Infer the monitor module (`spec.monitor.module`), so it will need to be provided by the user. -* Autogenerate authentication credentials (`spec.auth`), so they will need to be provided by the user. See [Authentication](maxscale-database-proxy.md#authentication) section. +* Autogenerate authentication credentials (`spec.auth`), so they will need to be provided by the user. See [Authentication](#authentication) section. + +## Primary server switchover + +{% hint style="info" %} +Only the MariaDB Monitor, to be used with MariaDB replication, supports the primary switchover operation. +{% endhint %} + +You can declaratively select the primary server by setting `spec.primaryServer=`: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MaxScale +metadata: + name: maxscale-repl +spec: + primaryServer: mariadb-repl-1 +``` + +This will trigger a switchover operation and MaxScale will promote the specified server to be the new primary server. + +```bash +kubectl patch maxscale maxscale-repl \ + --type='merge' \ + -p '{"spec":{"primaryServer":"mariadb-repl-1"}}' + +kubectl get maxscale +NAME READY STATUS PRIMARY AGE +maxscale-repl False Switching primary to 'mariadb-repl-1' mariadb-repl-0 2m15s +``` ## Server maintenance -You can put servers in maintenance mode by setting `maintenance = true`: +You can put servers in maintenance mode by setting the server field `maintenance=true`: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -244,7 +330,6 @@ kind: MaxScale metadata: name: maxscale-galera spec: -... servers: - name: mariadb-0 address: mariadb-galera-0.mariadb-galera-internal.default.svc.cluster.local @@ -253,8 +338,6 @@ spec: maintenance: true ``` -Maintenance mode prevents MaxScale from routing traffic to the server and also excludes it from being elected as the new primary during failover events. - ## Configuration Similar to MariaDB, MaxScale allows you to provide global configuration parameters in a `maxscale.conf` file. You don't need to provide this config file directly, but instead you can use the `spec.config.params` to instruct the operator to create the `maxscale.conf`: @@ -277,7 +360,7 @@ spec: - ReadWriteOnce ``` -Both this global configuration and the resources created by the operator using the [MaxScale API](maxscale-database-proxy.md#maxscale-api) are stored under a volume provisioned by the `spec.config.volumeClaimTemplate`. +Both this global configuration and the resources created by the operator using the [MaxScale API](#maxscale-api) are stored under a volume provisioned by the `spec.config.volumeClaimTemplate`. Refer to the [troubleshooting](#troubleshooting) if you are getting errors writing on this volume. Refer to the [MaxScale reference](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/reference/mariadb-maxscale-2501-maxscale-2501-configuration-settings) for more details about the supported parameters. @@ -285,11 +368,11 @@ Refer to the [MaxScale reference](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX MaxScale requires authentication with differents levels of permissions for the following components/actors: -* [MaxScale API](maxscale-database-proxy.md#maxscale-api) consumed by MariaDB Enterprise Kubernetes Operator. +* [MaxScale API](#maxscale-api) consumed by MariaDB Enterprise Kubernetes Operator. * Clients connecting to MaxScale. * MaxScale connecting to MariaDB servers. * MaxScale monitor connecting to MariaDB servers. -* MaxScale configuration syncer to connect to MariaDB servers. See [high availability](maxscale-database-proxy.md#high-availability) section. +* MaxScale configuration syncer to connect to MariaDB servers. See [high availability](#high-availability) section. By default, the operator generates this credentials when `spec.mariaDbRef` is set and `spec.auth.generate = true`, but you are still able to provide your own: @@ -329,7 +412,7 @@ spec: syncMaxConnections: 90 ``` -As you could see, you are also able to limit the number of connections for each component/actor. Bear in mind that, when running in [high availability](maxscale-database-proxy.md#high-availability), you may need to increase this number, as more MaxScale instances implies more connections. +As you could see, you are also able to limit the number of connections for each component/actor. Bear in mind that, when running in [high availability](#high-availability), you may need to increase this number, as more MaxScale instances implies more connections. ## Kubernetes `Services` @@ -373,7 +456,7 @@ spec: type: LoadBalancer ``` -There is also another Kubernetes `Service` to access the GUI, please refer to the [MaxScale GUI](maxscale-database-proxy.md#maxscale-gui) section for further detail. +There is also another Kubernetes `Service` to access the GUI, please refer to the [MaxScale GUI](#maxscale-gui) section for further detail. ## Connection @@ -409,7 +492,7 @@ spec: port: 3306 ``` -Note that, the `Connection` uses the `Service` described in the [Kubernetes Service](maxscale-database-proxy.md#kubernetes-service) section and you are able to specify which MaxScale service to connect to by providing the port (`spec.port`) of the corresponding MaxScale listener. +Note that, the `Connection` uses the `Service` described in the [Kubernetes Service](#kubernetes-service) section and you are able to specify which MaxScale service to connect to by providing the port (`spec.port`) of the corresponding MaxScale listener. ## High availability @@ -457,7 +540,7 @@ In order to enable this feature, you must set the `--feature-maxscale-suspend` f helm upgrade --install mariadb-enterprise-operator mariadb-enterprise-operator/mariadb-enterprise-operator --set extraArgs={--feature-maxscale-suspend} ``` -Then you will be able to suspend any [MaxScale resources](maxscale-database-proxy.md#maxscale-resources), for instance, you can suspend a monitor: +Then you will be able to suspend any [MaxScale resources](#maxscale-resources), for instance, you can suspend a monitor: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -480,7 +563,7 @@ spec: ## MaxScale GUI -MaxScale offers a great user interface that provides very useful information about the [MaxScale resources](maxscale-database-proxy.md#maxscale-resources). You can enable it by providing the following configuration: +MaxScale offers a great user interface that provides very useful information about the [MaxScale resources](#maxscale-resources). You can enable it by providing the following configuration: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -500,17 +583,19 @@ spec: metallb.universe.tf/loadBalancerIPs: 172.18.0.231 ``` -The GUI is exposed via a dedicated Kubernetes `Service` in the same port as the [MaxScale API](maxscale-database-proxy.md#maxscale-api). Once you access, you will need to enter the [MaxScale API](maxscale-database-proxy.md#maxscale-api) credentials configured by the operator in a `Secret`. See the [Authentication](maxscale-database-proxy.md#authentication) section for more details. +The GUI is exposed via a dedicated Kubernetes `Service` in the same port as the [MaxScale API](#maxscale-api). Once you access, you will need to enter the [MaxScale API](maxscale.md#maxscale-api) credentials configured by the operator in a `Secret`. See the [Authentication](maxscale.md#authentication) section for more details. -![](../.gitbook/assets/maxscale-gui.png) +![](../../.gitbook/assets/maxscale-gui.png) ## MaxScale API MariaDB Enterprise Kubernetes Operator interacts with the [MaxScale REST API](https://app.gitbook.com/s/0pSbu5DcMSW4KwAkUcmX/maxscale-archive/archive/mariadb-maxscale-25-01/maxscale-25-01-rest-api) to reconcile the specification provided by the user, considering both the MaxScale status retrieved from the API and the provided spec. +[Run In Postman](https://god.gw.postman.com/run-collection/9776-74dfd54a-2b2b-451f-95ab-006e1d9d9998?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D9776-74dfd54a-2b2b-451f-95ab-006e1d9d9998%26entityType%3Dcollection%26workspaceId%3Da184b7e4-b1f7-405e-b9ec-ec62ed36dd27) + ## Troubleshooting -The operator tracks both the `MaxScale` status in regards to Kubernetes resources as well as the status of the [MaxScale API](maxscale-database-proxy.md#maxscale-api) resources. This information is available on the status field of the `MaxScale` resource, it may be very useful for debugging purposes: +The operator tracks both the `MaxScale` status in regards to Kubernetes resources as well as the status of the [MaxScale API](#maxscale-api) resources. This information is available on the status field of the `MaxScale` resource, it may be very useful for debugging purposes: ```yaml status: @@ -552,7 +637,7 @@ LAST SEEN TYPE REASON OBJECT 24s Normal MaxScalePrimaryServerChanged maxscale/mariadb-repl-maxscale MaxScale primary server changed from 'mariadb-repl-0' to 'mariadb-repl-1' ``` -The operator logs can also be a good source of information for troubleshooting. You can increase its verbosity and enable [MaxScale API](maxscale-database-proxy.md#maxscale-api) request logs by running: +The operator logs can also be a good source of information for troubleshooting. You can increase its verbosity and enable [MaxScale API](#maxscale-api) request logs by running: ```sh helm upgrade --install mariadb-enterprise-operator mariadb-enterprise-operator/mariadb-enterprise-operator --set logLevel=debug --set extraArgs={--log-maxscale} diff --git a/tools/mariadb-enterprise-operator/topologies/replication.md b/tools/mariadb-enterprise-operator/topologies/replication.md new file mode 100644 index 0000000000..2ac29f11c4 --- /dev/null +++ b/tools/mariadb-enterprise-operator/topologies/replication.md @@ -0,0 +1,656 @@ +# Replication + +The operator supports provisioning and operating MariaDB clusters with replication as a highly availability topology. In the following sections we will be covering how to manage the full lifecycle of a replication cluster. + +In a replication setup, one primary server handles all write operations while one or more replica servers replicate data from the primary, being able to handle read operations. More precisely, the primary has a binary log and the replicas asynchronously replicate the binary log events over the network. + +Please refer to the [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication) for more details about replication. + +## Provisioning + +In order to provision a replication cluster, you need to configure a number of `replicas` greater than `1` and set the `replication.enabled=true` in the `MariaDB` CR: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 3 + replication: + enabled: true +``` + +After applying the previous CR, the operator will provision a replication cluster with one primary and two replicas. The operator will take care of setting up replication, configuring the replication user and monitoring the replication status: + +```bash +kubectl get pods +NAME READY STATUS RESTARTS AGE +mariadb-repl-0 2/2 Running 0 2d19h +mariadb-repl-1 2/2 Running 0 2d19h +mariadb-repl-2 2/2 Running 0 2d19h +mariadb-repl-metrics-56865fff65-t72kc 1/1 Running 0 2d20h + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl True Running mariadb-repl-0 ReplicasFirstPrimaryLast 2d20h +``` + +As you can see, the primary can be identified in the `PRIMARY` column of the `kubectl get mariadb` output. You may also inspect the current replication status by checking the `MariaDB` CR status: + +```bash +kubectl get mariadb mariadb-repl -o jsonpath="{.status.replication}" | jq +{ + "replicas": { + "mariadb-repl-1": { + "gtidCurrentPos": "0-10-155", + "gtidIOPos": "0-10-155", + "lastErrorTransitionTime": "2025-10-22T10:51:10Z", + "lastIOErrno": 0, + "lastIOError": "", + "lastSQLErrno": 0, + "lastSQLError": "", + "secondsBehindMaster": 0, + "slaveIORunning": true, + "slaveSQLRunning": true + }, + "mariadb-repl-2": { + "gtidCurrentPos": "0-10-155", + "gtidIOPos": "0-10-155", + "lastErrorTransitionTime": "2025-10-22T10:47:29Z", + "lastIOErrno": 0, + "lastIOError": "", + "lastSQLErrno": 0, + "lastSQLError": "", + "secondsBehindMaster": 0, + "slaveIORunning": true, + "slaveSQLRunning": true + } + }, + "roles": { + "mariadb-repl-0": "Primary", + "mariadb-repl-1": "Replica", + "mariadb-repl-2": "Replica" + } +} +``` + +The operator continiously monitors the replication status via [`SHOW SLAVE STATUS`](https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/show/show-replica-status), taking it into account for internal operations and updating the CR status accordingly. + +## Asynchronous vs semi-syncrhonous replication + +By default, [semi-synchronous replication](https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication) is configured, which requires an acknowledgement from at least one replica before committing the transaction back to the client. This trades off performance for better consistency and facilitates [failover](#primary-failover) and [switchover](#primary-switchover) operations. + +If you are aiming for better performance, you can disable semi-synchronous replication, and go fully asynchronous, please refer to [configuration](#asynchronous-replication) section for doing so. + +## Configuration + +The replication settings can be customized under the `replication` section of the `MariaDB` CR. The following options are available: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 3 + replication: + enabled: true + gtidStrictMode: true + semiSyncEnabled: true + semiSyncAckTimeout: 10s + semiSyncWaitPoint: AfterCommit + syncBinlog: 1 + standaloneProbes: false +``` + +- `gtidStrictMode`: Enables GTID strict mode. It is recommended and enabled by default. See [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_strict_mode). +- `semiSyncEnabled`: Determines whether semi-synchronous replication should be enabled. It is enabled by default. See [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication). +- `semiSyncAckTimeout`: ACK timeout for the replicas to acknowledge transactions to the primary. It requires semi-synchronous replication. See [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_timeout). +- `semiSyncWaitPoint`: Determines whether the transaction should wait for an ACK after having synced the binlog (`AfterSync`) or after having committed to the storage engine (`AfterCommit`, the default). It requires semi-synchronous replication. See [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_wait_point). +- `syncBinlog`: Number of events after which the binary log is synchronized to disk. See [MariaDB documentation](https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#sync_binlog). +- `standaloneProbes`: Determines whether to use regular non-HA startup and liveness probes. It is disabled by default. + + +These options are used by the operator to create a replication configuration file that is applied to all nodes in the cluster. When updating any of these options, an [update of the cluster](#updates) will be triggered in order to apply the new configuration. + +For replica-specific configuration options, please refer to the [replica configuration](#replica-configuration) section. Additional system variables may be configured via the `myCnf` configuration field. Refer to the [configuration documentation](../configuration.md#mycnf) for more details. + +## Replica configuration + +The following options are replica-specific and can be configured under the `replication.replica` section of the `MariaDB` CR: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 3 + replication: + enabled: true + replica: + replPasswordSecretKeyRef: + name: mariadb + key: password + gtid: CurrentPos + connectionRetrySeconds: 10 + maxLagSeconds: 0 + syncTimeout: 10s +``` + +- `replPasswordSecretKeyRef`: Reference to the `Secret` key containing the password for the replication user, used by the replicas to connect to the primary. By default, a `Secret` with a random password will be created. +- `gtid`: GTID position mode to be used (`CurrentPos` and `SlavePos` allowed). It defaults to `CurrentPos`. See [MariaDB documentation](https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_use_gtid). +- `connectionRetrySeconds`: Number of seconds that the replica will wait between connection retries. See [MariaDB documentation](https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_connect_retry). +- `maxLagSeconds`: Maximum acceptable lag in seconds between the replica and the primary. If the lag exceeds this value, the [readiness probe](#readiness-probe) will fail and the replica will be marked as not ready. It defaults to `0`, meaning that no lag is allowed. See [lagged replicas](#lagged-replicas) section for more details. +- `syncTimeout`: Timeout for the replicas to be synced during switchover and failover operations. It defaults to `10s`. See the [primary switchover](#primary-switchover) and [primary failover](#primary-failover) sections for more details. + +## Probes + +Kubernetes probes are resolved by the agent (see [data-plane](./data_plane.md) documentation) in the replication topology, taking into account both the MariaDB and replication status. Additionally, as described in the [configuration documentation](../configuration.md#probes), probe thresholds may be tuned accordingly for a better reliability based on your environment. + +In the following sub-sections we will be covering specifics about the replication topology. + +#### Liveness probe + +As part of the liveness probe, the agent checks that the MariaDB server is running and that the replication threads (`Slave_IO_Running` and `Slave_SQL_Running`) are both running on replicas. If any of these checks fail, the liveness probe will fail. + +If such a behaviour is undesirable, it is possible to opt in for regular standalone startup/liveness probes (default `SELECT 1` query). See `standaloneProbes` in the [configuration](#configuration) section. + +#### Readiness probe + +The readiness probe checks that the MariaDB server is running and that the `Seconds_Behind_Master` value is within the acceptable lag range defined by the `spec.replication.replica.maxLagSeconds` configuration option. If the lag exceeds this value, the readiness probe will fail and the replica will be marked as not ready. + +## Lagged replicas + +A replica is considered to be lagging behind the primary when the `Seconds_Behind_Master` value reported by `SHOW SLAVE STATUS` exceeds the `spec.replication.replica.maxLagSeconds` configuration option. This results in the [readiness probe](#readiness-probe) failing for that replica, and it has the following implications: +- When using [Kubernetes `Services` for high availability](./high_availability.md#kubernetes-services), queries will not be forwarded to lagged replicas. This doesn't affect MaxScale routing. +- When taking a [physical backup](../backup-and-restore/physical_backup.md), lagged replicas will not be considered as a target for taking the backup. +- During a [primary switchover](#primary-switchover) managed by the operator, lagged replicas will block switchover operations, as all the replicas must be in sync before promoting the new primary. This doesn't affect MaxScale switchover operation. +- During a [primary failover](#primary-failover) managed by the operator, lagged replicas will not be considered as candidates to be promoted as the new primary. MaxScale failover will not consider lagged replicas either. +- During [updates](#updates), lagged replicas will block the update operation, as each of the replicas must pass the readiness probe before proceeding to the update of the next one. + +## Backing up and restoring + +In order to back up and restore a replication cluster, all the concepts and procedures described in the [physical backup](../backup-and-restore/physical_backup.md) documentation apply. + +Additionally, for the replication topology, the operator tracks the GTID position at the time of taking the backup, and sets this position in the `gtid_slave_pos` system variable when restoring the backup, as described in the [MariaDB documentation](https://mariadb.com/docs/server/server-usage/backup-and-restore/mariadb-backup/setting-up-a-replica-with-mariadb-backup). + +Depending on the `PhysicalBackup` strategy used, the operator will track the GTID position accordingly: + +#### mariadb-backup + +When using `PhysicalBackup` with the `mariadb-backup` strategy, the GTID will be restored to a `mariadb-enterprise-operator.info` file in the data directory, which the agent will expose to the operator via HTTP. + +#### `VolumeSnapshot` + +When using `PhysicalBackup` with the `VolumeSnapshot` strategy, the GTID position will be kept in a `enterprise.mariadb.com/gtid` annotation in the `VolumeSnapshot` object, which later on the operator will read when restoring the backup. + +{% hint style="warning" %} +Refrain from removing the `enterprise.mariadb.com/gtid` annotation in the `VolumeSnapshot` object, as it is required for configuring the replica when restoring the backup. +{% endhint %} + +## Primary switchover + +{% hint style="info" %} +Our recommendation for production environments is to rely on [MaxScale](./maxscale.md) for the [switchover operation](./maxscale.md#primary-server-switchover), as it provides [several advantages](./high_availability.md#maxscale). +{% endhint %} + +You can declaratively trigger a primary switchover by updating the `spec.replication.primary.podIndex` field in the `MariaDB` CR to the index of the replica you want to promote as the new primary. For example, to promote the replica at index `1`: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 3 + replication: + enabled: true + primary: + podIndex: 1 +``` + +You can also do this imperatively using `kubectl`: + +```bash +kubectl patch mariadb mariadb-repl \ + --type='merge' \ + -p '{"spec":{"replication":{"primary":{"podIndex":1}}}}' +``` + +This will result in the `MariaDB` object reporting the following status: + +```bash +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl False Switching primary to 'mariadb-repl-1' mariadb-repl-0 ReplicasFirstPrimaryLast 3d2h +``` + +The steps involved in the switchover operation are: +1. Lock the current primary using `FLUSH TABLES WITH READ LOCK` to ensure no new transactions are being processed. +2. Set the `read_only` system variable on the current primary to prevent any write operations. +3. Wait until all the replicas are in sync with the current primary. The timeout for this step can be configured via the `spec.replication.replica.syncTimeout` option. If the timeout is reached, the switchover operation will be retried from the beginning. +4. Promote the selected replica to be the new primary. +5. Connect replicas to the new primary. +6. Change the current primary to be a replica of the new primary. + +If the switchover operation is stuck waiting for replicas to be in sync, you can check the `MariaDB` status to identify which replicas are causing the issue. Furthermore, if still in this step, you can cancel the switchover operation by setting back the `spec.replication.primary.podIndex` field back to the previous primary index. + +## Primary failover + +{% hint style="info" %} +Our recommendation for production environments is to rely on [MaxScale](./maxscale.md) for the failover process, as it provides [several advantages](./high_availability.md#maxscale). +{% endhint %} + +You can configure the operator to automatically perform a primary failover whenever the current primary becomes unavailable: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 3 + replication: + enabled: true + primary: + autoFailover: true + autoFailoverDelay: 0s +``` +Optionally, you may also specify a `autoFailoverDelay`, which will add a delay before triggering the failover operation. By default, the failover is immediate, but introducing a delay may be useful to avoid failovers due to transient issues. But note that the delay should be lower than the readiness probe failure threshold (e.g. 20 seconds delay when readiness threshold is 30 seconds), otherwise all the replicas will be marked as not ready and the automatic failover will not be able to proceed. + +Whenever the primary becomes unavailable, the following status will be reported in the `MariaDB` CR: + +```bash +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl True Running mariadb-repl-0 ReplicasFirstPrimaryLast 3d2h + +kubectl delete pod mariadb-repl-0 +pod "mariadb-repl-0" deleted + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl False Switching primary to 'mariadb-repl-1' mariadb-repl-0 ReplicasFirstPrimaryLast 3d2h + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl True Running mariadb-repl-1 ReplicasFirstPrimaryLast 3d2h +``` + +The criteria for choosing a new primary is: +- The `Pod` should be in `Ready` state, therefore not considering unavailable or lagged replicas (see [readiness probe](#readiness-probe) and [lagged replicas](#lagged-replicas) sections). +- Both the IO(`Slave_IO_Running`) and the SQL(`Slave_SQL_Running`) threads should be running. +- The replica should not have relay log events. +- Among the candidates, the one with the highest `gtid_current_pos` will be selected. + +Once the new primary is selected, the failover process will be performed, consisting of the following steps: +1. Wait for the new primary to apply all relay log events. +2. Promote the selected replica to be the new primary. +3. Connect replicas to the new primary. + +## Updates + +When updating a replication cluster, all the considerations and procedures described in the [updates](../updates.md) documentation apply. + +Furthermore, for the replication topology, the operator will trigger an additional [switchover operation](#primary-switchover) once all the replicas have been updated, just before updating the primary. This ensures that the primary is always updated last, minimizing the impact on write operations. + +The steps involved in updating a replication cluster are: +1. Update each replica one by one, waiting for each replica to be ready before proceeding to the next one (see [readiness probe](#readiness-probe) section). +2. Once all replicas are up to date and synced, perform a [primary switchover](#primary-switchover) to promote one of the replicas as the new primary. If `MariaDB` CR has a `MaxScale` configured using the `spec.maxScaleRef` field, the operator will trigger the [primary switchover in MaxScale](./maxscale.md#) instead. +3. Update the previous primary, now running as a replica. + +## Scaling out + +Scaling out a replication cluster implies adding new replicas to the cluster i.e scaling horizontally. The process involves taking a physical backup from a ready replica to setup the new replica PVC, and upscaling the replication cluster afterwards. + +The first step is to define the [`PhysicalBackup` strategy](../backup-and-restore/physical_backup.md#backup-strategies) to be used for taking the backup. For doing so, we will be defining a `PhysicalBackup` CR, that will be used by the operator as template for creating the actual `PhysicalBackup` object during scaling out events. For instance, to use the `mariadb-backup` strategy, we can define the following `PhysicalBackup`: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: PhysicalBackup +metadata: + name: physicalbackup-tpl +spec: + mariaDbRef: + name: mariadb-repl + schedule: + suspend: true + storage: + s3: + bucket: scaleout + prefix: mariadb + endpoint: minio.minio.svc.cluster.local:9000 + region: us-east-1 + accessKeyIdSecretKeyRef: + name: minio + key: access-key-id + secretAccessKeySecretKeyRef: + name: minio + key: secret-access-key + tls: + enabled: true + caSecretKeyRef: + name: minio-ca + key: ca.crt + timeout: 1h + podAffinity: true +``` + +It is important to note that, we set the `spec.schedule.suspend=true` to prevent scheduling this backup, as it will be only be used as a template. + +Alternatively, you may also use a `VolumeSnapshot` strategy for taking the backup: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: PhysicalBackup +metadata: + name: physicalbackup-tpl +spec: + mariaDbRef: + name: mariadb-repl + schedule: + suspend: true + storage: + volumeSnapshot: + volumeSnapshotClassName: csi-hostpath-snapclass +``` + +Once the `PhysicalBackup` template is created, you neeed to set a reference to it in the `spec.replication.replica.bootstrapFrom`, indicating that this will be the source for creating new replicas: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replication: + enabled: true + replica: + bootstrapFrom: + physicalBackupTemplateRef: + name: physicalbackup-tpl +``` + +At this point, you can proceed to scale out the cluster by increasing the `spec.replicas` field in the `MariaDB` CR. For example, to scale out from `3` to `4` replicas: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replicas: 4 + replication: + enabled: true + replica: + bootstrapFrom: + physicalBackupTemplateRef: + name: physicalbackup-tpl +``` + +You can also do this imperatively using `kubectl`: + +```bash +kubectl scale mariadb mariadb-repl --replicas=4 +``` + +This will trigger an scaling out operation, resulting in: +- A `PhysicalBackup` based on the template being created. +- Creating a new PVC for the new replica based on the `PhysicalBackup`. +- Upscaling the `StatefulSet`, adding a `Pod` that mounts the newly created PVC. +- The `Pod` is configured as a replica, connected to the primary by starting the replication in the GTID position stored in the backup. + +```bash +kubectl scale mariadb mariadb-repl --replicas=4 +mariadb.enterprise.mariadb.com/mariadb-repl scaled + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl False Scaling out mariadb-repl-1 ReplicasFirstPrimaryLast 3d5h + +kubectl get physicalbackups +NAME COMPLETE STATUS MARIADB LAST SCHEDULED AGE +mariadb-repl-physicalbackup-scale-out True Success mariadb-repl 14s 14s +physicalbackup-tpl False Suspended mariadb-repl 3d8h + +kubectl get pods +NAME READY STATUS RESTARTS AGE +mariadb-repl-0 2/2 Running 0 137m +mariadb-repl-1 2/2 Running 0 3d5h +mariadb-repl-2 2/2 Running 0 3d5h +mariadb-repl-3 2/2 Running 0 40s +mariadb-repl-metrics-56865fff65-t72kc 1/1 Running 0 3d5h + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl True Running mariadb-repl-1 ReplicasFirstPrimaryLast 3d5h +``` + +It is important to note that, if there are no ready replicas available at the time of the scaling out operation, the `PhysicalBackup` will not become ready, and the scaling out operation will be stuck until a replica becomes ready. You have the ability to cancel the scaling out operation by setting back the `spec.replicas` field to the previous value. + +## Replica recovery + +The operator has the ability to automatically recover replicas that become unavailable and report a specific error code in the replication status. For doing so, the operator continiously monitors the replication status of each replica, and whenever a replica reports an error code listed in the table below, the operator will trigger an automated recovery process for that replica: + +| Error Code | Thread | Description | Documentation | +|------------|--------|-------------|---------------| +| 1236 | IO | Error 1236: Got fatal error from master when reading data from binary log. | [MariaDB docs](https://mariadb.com/docs/server/reference/error-codes/mariadb-error-codes-1200-to-1299/e1236) | + +To perform the recovery, the operator will take a physical backup from a ready replica, restore it to the failed replica PVC, and reconfigure the replica to connect to the primary from the GTID position stored in the backup. + +Similarly to the [scaling out](#scaling-out) operation, you need to define a `PhysicalBackup` template and set a reference to it in the `spec.replication.replica.bootstrapFrom` field of the `MariaDB` CR. Additionally, you need to explicitly enable the replica recovery, as it is disabled by default: + +```yaml +apiVersion: enterprise.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-repl +spec: + replication: + enabled: true + replica: + bootstrapFrom: + physicalBackupTemplateRef: + name: physicalbackup-tpl + recovery: + enabled: true + errorDurationThreshold: 5m +``` + +The `errorDurationThreshold` option defines the duration after which, a replica reporting an unknown error code will be considered for recovery. This is useful to avoid recovering replicas due to transient issues. It defaults to `5m`. + +We will be simulating a `1236` error in a replica to demostrate how the recovery process works: + +{% hint style="warning" %} +Do not perform the following steps in a production environment. +{% endhint %} + +- Purge the binary logs in the primary: +```bash +PRIMARY=$(kubectl get mariadb mariadb-repl -o jsonpath="{.status.currentPrimary}") +echo "Purging binary logs in primary $PRIMARY" + +kubectl exec -it $PRIMARY -c mariadb -- mariadb -u root -p'MariaDB11!' --ssl=false -e "FLUSH LOGS;" +kubectl exec -it $PRIMARY -c mariadb -- mariadb -u root -p'MariaDB11!' --ssl=false -e "PURGE BINARY LOGS BEFORE NOW();" +kubectl exec -it $PRIMARY -c mariadb -- mariadb -u root -p'MariaDB11!' --ssl=false -e "SHOW BINARY LOGS;" +``` + +- Delete the PVC and restart one of the replicas: +```bash +REPLICA=$(kubectl get mariadb mariadb-repl -o jsonpath='{.status.replication.replicas}' | jq -r 'keys[]' | head -n1) +echo "Deleting PVC and restarting replica $REPLICA" +kubectl delete pvc storage-$REPLICA --wait=false +kubectl delete pod $REPLICA --wait=false +``` + +This will trigger a replica recovery operation, resulting in: +- A `PhysicalBackup` based on the template being created. +- Restoring the backup to the failed replica PVC. +- Reconfigure the replica to connect to the primary from the GTID position stored in the backup. + +```bash +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl False Recovering replicas mariadb-repl-1 ReplicasFirstPrimaryLast 3d6h + +kubectl get physicalbackups +NAME COMPLETE STATUS MARIADB LAST SCHEDULED AGE +mariadb-repl-physicalbackup-replica-recovery True Success mariadb-repl 31s 31s +physicalbackup-tpl False Suspended mariadb-repl 3d9h + +kubectl get pods +NAME READY STATUS RESTARTS AGE +mariadb-repl-0 0/2 PodInitializing 0 22s +mariadb-repl-0-physicalbackup-init-qn79f 0/1 Completed 0 8s +mariadb-repl-1 2/2 Running 0 3d6h +mariadb-repl-2 2/2 Running 0 3d6h +mariadb-repl-metrics-56865fff65-t72kc 1/1 Running 0 3d6h +mariadb-repl-physicalbackup-replica-recovery-2025102020270r98zr 0/1 Completed 0 31s + +kubectl get mariadb +NAME READY STATUS PRIMARY UPDATES AGE +mariadb-repl True Running mariadb-repl-1 ReplicasFirstPrimaryLast 3d6h +``` + +It is important to note that, if there are no ready replicas available at the time of the recovery operation, the `PhysicalBackup` will not become ready, and the recovery operation will be stuck until a replica becomes ready. You have the ability to cancel the recovery operation by setting `spec.replication.replica.recovery.enabled=false`. + +## Troubleshooting + +The operator tracks the current replication status under the `MariaDB` status subresource. This status is updated every time the operator reconciles the `MariaDB` resource, and it is the first place to look for when troubleshooting replication issues: + +```bash +kubectl get mariadb mariadb-repl -o jsonpath="{.status.replication}" | jq +{ + "replicas": { + "mariadb-repl-1": { + "gtidCurrentPos": "0-10-155", + "gtidIOPos": "0-10-155", + "lastErrorTransitionTime": "2025-10-22T10:51:10Z", + "lastIOErrno": 0, + "lastIOError": "", + "lastSQLErrno": 0, + "lastSQLError": "", + "secondsBehindMaster": 0, + "slaveIORunning": true, + "slaveSQLRunning": true + }, + "mariadb-repl-2": { + "gtidCurrentPos": "0-10-155", + "gtidIOPos": "0-10-155", + "lastErrorTransitionTime": "2025-10-22T10:47:29Z", + "lastIOErrno": 0, + "lastIOError": "", + "lastSQLErrno": 0, + "lastSQLError": "", + "secondsBehindMaster": 0, + "slaveIORunning": true, + "slaveSQLRunning": true + } + }, + "roles": { + "mariadb-repl-0": "Primary", + "mariadb-repl-1": "Replica", + "mariadb-repl-2": "Replica" + } +} +``` + +Additionally, also under the status subresource, the operator sets status conditions whenever a specific state of the `MariaDB` lifecycle is reached: + +```bash +kubectl get mariadb mariadb-repl -o jsonpath="{.status.conditions}" | jq +[ + { + "lastTransitionTime": "2025-10-20T20:28:09Z", + "message": "Running", + "reason": "StatefulSetReady", + "status": "True", + "type": "Ready" + }, + { + "lastTransitionTime": "2025-10-17T14:17:43Z", + "message": "Updated", + "reason": "Updated", + "status": "True", + "type": "Updated" + }, + { + "lastTransitionTime": "2025-10-17T14:17:58Z", + "message": "Replication configured", + "reason": "ReplicationConfigured", + "status": "True", + "type": "ReplicationConfigured" + }, + { + "lastTransitionTime": "2025-10-20T17:14:38Z", + "message": "Switchover complete", + "reason": "SwitchPrimary", + "status": "True", + "type": "PrimarySwitched" + }, + { + "lastTransitionTime": "2025-10-20T19:31:29Z", + "message": "Scaled out", + "reason": "ScaledOut", + "status": "True", + "type": "ScaledOut" + }, + { + "lastTransitionTime": "2025-10-20T20:27:41Z", + "message": "Replica recovered", + "reason": "ReplicaRecovered", + "status": "True", + "type": "ReplicaRecovered" + } +] +``` + +The operator also emits Kubernetes events during failover/switchover operations. You may check them to see how these operations progress: + +```bash +kubectl get events --field-selector involvedObject.name=mariadb-repl --sort-by='.lastTimestamp' + +LAST SEEN TYPE REASON OBJECT MESSAGE +17s Normal PrimaryLock mariadb/mariadb-repl Locking primary with read lock +17s Normal PrimaryReadonly mariadb/mariadb-repl Enabling readonly mode in primary +17s Normal ReplicaSync mariadb/mariadb-repl Waiting for replicas to be synced with primary +17s Normal PrimaryNew mariadb/mariadb-repl Configuring new primary at index '0' +7s Normal ReplicaConn mariadb/mariadb-repl Connecting replicas to new primary at '0' +7s Normal PrimaryToReplica mariadb/mariadb-repl Unlocking primary '1' and configuring it to be a replica. New primary at '0' +7s Normal PrimaryLock mariadb/mariadb-repl Unlocking primary +7s Normal PrimarySwitched mariadb/mariadb-repl Primary switched from index '1' to index '0' +``` + +#### Common errors + +##### Primary has purged binary logs, unable to configure replica + +The primary may purge binary log events at some point, after then, if a replica requests events before that point, it will fail with the following error: + +```bash +Error 1236: Got fatal error from master when reading data from binary log. +``` + +This is a something the operator is able to recover from, please refer to the [replica recovery section](#replica-recovery). + +##### Scaling out/recovery operation stucked + +These operations rely on a `PhysicalBackup` for setting up the new replicas. If this `PhysicalBackup` does not become ready, the operation will not progress. In order to debug this please refer to the [`PhysicalBackup` troubleshooting section](../backup-and-restore/physical_backup.md#troubleshooting). + +One of the reasons could be that there are not replicas in ready state at the time of creating the `PhysicalBackup`, for instance, all the replicas are lagging behind the primary. Please verify that this is the case by checking the status of your `MariaDB` resource and your `Pods`. + +##### MaxScale switchover stucked during update + +When using MaxScale, after having updated all the replica Pods, it could happen that MaxScale refuses to perform the switchover, as it considers the Pod chosen by the operator to be unsafe: + +```bash +2025-10-27 15:17:11 error : [mariadbmon] 'mariadb-repl-1' is not a valid demotion target for switchover: it does not have a 'gtid_binlog_pos'. +``` + +For this case, you can manually update the `primaryServer` field in the `MaxScale` resource to a safe Pod, and restart the operator. If the new primary server is the right Pod, MaxScale will start the switchover and the update will continue after it completes. + +{% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} + +{% @marketo/form formId="4316" %} diff --git a/tools/mariadb-enterprise-operator/standalone-mariadb.md b/tools/mariadb-enterprise-operator/topologies/standalone.md similarity index 68% rename from tools/mariadb-enterprise-operator/standalone-mariadb.md rename to tools/mariadb-enterprise-operator/topologies/standalone.md index d9f423a56a..6d54796c1a 100644 --- a/tools/mariadb-enterprise-operator/standalone-mariadb.md +++ b/tools/mariadb-enterprise-operator/topologies/standalone.md @@ -1,6 +1,6 @@ # Standalone MariaDB -MariaDB Enterprise Kubernetes Operator allows you to configure standalone MariaDB Enterprise Server instances. To achieve this, you can either omit the `replicas` field or set it to `1`: +This operator allows you to configure standalone MariaDB Enterprise Server instances. To achieve this, you can either omit the `replicas` field or set it to `1`: ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 @@ -45,7 +45,8 @@ Whilst this can be useful for development and testing, it is not recommended for * Upgrades require downtime * Only vertical scaling is possible -For achieving high availability, we recommend deploying a Galera cluster. Refer to the [Galera](galera-cluster.md) and [High Availability](https://app.gitbook.com/s/3VYeeVGUV4AMqrA3zwy7/high-availability) sections for more information. +For achieving high availability, we recommend deploying a highly available topology as described in the [high availability guide](./high_availability.md). + {% include "https://app.gitbook.com/s/SsmexDFPv2xG2OTyO5yV/~/reusable/pNHZQXPP5OEz2TgvhFva/" %} diff --git a/tools/mariadb-enterprise-operator/updates.md b/tools/mariadb-enterprise-operator/updates.md index c73b758501..51b074b884 100644 --- a/tools/mariadb-enterprise-operator/updates.md +++ b/tools/mariadb-enterprise-operator/updates.md @@ -116,13 +116,14 @@ The operator will not perform updates on the `StatefulSet` whenever this update ## Data-plane updates -Galera relies on [data-plane containers](galera-cluster.md#data-plane) that run alongside MariaDB to implement provisioning and high availability operations on the cluster. These containers use the `mariadb-enterprise-operator` image, which can be automatically updated by the operator based on its image version: +Highly available topologies rely on [data-plane containers](./topologies/data_plane.md) that run alongside MariaDB to enable the remote management of the database instances. These containers use the `mariadb-enterprise-operator` image, which can be automatically updated by the operator based on its image version: + ```yaml apiVersion: enterprise.mariadb.com/v1alpha1 kind: MariaDB metadata: - name: mariadb-galera + name: mariadb-repl spec: updateStrategy: autoUpdateDataPlane: true