Upgraded version of Mysql modified values.yaml file.

Author: rachit89

README.md

@@ -70,7 +70,7 @@ module "mysql" {
   namespace        = local.namespace
   mysqldb_config = {
     name                             = "mysql"
-    app_version                      = "8.0.29-debian-11-r9"
+    app_version                      = "8.0.36-debian-12-r10"
     environment                      = "prod"
     values_yaml                      = ""
     architecture                     = "replication"
@@ -180,12 +180,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_app_version"></a> [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.0.29-debian-11-r9"` | no |
+| <a name="input_app_version"></a> [app\_version](#input\_app\_version) | Version of the MySQL application that will be deployed. | `string` | `"8.0.36-debian-12-r10"` | no |
 | <a name="input_azure_container_name"></a> [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no |
 | <a name="input_azure_storage_account_key"></a> [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no |
 | <a name="input_azure_storage_account_name"></a> [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
 | <a name="input_bucket_provider_type"></a> [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"gcs"` | no |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"9.2.0"` | no |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | Version of the Mysql chart that will be used to deploy MySQL application. | `string` | `"10.1.0"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no |
 | <a name="input_custom_user_password"></a> [custom\_user\_password](#input\_custom\_user\_password) | custom user password for MongoDB | `string` | `""` | no |

examples/complete/aws/helm/values.yaml

@@ -4,7 +4,7 @@ primary:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
                 - matchExpressions:
-                    - key: "Infra-Services"
+                    - key: "Addons-Services"
                       operator: In
                       values:
                       - "true"
@@ -37,7 +37,7 @@ secondary:
             requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
                 - matchExpressions:
-                    - key: "Infra-Services"
+                    - key: "Addons-Services"
                       operator: In
                       values:
                       - "true"
@@ -80,7 +80,7 @@ affinity:
         requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
-                - key: "Infra-Services"
+                - key: "Addons-Services"
                   operator: In
                   values:
                   - "true"
@@ -100,4 +100,4 @@ restorejob:
       cpu: 100m
     limits:
       memory: 500Mi
-      cpu: 200m
+      cpu: 200m

examples/complete/aws/main.tf

@@ -1,15 +1,15 @@
 locals {
   name        = "mysql"
-  region      = "us-east-2"
+  region      = "us-west-2"
   environment = "prod"
   additional_tags = {
     Owner      = "organization_name"
     Expires    = "Never"
     Department = "Engineering"
   }
-  create_namespace                   = false
+  create_namespace                   = true
   namespace                          = "mysql"
-  store_password_to_secret_manager   = false
+  store_password_to_secret_manager   = true
   mysqldb_custom_credentials_enabled = true
   mysqldb_custom_credentials_config = {
     root_user            = "root"
@@ -26,7 +26,7 @@ locals {
 
 module "aws" {
   source                             = "squareops/mysql/kubernetes//modules/resources/aws"
-  cluster_name                       = "cluster-name"
+  cluster_name                       = ""
   environment                        = local.environment
   name                               = local.name
   namespace                          = local.namespace
@@ -43,7 +43,7 @@ module "mysql" {
   mysqldb_config = {
     name                             = local.name
     values_yaml                      = file("./helm/values.yaml")
-    app_version                      = "8.0.29-debian-11-r9"
+    app_version                      = "8.0.36-debian-12-r10"
     environment                      = local.environment
     architecture                     = "replication"
     custom_database                  = "test_db"

helm/values/mysqldb/values.yaml

@@ -19,6 +19,14 @@ global:
 mysql_metrics_exporter:
   password: ${metrics_exporter_password}
 
+compatibility:
+    ## Compatibility adaptations for Openshift
+    ##
+    openshift:
+      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
+      ##
+      adaptSecurityContext: auto
+
 ## @section Common parameters
 
 ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
@@ -49,6 +57,9 @@ commonLabels:
 ##
 extraDeploy: []
 
+serviceBindings:
+  enabled: false
+
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode:
@@ -189,18 +200,17 @@ primary:
     explicit_defaults_for_timestamp
     basedir=/opt/bitnami/mysql
     plugin_dir=/opt/bitnami/mysql/lib/plugin
-    port=3306
+    port={{ .Values.primary.containerPorts.mysql }}
     socket=/opt/bitnami/mysql/tmp/mysql.sock
     datadir=/bitnami/mysql/data
     tmpdir=/opt/bitnami/mysql/tmp
     max_allowed_packet=16M
-    bind-address=0.0.0.0
+    bind-address=*
     pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
-    log_error=/opt/bitnami/mysql/logs/mysqld.log
+    log-error=/opt/bitnami/mysql/logs/mysqld.log
     character-set-server=UTF8
     collation-server=utf8_general_ci
-    slow_query_log=1
-    slow_query_log_file=/bitnami/mysql/slow-log.log
+    slow_query_log=0
     long_query_time=10.0
 
     [client]
@@ -220,6 +230,8 @@ primary:
   ## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
   ##
+  containerPorts:
+    mysql: 3306
   updateStrategy:
     type: RollingUpdate
   ## @param primary.podAnnotations Additional pod annotations for MySQL primary pods
@@ -303,6 +315,9 @@ primary:
   ##
   podSecurityContext:
     enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
     fsGroup: 1001
   ## MySQL primary container security context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
@@ -312,8 +327,16 @@ primary:
   ##
   containerSecurityContext:
     enabled: true
+    seLinuxOptions: {}
     runAsUser: 1001
+    runAsGroup: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
   ## MySQL primary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -584,12 +607,12 @@ secondary:
     datadir=/bitnami/mysql/data
     tmpdir=/opt/bitnami/mysql/tmp
     max_allowed_packet=16M
-    bind-address=0.0.0.0
+    bind-address=*
     pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
-    log_error=/opt/bitnami/mysql/logs/mysqld.log
+    log-error=/opt/bitnami/mysql/logs/mysqld.log
     character-set-server=UTF8
     collation-server=utf8_general_ci
-    slow_query_log=1
+    slow_query_log=0
     slow_query_log_file=/bitnami/mysql/slow-log.log
     long_query_time=10.0
 
@@ -693,8 +716,12 @@ secondary:
   ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem
   ##
   podSecurityContext:
-    enabled: true
-    fsGroup: 1001
+      enabled: true
+      fsGroupChangePolicy: Always
+      sysctls: []
+      supplementalGroups: []
+      fsGroup: 1001
+
   ## MySQL secondary container security context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
@@ -703,8 +730,16 @@ secondary:
   ##
   containerSecurityContext:
     enabled: true
+    seLinuxOptions: {}
     runAsUser: 1001
+    runAsGroup: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
   ## MySQL secondary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -953,7 +988,7 @@ serviceAccount:
   annotations: {}
   ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
   ##
-  automountServiceAccountToken: true
+  automountServiceAccountToken: false
 
 ## Role Based Access
 ## ref: https://kubernetes.io/docs/admin/authorization/rbac/
@@ -1022,8 +1057,8 @@ volumePermissions:
   ##
   image:
     registry: docker.io
-    repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r10
+    repository: bitnami/os-shell
+    tag: 12-debian-12-r18
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
     ## Secrets must be manually created in the namespace.
@@ -1054,7 +1089,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/mysqld-exporter
-    tag: 0.14.0-debian-11-r9
+    tag: 0.15.1-debian-12-r10
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
     ## Secrets must be manually created in the namespace.
@@ -1071,6 +1106,22 @@ metrics:
   ## @param metrics.service.port MySQL Prometheus Exporter service port
   ## @param metrics.service.annotations [object] Prometheus exporter service annotations
   ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
+  ## @param metrics.containerPorts.http Container port for http
+  ##
+  containerPorts:
+    http: 9104
   service:
     type: ClusterIP
     port: 9104

modules/backup/templates/cronjob.yaml

@@ -13,7 +13,7 @@ spec:
     spec:
       template:
         spec:
-          affinity: 
+          affinity:
             {{- toYaml .Values.affinity | nindent 12 }}
           restartPolicy: OnFailure
           imagePullSecrets:
@@ -44,5 +44,5 @@ spec:
               value:  "s3"
             - name: AWS_DEFAULT_REGION
               value: {{ .Values.backup.aws_default_region }}
-            resources: 
+            resources:
               {{- toYaml .Values.backupjob.resources | nindent 14 }}

variables.tf

@@ -39,13 +39,13 @@ variable "mysqldb_custom_credentials_config" {
 
 variable "app_version" {
   type        = string
-  default     = "8.0.29-debian-11-r9"
+  default     = "8.0.36-debian-12-r10"
   description = "Version of the MySQL application that will be deployed."
 }
 
 variable "chart_version" {
   type        = string
-  default     = "9.2.0"
+  default     = "10.1.0"
   description = "Version of the Mysql chart that will be used to deploy MySQL application."
 }