diff --git a/k8s/mariadb/Makefile b/k8s/mariadb/Makefile index 1f97a055f2..7b6c6873d3 100644 --- a/k8s/mariadb/Makefile +++ b/k8s/mariadb/Makefile @@ -8,7 +8,7 @@ APP_ID ?= $(CHART_NAME) VERIFY_WAIT_TIMEOUT = 1800 -TRACK ?= 11.0 +TRACK ?= 11.1 METRICS_EXPORTER_TAG ?= v0.5.1 SOURCE_REGISTRY ?= marketplace.gcr.io/google diff --git a/k8s/mariadb/apptest/tester/tests/basic-suite.yaml b/k8s/mariadb/apptest/tester/tests/basic-suite.yaml index 7ddc06eb43..cf6d525c90 100644 --- a/k8s/mariadb/apptest/tester/tests/basic-suite.yaml +++ b/k8s/mariadb/apptest/tester/tests/basic-suite.yaml @@ -1,7 +1,7 @@ actions: - name: Can connect to a database (as root user) bashTest: - script: mysql -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES" + script: mariadb -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES" expect: stdout: contains: information_schema @@ -9,7 +9,7 @@ actions: equals: 0 - name: Can not connect to a database with incorrect credentials bashTest: - script: mysql -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"wrong_pass" -e "SHOW DATABASES" + script: mariadb -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"wrong_pass" -e "SHOW DATABASES" expect: stderr: contains: 'ERROR 1045 (28000): Access denied for user ' @@ -17,13 +17,13 @@ actions: equals: 1 - name: Can create database bashTest: - script: mysql -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "CREATE DATABASE test_database" + script: mariadb -h ${APP_INSTANCE_NAME}-mariadb.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "CREATE DATABASE test_database" expect: exitCode: equals: 0 - name: Check replication bashTest: - script: mysql -h ${APP_INSTANCE_NAME}-mariadb-secondary.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES" + script: mariadb -h ${APP_INSTANCE_NAME}-mariadb-secondary.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES" expect: stdout: contains: test_database diff --git a/k8s/mariadb/chart/mariadb/templates/manifests.yaml b/k8s/mariadb/chart/mariadb/templates/manifests.yaml deleted file mode 100644 index a6ca644f8d..0000000000 --- a/k8s/mariadb/chart/mariadb/templates/manifests.yaml +++ /dev/null @@ -1,296 +0,0 @@ ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-mariadb - labels: &MariaDBDeploymentLabels - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/component: mariadb-server -spec: - replicas: 1 - selector: - matchLabels: *MariaDBDeploymentLabels - serviceName: {{ .Release.Name }}-mariadb - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: *MariaDBDeploymentLabels - spec: - serviceAccountName: "default" - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: *MariaDBDeploymentLabels - containers: - - name: mariadb - image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" - imagePullPolicy: Always - resources: - requests: - cpu: 100m - memory: 100Mi - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-pass - - name: MARIADB_REPLICATION_USER - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-replication-user - - name: MARIADB_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-replication-password - ports: - - name: mariadb - containerPort: {{ .Values.service.port }} - livenessProbe: - tcpSocket: - port: mariadb - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - tcpSocket: - port: mariadb - initialDelaySeconds: 5 - timeoutSeconds: 2 - volumeMounts: - - name: {{ .Release.Name }}-data-pvc - mountPath: /var/lib/mariadb - - name: configmap - mountPath: /etc/mysql/mariadb.conf.d - - name: tls-volume - mountPath: /etc/mysql/mariadb.conf.d/certs - - name: replication-config - mountPath: /docker-entrypoint-initdb.d/ - readOnly: true - - name: mysqld-exporter - image: {{ .Values.db.exporter.image }} - env: - - name: MYSQLD_EXPORTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mysqld-exporter-pass - - name: DATA_SOURCE_NAME - value: {{ .Values.db.exporter.user }}:$(MYSQLD_EXPORTER_PASSWORD)@(127.0.0.1:3306)/ - ports: - - name: exporter - containerPort: 9104 - livenessProbe: - httpGet: - path: /metrics - port: 9104 - readinessProbe: - httpGet: - path: /metrics - port: 9104 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - periodSeconds: 10 - {{ if .Values.metrics.exporter.enabled }} - - name: prometheus-to-sd - image: {{ .Values.metrics.image }} - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com - - --source=mariadb:http://localhost:9104/metrics - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - - --monitored-resource-types=k8s - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{ end }} - volumes: - - name: configmap - configMap: - name: {{ .Release.Name }}-mariadb - - name: tls-volume - secret: - secretName: {{ .Release.Name }}-tls - - name: replication-config - secret: - secretName: {{ .Release.Name }}-mariadb - items: - - key: mariadb-replication.sql - path: mariadb-replication.sql - - key: mysqld_exporter.sql - path: mysqld_exporter.sql - volumeClaimTemplates: - - metadata: - name: {{ .Release.Name }}-data-pvc - labels: *MariaDBDeploymentLabels - spec: - resources: - requests: - storage: {{ .Values.mariadb.persistence.size }} - accessModes: - - ReadWriteOnce - storageClassName: {{ .Values.mariadb.persistence.storageClass }} ---- -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-mariadb-secondary - labels: &MariaDBDeploymentLabels - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/component: mariadb-server-secondary -spec: - replicas: {{ .Values.db.replicas }} - selector: - matchLabels: *MariaDBDeploymentLabels - serviceName: {{ .Release.Name }}-mariadb-secondary - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: *MariaDBDeploymentLabels - spec: - serviceAccountName: "default" - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: *MariaDBDeploymentLabels - initContainers: - - name: mariadb-init - image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" - imagePullPolicy: Always - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-pass - command: - - bash - - "-cx" - - | - # Generate mysql server-id from pod ordinal index. - [[ $(hostname) =~ -([0-9]+)$ ]] || exit 1 - ordinal=${BASH_REMATCH[1]} - # Add an offset to avoid reserved server-id=0 value. - ID=$((100+$ordinal)) - # Generate appropriate conf.d file from configmap to emptyDir - sed "s/%%SERVER_ID%%/$ID/g" /mnt/configmap/my.cnf > /mnt/conf.d/my.cnf - volumeMounts: - - name: conf - mountPath: /mnt/conf.d - - name: configmap - mountPath: /mnt/configmap - containers: - - name: mariadb - image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" - imagePullPolicy: Always - env: - - name: MARIADB_MASTER_ROOT_USER - value: "root" - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-pass - - name: MARIADB_REPLICATION_USER - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-replication-user - - name: MARIADB_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-mariadb - key: mariadb-replication-password - - name: HOST - value: {{ .Release.Name }}-mariadb.{{ .Release.Namespace }}.svc.cluster.local - - name: SERVICE_PORT - value: {{ .Values.service.port | quote }} - lifecycle: - postStart: - exec: - command: - - bash - - "-cx" - - | - echo "Waiting for mysqld to be ready (accepting connections)" - - until mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do sleep 1; done - until mysql -h ${HOST} -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do sleep 1; done - - mkdir -p /var/mariadb/backup - BACKUP_FILE=/var/mariadb/backup/all-databases.sql - - mysqldump -h${HOST} -P${SERVICE_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} \ - --add-drop-database --flush-logs --flush-privileges \ - --master-data --all-databases > ${BACKUP_FILE} - - mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "STOP SLAVE;" - mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "CHANGE MASTER TO \ - MASTER_HOST='${HOST}', \ - MASTER_PORT=${SERVICE_PORT}, \ - MASTER_USER='${MARIADB_REPLICATION_USER}', \ - MASTER_PASSWORD='${MARIADB_REPLICATION_PASSWORD}', \ - MASTER_SSL=1, \ - MASTER_CONNECT_RETRY=10;" - mysql -uroot -p${MYSQL_ROOT_PASSWORD} < ${BACKUP_FILE} - mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "START SLAVE;" - rm -f ${BACKUP_FILE} - ports: - - name: mariadb - containerPort: {{ .Values.service.port }} - livenessProbe: - tcpSocket: - port: mariadb - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - tcpSocket: - port: mariadb - initialDelaySeconds: 5 - timeoutSeconds: 2 - volumeMounts: - - name: {{ .Release.Name }}-data-pvc - mountPath: /var/lib/mariadb - - name: conf - mountPath: /etc/mysql/mariadb.conf.d - - name: tls-volume - mountPath: /etc/mysql/mariadb.conf.d/certs - volumes: - - name: conf - emptyDir: {} - - name: configmap - configMap: - name: {{ .Release.Name }}-mariadb-secondary - - name: tls-volume - secret: - secretName: {{ .Release.Name }}-tls - volumeClaimTemplates: - - metadata: - name: {{ .Release.Name }}-data-pvc - labels: *MariaDBDeploymentLabels - spec: - resources: - requests: - storage: {{ .Values.mariadb.persistence.size }} - accessModes: - - ReadWriteOnce - storageClassName: {{ .Values.mariadb.persistence.storageClass }} diff --git a/k8s/mariadb/chart/mariadb/templates/mariadb-primary.yaml b/k8s/mariadb/chart/mariadb/templates/mariadb-primary.yaml new file mode 100644 index 0000000000..3fddc5d930 --- /dev/null +++ b/k8s/mariadb/chart/mariadb/templates/mariadb-primary.yaml @@ -0,0 +1,146 @@ +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-mariadb + labels: &MariaDBDeploymentLabels + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/component: mariadb-server +spec: + replicas: 1 + selector: + matchLabels: *MariaDBDeploymentLabels + serviceName: {{ .Release.Name }}-mariadb + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: *MariaDBDeploymentLabels + spec: + serviceAccountName: "default" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: *MariaDBDeploymentLabels + containers: + - name: mariadb + image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" + imagePullPolicy: Always + resources: + requests: + cpu: 100m + memory: 100Mi + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-pass + - name: MARIADB_REPLICATION_USER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-replication-user + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-replication-password + ports: + - name: mariadb + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: mariadb + initialDelaySeconds: 10 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: mariadb + initialDelaySeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - name: {{ .Release.Name }}-data-pvc + mountPath: /var/lib/mariadb + - name: configmap + mountPath: /etc/mysql/mariadb.conf.d + - name: tls-volume + mountPath: /etc/mysql/mariadb.conf.d/certs + - name: replication-config + mountPath: /docker-entrypoint-initdb.d/ + readOnly: true + - name: mysqld-exporter + image: {{ .Values.db.exporter.image }} + env: + - name: MYSQLD_EXPORTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mysqld-exporter-pass + - name: DATA_SOURCE_NAME + value: {{ .Values.db.exporter.user }}:$(MYSQLD_EXPORTER_PASSWORD)@(127.0.0.1:3306)/ + ports: + - name: exporter + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: 9104 + readinessProbe: + httpGet: + path: /metrics + port: 9104 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + periodSeconds: 10 + {{ if .Values.metrics.exporter.enabled }} + - name: prometheus-to-sd + image: {{ .Values.metrics.image }} + command: + - /monitor + - --stackdriver-prefix=custom.googleapis.com + - --source=mariadb:http://localhost:9104/metrics + - --pod-id=$(POD_NAME) + - --namespace-id=$(POD_NAMESPACE) + - --monitored-resource-types=k8s + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{ end }} + volumes: + - name: configmap + configMap: + name: {{ .Release.Name }}-mariadb + - name: tls-volume + secret: + secretName: {{ .Release.Name }}-tls + - name: replication-config + secret: + secretName: {{ .Release.Name }}-mariadb + items: + - key: mariadb-replication.sql + path: mariadb-replication.sql + - key: mysqld_exporter.sql + path: mysqld_exporter.sql + volumeClaimTemplates: + - metadata: + name: {{ .Release.Name }}-data-pvc + labels: *MariaDBDeploymentLabels + spec: + resources: + requests: + storage: {{ .Values.mariadb.persistence.size }} + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.mariadb.persistence.storageClass }} diff --git a/k8s/mariadb/chart/mariadb/templates/mariadb-secondaries.yaml b/k8s/mariadb/chart/mariadb/templates/mariadb-secondaries.yaml new file mode 100644 index 0000000000..563db4c8df --- /dev/null +++ b/k8s/mariadb/chart/mariadb/templates/mariadb-secondaries.yaml @@ -0,0 +1,154 @@ +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-mariadb-secondary + labels: &MariaDBDeploymentLabels + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/component: mariadb-server-secondary +spec: + replicas: {{ .Values.db.replicas }} + selector: + matchLabels: *MariaDBDeploymentLabels + serviceName: {{ .Release.Name }}-mariadb-secondary + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: *MariaDBDeploymentLabels + spec: + serviceAccountName: "default" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: *MariaDBDeploymentLabels + initContainers: + - name: mariadb-init + image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" + imagePullPolicy: Always + env: + - name: HOST + value: {{ .Release.Name }}-mariadb.{{ .Release.Namespace }}.svc.cluster.local + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-pass + command: + - bash + - "-cx" + - | + echo "Waiting for mysqld to be ready (accepting connections)" + until mariadb -h ${HOST} -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do sleep 1; done + # Generate mysql server-id from pod ordinal index. + [[ $(hostname) =~ -([0-9]+)$ ]] || exit 1 + ordinal=${BASH_REMATCH[1]} + # Add an offset to avoid reserved server-id=0 value. + ID=$((100+$ordinal)) + # Generate appropriate conf.d file from configmap to emptyDir + sed "s/%%SERVER_ID%%/$ID/g" /mnt/configmap/my.cnf > /mnt/conf.d/my.cnf + volumeMounts: + - name: conf + mountPath: /mnt/conf.d + - name: configmap + mountPath: /mnt/configmap + containers: + - name: mariadb + image: "{{ .Values.mariadb.image.repo }}:{{ .Values.mariadb.image.tag }}" + imagePullPolicy: Always + env: + - name: MARIADB_MASTER_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-pass + - name: MARIADB_REPLICATION_USER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-replication-user + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mariadb + key: mariadb-replication-password + - name: HOST + value: {{ .Release.Name }}-mariadb.{{ .Release.Namespace }}.svc.cluster.local + - name: SERVICE_PORT + value: {{ .Values.service.port | quote }} + lifecycle: + postStart: + exec: + command: + - bash + - "-cx" + - | + echo "Waiting for mysqld to be ready (accepting connections)" + + until mariadb -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do sleep 1; done + until mariadb -h ${HOST} -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do sleep 1; done + + mkdir -p /var/mariadb/backup + BACKUP_FILE=/var/mariadb/backup/all-databases.sql + + mariadb-dump -h${HOST} -P${SERVICE_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} \ + --add-drop-database --flush-logs --flush-privileges \ + --master-data --all-databases > ${BACKUP_FILE} + + mariadb -uroot -p${MYSQL_ROOT_PASSWORD} -e "STOP SLAVE;" + mariadb -uroot -p${MYSQL_ROOT_PASSWORD} -e "CHANGE MASTER TO \ + MASTER_HOST='${HOST}', \ + MASTER_PORT=${SERVICE_PORT}, \ + MASTER_USER='${MARIADB_REPLICATION_USER}', \ + MASTER_PASSWORD='${MARIADB_REPLICATION_PASSWORD}', \ + MASTER_SSL=1, \ + MASTER_CONNECT_RETRY=10;" + mariadb -uroot -p${MYSQL_ROOT_PASSWORD} < ${BACKUP_FILE} + mariadb -uroot -p${MYSQL_ROOT_PASSWORD} -e "START SLAVE;" + rm -f ${BACKUP_FILE} + ports: + - name: mariadb + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: mariadb + initialDelaySeconds: 10 + timeoutSeconds: 5 + readinessProbe: + tcpSocket: + port: mariadb + initialDelaySeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - name: {{ .Release.Name }}-data-pvc + mountPath: /var/lib/mariadb + - name: conf + mountPath: /etc/mysql/mariadb.conf.d + - name: tls-volume + mountPath: /etc/mysql/mariadb.conf.d/certs + volumes: + - name: conf + emptyDir: {} + - name: configmap + configMap: + name: {{ .Release.Name }}-mariadb-secondary + - name: tls-volume + secret: + secretName: {{ .Release.Name }}-tls + volumeClaimTemplates: + - metadata: + name: {{ .Release.Name }}-data-pvc + labels: *MariaDBDeploymentLabels + spec: + resources: + requests: + storage: {{ .Values.mariadb.persistence.size }} + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.mariadb.persistence.storageClass }} diff --git a/k8s/mariadb/chart/mariadb/templates/mariadb-secrets.yaml b/k8s/mariadb/chart/mariadb/templates/mariadb-secrets.yaml index e122090897..de0b28080a 100644 --- a/k8s/mariadb/chart/mariadb/templates/mariadb-secrets.yaml +++ b/k8s/mariadb/chart/mariadb/templates/mariadb-secrets.yaml @@ -9,7 +9,7 @@ stringData: mariadb-replication-user: {{ .Values.replication.user }} mariadb-replication.sql: | CREATE USER IF NOT EXISTS '{{ .Values.replication.user }}'@'%' IDENTIFIED BY '{{ .Values.replication.password | b64dec }}' WITH MAX_USER_CONNECTIONS {{ .Values.replication.maxConnections }}; - GRANT REPLICATION SLAVE ON *.* TO '{{ .Values.replication.user }}'@'%' REQUIRE SSL; + GRANT REPLICATION REPLICA ON *.* TO '{{ .Values.replication.user }}'@'%' REQUIRE SSL; FLUSH PRIVILEGES; mysqld_exporter.sql: | CREATE USER IF NOT EXISTS '{{ .Values.db.exporter.user }}'@'127.0.0.1' IDENTIFIED BY '{{ .Values.db.exporter.password | b64dec }}' WITH MAX_USER_CONNECTIONS 3;