VMware Tanzu Application Catalog (TAC) is a customizable selection of open source software from Bitnami that is continuously maintained and verifiably tested for use in production environments. TAC provides both developers and operators a collection of trusted and up to date containers and Helm charts that can be consumed in different ways depending on the requirements of enterprise development teams.

One of the ways to consume TAC content is from a local machine using, in the case of Helm charts, the Helm CLI to add a TAC repository and deploy charts directly on a Kubernetes cluster.

This tutorial will show you how to add the TAC Helm chart demo repository on your local machine. It also explains how to customize the MariaDB Galera values.yaml file to enable some of the enterprise features it bundles and deploy this custom chart on a running cluster. This process is the same for any other solution available in the TAC Helm charts catalog and it is also valid for custom catalogs in which case users might add their custom repositories in their machines instead of the demo.

Assumptions and prerequisites

This guide explains how to deploy a MariaDB Galera cluster on a Kubernetes cluster from TAC using a local machine. It assumes that you have access to TAC and to a pre-built or custom catalog. If you don't have access to TAC, please reach out to your VMware sales representative.

This tutorial assumes that:

Step 1: Add the TAC catalog to your repositories

The first step is to add the TAC Helm repository so you can have all the charts available in the demo catalog in your local machine. Follow these instructions:

  1. Open a terminal window and execute this command:

    $ helm repo add demo https://charts.trials.tac.bitnami.com/demo
    
  2. To display the complete list of Helm charts, you can execute the following:

    $ helm search repo demo
    
  3. You can list only the different versions of MariaDB Galera available in the repository by running this command:

    $ helm search repo -l demo/mariadb-galera 
    

    MariaDB Galera versions available in TAC

This example, instead of using the default chart values, uses custom values to enable some enterprise features that Bitnami has added to this chart. You can check the default chart values by executing the following command:

$ helm show values demo/mariadb-galera

Step 2: Customize the MariaDB Galera Helm chart

Once you have the TAC Helm repository available in your local machine, you can start customizing the MariaDB Galera chart. Follow the instructions to enable some of the enterprise features that the MariaDB Galera Helm chart includes:

TIP: The parameters changed in this section are only an example of the customization you can perform in the chart values. You can always enable these or other parameters depending on your needs. See the complete list of chart parameters. For example, if you have an LDAP server installed in your cluster, it is strongly recommended to enable LDAP support for your chart. Check out this section for more information about LDAP support in the MariaDB Galera Helm chart.

  1. Download the MariaDB Galera values.yaml file:

    $ helm show values demo/mariadb-galera > values.yaml
    
  2. Open the values.yaml file to edit the following values:

    • In the "Database credentials" section, define a custom password for the admin user (remember to replace the DB-ROOT-PASSWORD placeholder with the password you want to set for the database root user):

      # Database credentials for root (admin) user
      #
      rootUser:
        password: DB-ROOT-PASSWORD
        forcePassword: false
      
    • In the "Galera configuration" section, enter a name for the MariaDB Galera cluster and also define a password for the mariabackup user (remember to replace the DB-MARIABACKUP-PASSWORD placeholder with the password you want to set for backups):

      # Galera configuration
      galera:
        name: my-galera
        mariabackup:
          password: DB-MARIABACKUP-PASSWORD
      
    • In the "custom db configuration" section, create a custom database and give access to a user for that database (remember to replace the DB-NAME and DB-CUSTOM-USER-PASSWORD placeholders with the name you want to set for the database and the password for user user01):

      # Custom db configuration
      #
      db:
        user: user01
        password: DB-CUSTOM-USER-PASSWORD
        # Database to create
        # ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
        #
        name: DB-NAME
        # Option to force users to specify a password. That is required for 'helm upgrade' to work properly.
        # If it is not force, a random password will be generated.
        #
        forcePassword: false
      
    • In the "Prometheus exporter configuration" section, enable metrics to expose the metrics so they can be consumed by Grafana and Prometheus:

      # Prometheus exporter configuration
      #
      metrics:
        enabled: true
      
    • In the "Enable persistence using Persistent Volume Claims" section, enable persistence to use volume claims:

      # Enable persistence using Persistent Volume Claims
      # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
      #
      persistence:
        # If true, use a Persistent Volume Claim, If false, use emptyDir
        #
        enabled: true
      
    • In the "serviceAccount" section, create RBAC rules and add a service account:

      serviceAccount:
      # Specifies whether a ServiceAccount should be created
      #
      create: true
      
      # Role Based Access
      # Ref: https://kubernetes.io/docs/admin/authorization/rbac/
      #
      rbac:
        # Specifies whether RBAC rules should be created
        #
        create: true
      
    • In the "Pod Security Context" section, set up a security context to ensure that all the containers that will be deployed use a non-root and an arbitrary user:

      # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
      #
      securityContext:
        enabled: true
        fsGroup: 1001
        runAsUser: 1001
      
    • In the "Affinity" section, add a podAntiAffinity to ensure that each of the replicas we have set (in this case, three) go to a different node of the cluster. This ensures that information is replicated in the rest of the nodes so that, if a node fails, service continuity is not affected.

      # Affinity for pod assignment. Evaluated as a template.
      # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
      #
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - topologyKey: "kubernetes.io/hostname"
              labelSelector:
                matchLabels:
                  app.kubernetes.io/name: mariadb-galera
                  app.kubernetes.io/instance: my-galera
      

Step 3: Install the MariaDB Galera Helm chart

The next step is to install the Helm chart using the customized values.yaml chart that you created. In order to show the upgrade process in a subsequent step, this guide will show you how to deploy an older version such as version 2.1.2. If you prefer to deploy a different version, specify it using the --version flag or remove it to deploy the latest version of the chart by default. Follow these instructions:

  1. Execute the following command to deploy the version 2.1.2 of the MariaDB Galera Helm chart using its customized values.yaml. Remember to replace MY-RELEASE with the name you want to enter for the deployment.

    $ helm install -f values.yaml --version 2.1.2 MY-RELEASE demo/mariadb-galera
    

    The deployment of the chart takes several minutes. Once the chart is installed, you will see a set of useful commands for getting the root database password, connecting to the database, connecting to Prometheus metrics from outside the cluster, or upgrading the chart.

    Install the customized MariaDB Galera Helm chart

  2. Check that all the production values configured in the previous step are already enabled by running the following commands:

    $ helm get values MY-RELEASE
    

Step 4: Connect to and check the MariaDB Galera services

In this step, you will learn how to check that all the services you enabled are working properly.

  1. First, watch the deployment status using this command:

    $  kubectl get sts -w --namespace default -l app.kubernetes.io/instance=MY-RELEASE
    

    You should see an output message similar to this:

    NAME                          READY   AGE
    my-galera-db-mariadb-galera   3/3     53m
    
  2. Check the database password by executing the command below. You should get the password you manually entered in the values.yaml for the root admin user.

    $ kubectl get secret --namespace default MY-RELEASE-mariadb-galera -o jsonpath="{.data.mariadb-root-password}" | base64 --decode
    
  3. Forward ports to the Prometheus services to check the metrics:

    $ kubectl port-forward svc/MY-RELEASE-mariadb-galera-metrics 9104:9104
    

    Now you should be able to access MySQLd Exporter metrics by browsing 127.0.0.1:9104:

    Check MariaDB Galera deployment metrics

  4. To check the permissions you configured enabling the serviceAccount, role, and RoleBinding, run the following commands:

    $ kubectl get serviceaccount
    $ kubectl get role
    $ kubectl get rolebinding
    

    You should see output similar to this:

    Check RBAC rules and permissions

  5. Check the node affinity using the following command.

    $ kubectl get pods -o wide 
    

    As you can see in the image below, each pod has been scheduled in a different node ensuring the continuity of the service if one of the nodes fails:

    Check each pod is running in a different node

  6. Finally, you can also check the container images used by the chart. TAC is both a container and a Helm charts catalog, so every container included in a TAC chart is retrieved from the TAC catalog. When a container is updated (for example, with a CVE fix or new features), new deployments of any chart referencing that container will automatically use the updated container.

See the containers including in the MariaDB Galera chart by running the command below:

$ kubectl get pods -l app.kubernetes.io/name=mariadb-galera -o json | jq '.items[0].spec.containers[].image'

You should see an output message similar to this:

Check containers

NOTE: This guide shows you how to consume Helm charts from the TAC demo catalog, but if you, as a company wants to use your golden image instead of the default provided in the catalog, the whole catalog will be built using your golden images.

Step 5: Upgrade to the latest version of the MariaDB Galera chart

As a final step, you can perform an upgrade of the chart to deploy a newest version. At the beginning of this guide, the version installed was the 2.1.2 but the 2.1.4 version was also available. To perform the upgrade of the chart execute the following command:

$ helm upgrade -f values.yaml --version 2.1.4 MY-RELEASE demo/mariadb-galera

This will perform an upgrade to v2.1.4 and replace the old containers with the new ones.

New Helm chart revision

NOTE: For major updates, refer to the Upgrading section you will find in the README file of the chart.

Useful links

To learn more about the topics discussed in this guide, use the links below:

check-circle-line exclamation-circle-line close-line
Scroll to top icon