From c46f02bca57fb3c350bff9067128ef40820c6309785a2f3703a0f355dc737e16 Mon Sep 17 00:00:00 2001 From: Andrew Date: Sun, 26 Apr 2026 22:55:06 -0400 Subject: [PATCH] feat(helm): mariadb-operator Database/User/Grant CRDs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When mariadb.enabled=true, references the in-cluster MariaDB this chart deploys. When false, references an external CR via mariadb.externalRef. Privileges scoped to the website's database only — no global ALL PRIVILEGES. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../templates/mariadb-database.yaml | 16 ++++++++++++++ .../templates/mariadb-grant.yaml | 19 +++++++++++++++++ .../templates/mariadb-user.yaml | 21 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 helm/ezscale-website/templates/mariadb-database.yaml create mode 100644 helm/ezscale-website/templates/mariadb-grant.yaml create mode 100644 helm/ezscale-website/templates/mariadb-user.yaml diff --git a/helm/ezscale-website/templates/mariadb-database.yaml b/helm/ezscale-website/templates/mariadb-database.yaml new file mode 100644 index 0000000..b6e833b --- /dev/null +++ b/helm/ezscale-website/templates/mariadb-database.yaml @@ -0,0 +1,16 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: {{ include "ezscale-website.fullname" . }}-db + labels: {{- include "ezscale-website.labels" . | nindent 4 }} +spec: + mariaDbRef: + {{- if .Values.mariadb.enabled }} + name: {{ include "ezscale-website.fullname" . }}-mariadb + {{- else }} + name: {{ .Values.mariadb.externalRef.name }} + namespace: {{ .Values.mariadb.externalRef.namespace }} + {{- end }} + characterSet: utf8mb4 + collate: utf8mb4_unicode_ci + name: {{ .Values.mariadb.database }} diff --git a/helm/ezscale-website/templates/mariadb-grant.yaml b/helm/ezscale-website/templates/mariadb-grant.yaml new file mode 100644 index 0000000..cb2b213 --- /dev/null +++ b/helm/ezscale-website/templates/mariadb-grant.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: {{ include "ezscale-website.fullname" . }}-grant + labels: {{- include "ezscale-website.labels" . | nindent 4 }} +spec: + mariaDbRef: + {{- if .Values.mariadb.enabled }} + name: {{ include "ezscale-website.fullname" . }}-mariadb + {{- else }} + name: {{ .Values.mariadb.externalRef.name }} + namespace: {{ .Values.mariadb.externalRef.namespace }} + {{- end }} + username: {{ .Values.mariadb.username }} + host: "%" + privileges: + - "ALL PRIVILEGES" + database: {{ .Values.mariadb.database }} + table: "*" diff --git a/helm/ezscale-website/templates/mariadb-user.yaml b/helm/ezscale-website/templates/mariadb-user.yaml new file mode 100644 index 0000000..723fa37 --- /dev/null +++ b/helm/ezscale-website/templates/mariadb-user.yaml @@ -0,0 +1,21 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: {{ include "ezscale-website.fullname" . }}-user + labels: {{- include "ezscale-website.labels" . | nindent 4 }} +spec: + # spec.name overrides metadata.name as the SQL identifier — needed because + # k8s resource names can't contain underscores but our SQL username can. + name: {{ .Values.mariadb.username }} + mariaDbRef: + {{- if .Values.mariadb.enabled }} + name: {{ include "ezscale-website.fullname" . }}-mariadb + {{- else }} + name: {{ .Values.mariadb.externalRef.name }} + namespace: {{ .Values.mariadb.externalRef.namespace }} + {{- end }} + passwordSecretKeyRef: + name: {{ include "ezscale-website.secretName" . }} + key: DB_PASSWORD + host: "%" + maxUserConnections: 50