From b6db0779cb671012b5e0bed3a097547c41d06fce Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 5 Nov 2024 18:22:10 +0900 Subject: [PATCH 01/46] argocd test yml --- deploy/o11y/rpi-exporter.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 deploy/o11y/rpi-exporter.yml diff --git a/deploy/o11y/rpi-exporter.yml b/deploy/o11y/rpi-exporter.yml new file mode 100644 index 00000000..55534bf2 --- /dev/null +++ b/deploy/o11y/rpi-exporter.yml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: rpi-exporter +spec: + selector: + matchLabels: + app: rpi-exporter + template: + metadata: + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: /metrics + prometheus.io/port: "9110" + labels: + app: rpi-exporter + spec: + containers: + - name: rpi-exporter + image: d3vilh/rpi_exporter-arm64:latest + ports: + - containerPort: 9110 + securityContext: + privileged: true + resources: + limits: + cpu: 15m + memory: 20Mi + requests: + cpu: 10m + memory: 10Mi + hostNetwork: true + hostPID: true + hostIPC: true \ No newline at end of file From 8adc5d5e3ba60fc1216e2a540071c7556b320531 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 11:02:08 +0900 Subject: [PATCH 02/46] node exporter --- deploy/o11y/node-exporter.yml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 deploy/o11y/node-exporter.yml diff --git a/deploy/o11y/node-exporter.yml b/deploy/o11y/node-exporter.yml new file mode 100644 index 00000000..581e1942 --- /dev/null +++ b/deploy/o11y/node-exporter.yml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: node-exporter + namespace: default + labels: + app: node-exporter +spec: + selector: + matchLabels: + app: node-exporter + template: + metadata: + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: /metrics + prometheus.io/port: "9100" + labels: + app: node-exporter + spec: + containers: + - name: node-exporter + image: prom/node-exporter:latest + ports: + - containerPort: 9100 + name: metrics + resources: + limits: + cpu: 40m + memory: 50Mi + requests: + cpu: 20m + memory: 30Mi + securityContext: + privileged: true + hostNetwork: true + hostPID: true + hostIPC: true \ No newline at end of file From f3b36f5b5cafa0d819ddc03bb5042518ca87e431 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 11:04:19 +0900 Subject: [PATCH 03/46] node exporter mv o11y ns --- deploy/o11y/node-exporter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/o11y/node-exporter.yml b/deploy/o11y/node-exporter.yml index 581e1942..e3e59ff8 100644 --- a/deploy/o11y/node-exporter.yml +++ b/deploy/o11y/node-exporter.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: node-exporter - namespace: default + namespace: o11y labels: app: node-exporter spec: From 26c49e4ee749cbb7a4d7fea45fa822a581ed3a02 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 11:14:23 +0900 Subject: [PATCH 04/46] loki --- deploy/o11y/loki.yml | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 deploy/o11y/loki.yml diff --git a/deploy/o11y/loki.yml b/deploy/o11y/loki.yml new file mode 100644 index 00000000..7e7e45ae --- /dev/null +++ b/deploy/o11y/loki.yml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki +spec: + replicas: 1 + selector: + matchLabels: + app: loki + template: + metadata: + labels: + app: loki + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3100" + prometheus.io/path: "/metrics" + spec: + containers: + - name: loki + image: grafana/loki:latest + args: + - "-config.file=/etc/loki/local-config.yaml" + ports: + - containerPort: 3100 + volumeMounts: + - name: loki-storage + mountPath: /loki + resources: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 1000m + memory: 1Gi + volumeClaimTemplates: + - metadata: + name: loki-storage + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: loki +spec: + ports: + - protocol: TCP + port: 3100 + targetPort: 3100 + selector: + app: loki \ No newline at end of file From ae7d6ca4dfe6ecf8fb3277d5bb641c720b3a6d2d Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 11:22:41 +0900 Subject: [PATCH 05/46] tempo origin --- deploy/o11y/tempo.yml | 66 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 deploy/o11y/tempo.yml diff --git a/deploy/o11y/tempo.yml b/deploy/o11y/tempo.yml new file mode 100644 index 00000000..ee5921e7 --- /dev/null +++ b/deploy/o11y/tempo.yml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: tempo + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: tempo + template: + metadata: + labels: + app: tempo + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3200" + + spec: + containers: + - name: tempo + image: grafana/tempo:2.2.4 + args: ["-config.file=/etc/tempo.yml"] + ports: + - containerPort: 3200 + - containerPort: 4318 + volumeMounts: + - name: config-volume + mountPath: /etc/tempo.yml + subPath: tempo-config.yml + resources: + requests: + cpu: 10m + memory: 512Mi + limits: + cpu: 500m + memory: 1Gi + volumes: + - name: config-volume + configMap: + name: tempo-config + volumeClaimTemplates: + - metadata: + name: tempo-storage + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: tempo +spec: + ports: + - name: http-tempo + protocol: TCP + port: 3200 + targetPort: 3200 + - name: otlp-http + protocol: TCP + port: 4318 + targetPort: 4318 + selector: + app: tempo \ No newline at end of file From c0fd2b35ac952c131858596efaedafcaf68b566c Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 11:23:45 +0900 Subject: [PATCH 06/46] tempo mv o11y --- deploy/o11y/tempo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/o11y/tempo.yml b/deploy/o11y/tempo.yml index ee5921e7..045a73de 100644 --- a/deploy/o11y/tempo.yml +++ b/deploy/o11y/tempo.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: tempo - namespace: default + namespace: o11y spec: replicas: 1 selector: From ad55cb1a4813ee0ddb3b6b43ca6b5d6ef3b9d0a2 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 12:43:40 +0900 Subject: [PATCH 07/46] prometheus --- deploy/o11y/prometheus.yml | 71 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 deploy/o11y/prometheus.yml diff --git a/deploy/o11y/prometheus.yml b/deploy/o11y/prometheus.yml new file mode 100644 index 00000000..33803f17 --- /dev/null +++ b/deploy/o11y/prometheus.yml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: prometheus + namespace: o11y +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9090" + + spec: + containers: + - name: prometheus + image: prom/prometheus:v2.47.2 + args: + - --config.file=/etc/prometheus.yml + - --storage.tsdb.path=/prometheus + - --storage.tsdb.retention.time=14d + - --web.enable-remote-write-receiver + - --enable-feature=exemplar-storage + ports: + - containerPort: 9090 + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus.yml + subPath: prometheus-config.yml + - name: data-volume + mountPath: /prometheus + resources: + requests: + cpu: 250m + memory: 1Gi + limits: + cpu: 1500m + memory: 2Gi + + volumes: + - name: config-volume + configMap: + name: prometheus-config + volumeClaimTemplates: + - metadata: + name: data-volume + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: prometheus + labels: + operated-prometheus: "true" + self-monitor: "true" +spec: + ports: + - protocol: TCP + port: 9090 + targetPort: 9090 + selector: + app: prometheus \ No newline at end of file From 3c548aec6dfd5b6b08508f6a7bcd0131e2092abf Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 12:48:45 +0900 Subject: [PATCH 08/46] grafana --- deploy/o11y/grafana.yml | 72 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 deploy/o11y/grafana.yml diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml new file mode 100644 index 00000000..4fa40763 --- /dev/null +++ b/deploy/o11y/grafana.yml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grafana + namespace: o11y +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + + spec: + containers: + - name: grafana + image: grafana/grafana:10.2.0 + env: + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ORG_ROLE + value: "Admin" + - name: GF_AUTH_DISABLE_LOGIN_FORM + value: "true" + - name: GF_FEATURE_TOGGLES_ENABLE + value: "traceqlEditor" + ports: + - containerPort: 3000 + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + volumeMounts: + - name: grafana-storage + mountPath: /var/lib/grafana + - name: config-volume + mountPath: /etc/grafana/provisioning/datasources/datasources.yml + subPath: grafana-datasources.yml + volumes: + - name: config-volume + configMap: + name: grafana-datasources-config + volumeClaimTemplates: + - metadata: + name: grafana-storage + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana +spec: + type: NodePort + ports: + - port: 3000 + protocol: TCP + port: 3001 + targetPort: 3000 + selector: + app: grafana \ No newline at end of file From 3b2d636481f10696493901ef402369168208e6de Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 12:53:52 +0900 Subject: [PATCH 09/46] otel --- deploy/o11y/otel-collector-scraper.yml | 66 ++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 deploy/o11y/otel-collector-scraper.yml diff --git a/deploy/o11y/otel-collector-scraper.yml b/deploy/o11y/otel-collector-scraper.yml new file mode 100644 index 00000000..628bb658 --- /dev/null +++ b/deploy/o11y/otel-collector-scraper.yml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: otel-collector-scraper + namespace: o11y +spec: + replicas: 1 + selector: + matchLabels: + app: otel-collector + template: + metadata: + labels: + app: otel-collector + spec: + serviceAccountName: otel-collector # 새로 만든 ServiceAccount 설정 + automountServiceAccountToken: true # 토큰 자동 마운트 설정 + containers: + - name: otel-collector + image: otel/opentelemetry-collector-contrib + args: ["--config=/etc/otel-collector.yml"] + ports: + - containerPort: 4318 + - containerPort: 8888 + - containerPort: 8889 + - containerPort: 13133 + volumeMounts: + - name: config-volume + mountPath: /etc/otel-collector.yml + subPath: otel-collector-config.yml + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + cpu: 1000m + memory: 512Mi + volumes: + - name: config-volume + configMap: + name: otel-collector-config +--- +apiVersion: v1 +kind: Service +metadata: + name: otel-collector +spec: + ports: + - name: otlp-http + protocol: TCP + port: 4318 + targetPort: 4318 + - name: otlp-prometheus + protocol: TCP + port: 8888 + targetPort: 8888 + - name: prometheus-exporter + protocol: TCP + port: 8889 + targetPort: 8889 + - name: health-check + protocol: TCP + port: 13133 + targetPort: 13133 + selector: + app: otel-collector \ No newline at end of file From 95c2164e2c4925c76b26d4a2b7139bcbcf8167c9 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 12:59:55 +0900 Subject: [PATCH 10/46] state metric --- deploy/o11y/state-metrics.yml | 60 +++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 deploy/o11y/state-metrics.yml diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml new file mode 100644 index 00000000..e7d102cf --- /dev/null +++ b/deploy/o11y/state-metrics.yml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kube-state-metrics + namespace: o11y + labels: + app: kube-state-metrics +spec: + replicas: 1 + selector: + matchLabels: + app: kube-state-metrics + template: + metadata: + labels: + app: kube-state-metrics + annotations: {} + spec: + serviceAccountName: kube-state-metrics + affinity: {} + automountServiceAccountToken: true + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + containers: + - name: kube-state-metrics + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + resources: + limits: + cpu: 20m + memory: 100Mi + requests: + cpu: 10m + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: o11y + labels: + app: kube-state-metrics +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + selector: + app: kube-state-metrics \ No newline at end of file From a151b8828cc874d5c5d1d11ec529702cd27c43da Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:30:22 +0900 Subject: [PATCH 11/46] state metric --- deploy/o11y/state-metrics.yml | 267 +++++++++++++++++++++++++++------- 1 file changed, 215 insertions(+), 52 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index e7d102cf..62b9671f 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,60 +1,223 @@ -apiVersion: apps/v1 -kind: StatefulSet +apiVersion: v1 +kind: Pod metadata: - name: kube-state-metrics - namespace: o11y + creationTimestamp: "2024-11-06T05:25:38Z" + generateName: kube-state-metrics-1730870736-c99dcc659- labels: - app: kube-state-metrics + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics-1730870736 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.13.0 + helm.sh/chart: kube-state-metrics-5.26.0 + pod-template-hash: c99dcc659 + name: kube-state-metrics-1730870736-c99dcc659-p2m5q + namespace: o11y + ownerReferences: + - apiVersion: apps/v1 + blockOwnerDeletion: true + controller: true + kind: ReplicaSet + name: kube-state-metrics-1730870736-c99dcc659 + uid: 79801dcf-93ac-4b17-bf40-7decb3f9c63c + resourceVersion: "473647" + uid: e393e1ff-61fe-4974-ac6b-cfcb8c4da3f3 spec: - replicas: 1 - selector: - matchLabels: - app: kube-state-metrics - template: - metadata: - labels: - app: kube-state-metrics - annotations: {} - spec: - serviceAccountName: kube-state-metrics - affinity: {} - automountServiceAccountToken: true + automountServiceAccountToken: true + containers: + - args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - containers: - - name: kube-state-metrics - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:latest - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - resources: - limits: - cpu: 20m - memory: 100Mi - requests: - cpu: 10m - memory: 50Mi ---- + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + "me.yml" 159L, 4849B 1,1 Top apiVersion: v1 -kind: Service +kind: Pod metadata: - name: kube-state-metrics - namespace: o11y + creationTimestamp: "2024-11-06T05:25:38Z" + generateName: kube-state-metrics-1730870736-c99dcc659- labels: - app: kube-state-metrics + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics-1730870736 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.13.0 + helm.sh/chart: kube-state-metrics-5.26.0 + pod-template-hash: c99dcc659 + name: kube-state-metrics-1730870736-c99dcc659-p2m5q + namespace: o11y + ownerReferences: + - apiVersion: apps/v1 + blockOwnerDeletion: true + controller: true + kind: ReplicaSet + name: kube-state-metrics-1730870736-c99dcc659 + uid: 79801dcf-93ac-4b17-bf40-7decb3f9c63c + resourceVersion: "473647" + uid: e393e1ff-61fe-4974-ac6b-cfcb8c4da3f3 spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: 8080 - selector: - app: kube-state-metrics \ No newline at end of file + automountServiceAccountToken: true + containers: + - args: + - --port=8080 + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-mg2lm + readOnly: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + nodeName: mk3 + preemptionPolicy: PreemptLowerPriority + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + serviceAccount: kube-state-metrics-1730870736 + serviceAccountName: kube-state-metrics-1730870736 + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 + volumes: + - name: kube-api-access-mg2lm + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +status: + conditions: + - lastProbeTime: null + lastTransitionTime: "2024-11-06T05:25:46Z" + status: "True" + type: PodReadyToStartContainers + - lastProbeTime: null + lastTransitionTime: "2024-11-06T05:25:38Z" + status: "True" + type: Initialized + - lastProbeTime: null + lastTransitionTime: "2024-11-06T05:25:58Z" + status: "True" + type: Ready + - lastProbeTime: null + lastTransitionTime: "2024-11-06T05:25:58Z" + status: "True" + type: ContainersReady + - lastProbeTime: null + lastTransitionTime: "2024-11-06T05:25:38Z" + status: "True" + type: PodScheduled + containerStatuses: + - containerID: containerd://3b7ae337c78555f4ad5df48eeecb8b182b402b1801ce99cd1b88197d67726909 + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + imageID: registry.k8s.io/kube-state-metrics/kube-state-metrics@sha256:639a1e2da549210adddc0391ff91e270e83f7873014aec53258462812f741e6f + lastState: {} + name: kube-state-metrics + ready: true + restartCount: 0 + started: true + state: + running: + startedAt: "2024-11-06T05:25:45Z" + hostIP: 192.168.0.103 + hostIPs: + - ip: 192.168.0.103 + phase: Running + podIP: 10.42.2.88 + podIPs: + - ip: 10.42.2.88 + qosClass: BestEffort + startTime: "2024-11-06T05:25:38Z" \ No newline at end of file From a8e16085983ca35bf82309c442871bce76392f89 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:32:14 +0900 Subject: [PATCH 12/46] state metric --- deploy/o11y/state-metrics.yml | 65 ----------------------------------- 1 file changed, 65 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 62b9671f..5a751bd3 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,70 +1,5 @@ apiVersion: v1 kind: Pod -metadata: - creationTimestamp: "2024-11-06T05:25:38Z" - generateName: kube-state-metrics-1730870736-c99dcc659- - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/instance: kube-state-metrics-1730870736 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: 2.13.0 - helm.sh/chart: kube-state-metrics-5.26.0 - pod-template-hash: c99dcc659 - name: kube-state-metrics-1730870736-c99dcc659-p2m5q - namespace: o11y - ownerReferences: - - apiVersion: apps/v1 - blockOwnerDeletion: true - controller: true - kind: ReplicaSet - name: kube-state-metrics-1730870736-c99dcc659 - uid: 79801dcf-93ac-4b17-bf40-7decb3f9c63c - resourceVersion: "473647" - uid: e393e1ff-61fe-4974-ac6b-cfcb8c4da3f3 -spec: - automountServiceAccountToken: true - containers: - - args: - - --port=8080 - - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - "me.yml" 159L, 4849B 1,1 Top -apiVersion: v1 -kind: Pod metadata: creationTimestamp: "2024-11-06T05:25:38Z" generateName: kube-state-metrics-1730870736-c99dcc659- From c236a5dc559bc77945cfa1cc8a9b87e7067a206b Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:40:36 +0900 Subject: [PATCH 13/46] state metric --- deploy/o11y/state-metrics.yml | 67 ++++------------------------------- 1 file changed, 7 insertions(+), 60 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 5a751bd3..5374c054 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,28 +1,21 @@ apiVersion: v1 kind: Pod metadata: - creationTimestamp: "2024-11-06T05:25:38Z" - generateName: kube-state-metrics-1730870736-c99dcc659- + generateName: kube-state-metrics0 labels: app.kubernetes.io/component: metrics - app.kubernetes.io/instance: kube-state-metrics-1730870736 - app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: kube-state-metrics0 app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-state-metrics app.kubernetes.io/version: 2.13.0 - helm.sh/chart: kube-state-metrics-5.26.0 - pod-template-hash: c99dcc659 - name: kube-state-metrics-1730870736-c99dcc659-p2m5q + name: kube-state-metrics namespace: o11y ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet - name: kube-state-metrics-1730870736-c99dcc659 - uid: 79801dcf-93ac-4b17-bf40-7decb3f9c63c - resourceVersion: "473647" - uid: e393e1ff-61fe-4974-ac6b-cfcb8c4da3f3 + name: kube-state-metrics spec: automountServiceAccountToken: true containers: @@ -62,15 +55,12 @@ spec: drop: - ALL readOnlyRootFilesystem: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-mg2lm readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true - nodeName: mk3 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always @@ -82,8 +72,8 @@ spec: runAsUser: 65534 seccompProfile: type: RuntimeDefault - serviceAccount: kube-state-metrics-1730870736 - serviceAccountName: kube-state-metrics-1730870736 + serviceAccount: kube-state-metrics + serviceAccountName: kube-state-metrics terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute @@ -112,47 +102,4 @@ spec: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace - path: namespace -status: - conditions: - - lastProbeTime: null - lastTransitionTime: "2024-11-06T05:25:46Z" - status: "True" - type: PodReadyToStartContainers - - lastProbeTime: null - lastTransitionTime: "2024-11-06T05:25:38Z" - status: "True" - type: Initialized - - lastProbeTime: null - lastTransitionTime: "2024-11-06T05:25:58Z" - status: "True" - type: Ready - - lastProbeTime: null - lastTransitionTime: "2024-11-06T05:25:58Z" - status: "True" - type: ContainersReady - - lastProbeTime: null - lastTransitionTime: "2024-11-06T05:25:38Z" - status: "True" - type: PodScheduled - containerStatuses: - - containerID: containerd://3b7ae337c78555f4ad5df48eeecb8b182b402b1801ce99cd1b88197d67726909 - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - imageID: registry.k8s.io/kube-state-metrics/kube-state-metrics@sha256:639a1e2da549210adddc0391ff91e270e83f7873014aec53258462812f741e6f - lastState: {} - name: kube-state-metrics - ready: true - restartCount: 0 - started: true - state: - running: - startedAt: "2024-11-06T05:25:45Z" - hostIP: 192.168.0.103 - hostIPs: - - ip: 192.168.0.103 - phase: Running - podIP: 10.42.2.88 - podIPs: - - ip: 10.42.2.88 - qosClass: BestEffort - startTime: "2024-11-06T05:25:38Z" \ No newline at end of file + path: namespace \ No newline at end of file From 7ea091a11a789b3a1b09abe0d6657b9a8449bec3 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:50:26 +0900 Subject: [PATCH 14/46] state metric --- deploy/o11y/state-metrics.yml | 307 +++++++++++++++++++++++----------- 1 file changed, 208 insertions(+), 99 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 5374c054..b198dd63 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,105 +1,214 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kube-state-metrics + name: kube-state-metrics +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + - ingresses + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: kube-state-metrics + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: + - kind: ServiceAccount + name: kube-state-metrics + namespace: o11y + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kube-state-metrics + name: kube-state-metrics + namespace: o11y +spec: + replicas: 1 + selector: + matchLabels: + app: kube-state-metrics + template: + metadata: + labels: + app: kube-state-metrics + spec: + containers: + - image: quay.io/coreos/kube-state-metrics:v2.6.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + resources: + limits: + cpu: 200m + memory: 400Mi + requests: + cpu: 20m + memory: 200Mi + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + runAsUser: 65534 + serviceAccountName: kube-state-metrics + +--- + apiVersion: v1 -kind: Pod +kind: Service metadata: - generateName: kube-state-metrics0 labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/instance: kube-state-metrics0 - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: 2.13.0 + app: kube-state-metrics name: kube-state-metrics namespace: o11y - ownerReferences: - - apiVersion: apps/v1 - blockOwnerDeletion: true - controller: true - kind: ReplicaSet - name: kube-state-metrics spec: - automountServiceAccountToken: true - containers: - - args: - - --port=8080 - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: kube-state-metrics - ports: - - containerPort: 8080 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-mg2lm - readOnly: true - dnsPolicy: ClusterFirst - enableServiceLinks: true - preemptionPolicy: PreemptLowerPriority - priority: 0 - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - serviceAccount: kube-state-metrics - serviceAccountName: kube-state-metrics - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 300 - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 300 - volumes: - - name: kube-api-access-mg2lm - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace \ No newline at end of file + clusterIP: None + ports: + - name: http-metrics + port: 8080 + targetPort: http-metrics + - name: telemetry + port: 8081 + targetPort: telemetry + selector: + app: kube-state-metrics + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: kube-state-metrics + name: kube-state-metrics + namespace: o11y From 2a2649ee8090527b633319dd1fe174c8cd6d97b8 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:52:49 +0900 Subject: [PATCH 15/46] state metric --- deploy/o11y/state-metrics.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index b198dd63..682fe8fc 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -4,6 +4,7 @@ metadata: labels: app: kube-state-metrics name: kube-state-metrics + annotations: {} rules: - apiGroups: - "" @@ -123,6 +124,7 @@ metadata: labels: app: kube-state-metrics name: kube-state-metrics + annotations: {} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -141,6 +143,7 @@ metadata: app: kube-state-metrics name: kube-state-metrics namespace: o11y + annotations: {} spec: replicas: 1 selector: @@ -150,6 +153,8 @@ spec: metadata: labels: app: kube-state-metrics + annotations: + {{- toYaml .Values.podAnnotations | nindent 8 }} spec: containers: - image: quay.io/coreos/kube-state-metrics:v2.6.0 @@ -191,6 +196,7 @@ metadata: app: kube-state-metrics name: kube-state-metrics namespace: o11y + annotations: {} spec: clusterIP: None ports: @@ -212,3 +218,4 @@ metadata: app: kube-state-metrics name: kube-state-metrics namespace: o11y + annotations: {} \ No newline at end of file From 63d7334f16047428f860b3dc2cce79b14fde934f Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:54:51 +0900 Subject: [PATCH 16/46] state metric --- deploy/o11y/state-metrics.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 682fe8fc..a2e63346 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -153,8 +153,7 @@ spec: metadata: labels: app: kube-state-metrics - annotations: - {{- toYaml .Values.podAnnotations | nindent 8 }} + annotations: {} spec: containers: - image: quay.io/coreos/kube-state-metrics:v2.6.0 From fe663015c840c2574949c1550d1493f53bd2a814 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 14:57:49 +0900 Subject: [PATCH 17/46] state metric --- deploy/o11y/state-metrics.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index a2e63346..2332d7c2 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -197,7 +197,6 @@ metadata: namespace: o11y annotations: {} spec: - clusterIP: None ports: - name: http-metrics port: 8080 From 385743e24beecceeda6e970b62954babe507904a Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:14:32 +0900 Subject: [PATCH 18/46] state metric --- deploy/o11y/state-metrics.yml | 438 +++++++++++++++++++--------------- 1 file changed, 242 insertions(+), 196 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 2332d7c2..6fbe8255 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,219 +1,265 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: kube-state-metrics - name: kube-state-metrics - annotations: {} -rules: - - apiGroups: - - "" - resources: - - configmaps - - secrets - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - verbs: - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - - ingresses - verbs: - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - list - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - list - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: kube-state-metrics - name: kube-state-metrics - annotations: {} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kube-state-metrics -subjects: - - kind: ServiceAccount - name: kube-state-metrics - namespace: o11y - ---- - apiVersion: apps/v1 kind: Deployment metadata: - labels: - app: kube-state-metrics - name: kube-state-metrics + name: kube-state-metrics-1730873276 namespace: o11y - annotations: {} + uid: 20bc36c6-236a-49c7-82d9-60cb6dd76b4c + resourceVersion: '475504' + generation: 1 + creationTimestamp: '2024-11-06T06:07:58Z' + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics-1730873276 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.13.0 + helm.sh/chart: kube-state-metrics-5.26.0 + annotations: + deployment.kubernetes.io/revision: '1' + meta.helm.sh/release-name: kube-state-metrics-1730873276 + meta.helm.sh/release-namespace: o11y + managedFields: + - manager: helm + operation: Update + apiVersion: apps/v1 + time: '2024-11-06T06:07:58Z' + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + .: {} + f:meta.helm.sh/release-name: {} + f:meta.helm.sh/release-namespace: {} + f:labels: + .: {} + f:app.kubernetes.io/component: {} + f:app.kubernetes.io/instance: {} + f:app.kubernetes.io/managed-by: {} + f:app.kubernetes.io/name: {} + f:app.kubernetes.io/part-of: {} + f:app.kubernetes.io/version: {} + f:helm.sh/chart: {} + f:spec: + f:progressDeadlineSeconds: {} + f:replicas: {} + f:revisionHistoryLimit: {} + f:selector: {} + f:strategy: + f:rollingUpdate: + .: {} + f:maxSurge: {} + f:maxUnavailable: {} + f:type: {} + f:template: + f:metadata: + f:labels: + .: {} + f:app.kubernetes.io/component: {} + f:app.kubernetes.io/instance: {} + f:app.kubernetes.io/managed-by: {} + f:app.kubernetes.io/name: {} + f:app.kubernetes.io/part-of: {} + f:app.kubernetes.io/version: {} + f:helm.sh/chart: {} + f:spec: + f:automountServiceAccountToken: {} + f:containers: + k:{"name":"kube-state-metrics"}: + .: {} + f:args: {} + f:image: {} + f:imagePullPolicy: {} + f:livenessProbe: + .: {} + f:failureThreshold: {} + f:httpGet: + .: {} + f:path: {} + f:port: {} + f:scheme: {} + f:initialDelaySeconds: {} + f:periodSeconds: {} + f:successThreshold: {} + f:timeoutSeconds: {} + f:name: {} + f:ports: + .: {} + k:{"containerPort":8080,"protocol":"TCP"}: + .: {} + f:containerPort: {} + f:name: {} + f:protocol: {} + f:readinessProbe: + .: {} + f:failureThreshold: {} + f:httpGet: + .: {} + f:path: {} + f:port: {} + f:scheme: {} + f:initialDelaySeconds: {} + f:periodSeconds: {} + f:successThreshold: {} + f:timeoutSeconds: {} + f:resources: {} + f:securityContext: + .: {} + f:allowPrivilegeEscalation: {} + f:capabilities: + .: {} + f:drop: {} + f:readOnlyRootFilesystem: {} + f:terminationMessagePath: {} + f:terminationMessagePolicy: {} + f:dnsPolicy: {} + f:restartPolicy: {} + f:schedulerName: {} + f:securityContext: + .: {} + f:fsGroup: {} + f:runAsGroup: {} + f:runAsNonRoot: {} + f:runAsUser: {} + f:seccompProfile: + .: {} + f:type: {} + f:serviceAccount: {} + f:serviceAccountName: {} + f:terminationGracePeriodSeconds: {} + - manager: k3s + operation: Update + apiVersion: apps/v1 + time: '2024-11-06T06:08:08Z' + fieldsType: FieldsV1 + fieldsV1: + f:metadata: + f:annotations: + f:deployment.kubernetes.io/revision: {} + f:status: + f:availableReplicas: {} + f:conditions: + .: {} + k:{"type":"Available"}: + .: {} + f:lastTransitionTime: {} + f:lastUpdateTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + k:{"type":"Progressing"}: + .: {} + f:lastTransitionTime: {} + f:lastUpdateTime: {} + f:message: {} + f:reason: {} + f:status: {} + f:type: {} + f:observedGeneration: {} + f:readyReplicas: {} + f:replicas: {} + f:updatedReplicas: {} + subresource: status + selfLink: /apis/apps/v1/namespaces/o11y/deployments/kube-state-metrics-1730873276 +status: + observedGeneration: 1 + replicas: 1 + updatedReplicas: 1 + readyReplicas: 1 + availableReplicas: 1 + conditions: + - type: Available + status: 'True' + lastUpdateTime: '2024-11-06T06:08:08Z' + lastTransitionTime: '2024-11-06T06:08:08Z' + reason: MinimumReplicasAvailable + message: Deployment has minimum availability. + - type: Progressing + status: 'True' + lastUpdateTime: '2024-11-06T06:08:08Z' + lastTransitionTime: '2024-11-06T06:07:58Z' + reason: NewReplicaSetAvailable + message: >- + ReplicaSet "kube-state-metrics-1730873276-5444fc5775" has successfully + progressed. spec: replicas: 1 selector: matchLabels: - app: kube-state-metrics + app.kubernetes.io/instance: kube-state-metrics-1730873276 + app.kubernetes.io/name: kube-state-metrics template: metadata: + creationTimestamp: null labels: - app: kube-state-metrics - annotations: {} + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: kube-state-metrics-1730873276 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.13.0 + helm.sh/chart: kube-state-metrics-5.26.0 spec: containers: - - image: quay.io/coreos/kube-state-metrics:v2.6.0 + - name: kube-state-metrics + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + args: + - '--port=8080' + - >- + --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: {} livenessProbe: httpGet: - path: /healthz + path: /livez port: 8080 + scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 5 - name: kube-state-metrics - resources: - limits: - cpu: 200m - memory: 400Mi - requests: - cpu: 20m - memory: 200Mi - ports: - - containerPort: 8080 - name: http-metrics - - containerPort: 8081 - name: telemetry + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 readinessProbe: httpGet: - path: / - port: 8081 + path: /readyz + port: 8080 + scheme: HTTP initialDelaySeconds: 5 timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent securityContext: - runAsUser: 65534 - serviceAccountName: kube-state-metrics - ---- - -apiVersion: v1 -kind: Service -metadata: - labels: - app: kube-state-metrics - name: kube-state-metrics - namespace: o11y - annotations: {} -spec: - ports: - - name: http-metrics - port: 8080 - targetPort: http-metrics - - name: telemetry - port: 8081 - targetPort: telemetry - selector: - app: kube-state-metrics - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: kube-state-metrics - name: kube-state-metrics - namespace: o11y - annotations: {} \ No newline at end of file + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: kube-state-metrics-1730873276 + serviceAccount: kube-state-metrics-1730873276 + automountServiceAccountToken: true + securityContext: + runAsUser: 65534 + runAsGroup: 65534 + runAsNonRoot: true + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 From 4353f6616362984fb074d92c199982cd618e7e2e Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:18:19 +0900 Subject: [PATCH 19/46] state metric --- deploy/o11y/state-metrics.yml | 443 ++++++++++++++++++---------------- 1 file changed, 235 insertions(+), 208 deletions(-) diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml index 6fbe8255..28bbe5a3 100644 --- a/deploy/o11y/state-metrics.yml +++ b/deploy/o11y/state-metrics.yml @@ -1,12 +1,9 @@ -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Pod metadata: - name: kube-state-metrics-1730873276 + name: kube-state-metrics-1730873276-5444fc5775-lxm8d + generateName: kube-state-metrics-1730873276-5444fc5775- namespace: o11y - uid: 20bc36c6-236a-49c7-82d9-60cb6dd76b4c - resourceVersion: '475504' - generation: 1 - creationTimestamp: '2024-11-06T06:07:58Z' labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: kube-state-metrics-1730873276 @@ -15,22 +12,23 @@ metadata: app.kubernetes.io/part-of: kube-state-metrics app.kubernetes.io/version: 2.13.0 helm.sh/chart: kube-state-metrics-5.26.0 - annotations: - deployment.kubernetes.io/revision: '1' - meta.helm.sh/release-name: kube-state-metrics-1730873276 - meta.helm.sh/release-namespace: o11y + pod-template-hash: 5444fc5775 + ownerReferences: + - apiVersion: apps/v1 + kind: ReplicaSet + name: kube-state-metrics-1730873276-5444fc5775 + uid: 60fccec7-6f1c-437a-b760-9a7aa7c7631c + controller: true + blockOwnerDeletion: true managedFields: - - manager: helm + - manager: k3s operation: Update - apiVersion: apps/v1 + apiVersion: v1 time: '2024-11-06T06:07:58Z' fieldsType: FieldsV1 fieldsV1: f:metadata: - f:annotations: - .: {} - f:meta.helm.sh/release-name: {} - f:meta.helm.sh/release-namespace: {} + f:generateName: {} f:labels: .: {} f:app.kubernetes.io/component: {} @@ -40,226 +38,255 @@ metadata: f:app.kubernetes.io/part-of: {} f:app.kubernetes.io/version: {} f:helm.sh/chart: {} + f:pod-template-hash: {} + f:ownerReferences: + .: {} + k:{"uid":"60fccec7-6f1c-437a-b760-9a7aa7c7631c"}: {} f:spec: - f:progressDeadlineSeconds: {} - f:replicas: {} - f:revisionHistoryLimit: {} - f:selector: {} - f:strategy: - f:rollingUpdate: + f:automountServiceAccountToken: {} + f:containers: + k:{"name":"kube-state-metrics"}: .: {} - f:maxSurge: {} - f:maxUnavailable: {} - f:type: {} - f:template: - f:metadata: - f:labels: + f:args: {} + f:image: {} + f:imagePullPolicy: {} + f:livenessProbe: .: {} - f:app.kubernetes.io/component: {} - f:app.kubernetes.io/instance: {} - f:app.kubernetes.io/managed-by: {} - f:app.kubernetes.io/name: {} - f:app.kubernetes.io/part-of: {} - f:app.kubernetes.io/version: {} - f:helm.sh/chart: {} - f:spec: - f:automountServiceAccountToken: {} - f:containers: - k:{"name":"kube-state-metrics"}: + f:failureThreshold: {} + f:httpGet: .: {} - f:args: {} - f:image: {} - f:imagePullPolicy: {} - f:livenessProbe: - .: {} - f:failureThreshold: {} - f:httpGet: - .: {} - f:path: {} - f:port: {} - f:scheme: {} - f:initialDelaySeconds: {} - f:periodSeconds: {} - f:successThreshold: {} - f:timeoutSeconds: {} + f:path: {} + f:port: {} + f:scheme: {} + f:initialDelaySeconds: {} + f:periodSeconds: {} + f:successThreshold: {} + f:timeoutSeconds: {} + f:name: {} + f:ports: + .: {} + k:{"containerPort":8080,"protocol":"TCP"}: + .: {} + f:containerPort: {} f:name: {} - f:ports: - .: {} - k:{"containerPort":8080,"protocol":"TCP"}: - .: {} - f:containerPort: {} - f:name: {} - f:protocol: {} - f:readinessProbe: - .: {} - f:failureThreshold: {} - f:httpGet: - .: {} - f:path: {} - f:port: {} - f:scheme: {} - f:initialDelaySeconds: {} - f:periodSeconds: {} - f:successThreshold: {} - f:timeoutSeconds: {} - f:resources: {} - f:securityContext: - .: {} - f:allowPrivilegeEscalation: {} - f:capabilities: - .: {} - f:drop: {} - f:readOnlyRootFilesystem: {} - f:terminationMessagePath: {} - f:terminationMessagePolicy: {} - f:dnsPolicy: {} - f:restartPolicy: {} - f:schedulerName: {} + f:protocol: {} + f:readinessProbe: + .: {} + f:failureThreshold: {} + f:httpGet: + .: {} + f:path: {} + f:port: {} + f:scheme: {} + f:initialDelaySeconds: {} + f:periodSeconds: {} + f:successThreshold: {} + f:timeoutSeconds: {} + f:resources: {} f:securityContext: .: {} - f:fsGroup: {} - f:runAsGroup: {} - f:runAsNonRoot: {} - f:runAsUser: {} - f:seccompProfile: + f:allowPrivilegeEscalation: {} + f:capabilities: .: {} - f:type: {} - f:serviceAccount: {} - f:serviceAccountName: {} - f:terminationGracePeriodSeconds: {} + f:drop: {} + f:readOnlyRootFilesystem: {} + f:terminationMessagePath: {} + f:terminationMessagePolicy: {} + f:dnsPolicy: {} + f:enableServiceLinks: {} + f:restartPolicy: {} + f:schedulerName: {} + f:securityContext: + .: {} + f:fsGroup: {} + f:runAsGroup: {} + f:runAsNonRoot: {} + f:runAsUser: {} + f:seccompProfile: + .: {} + f:type: {} + f:serviceAccount: {} + f:serviceAccountName: {} + f:terminationGracePeriodSeconds: {} - manager: k3s operation: Update - apiVersion: apps/v1 + apiVersion: v1 time: '2024-11-06T06:08:08Z' fieldsType: FieldsV1 fieldsV1: - f:metadata: - f:annotations: - f:deployment.kubernetes.io/revision: {} f:status: - f:availableReplicas: {} f:conditions: - .: {} - k:{"type":"Available"}: + k:{"type":"ContainersReady"}: .: {} + f:lastProbeTime: {} f:lastTransitionTime: {} - f:lastUpdateTime: {} - f:message: {} - f:reason: {} f:status: {} f:type: {} - k:{"type":"Progressing"}: + k:{"type":"Initialized"}: .: {} + f:lastProbeTime: {} f:lastTransitionTime: {} - f:lastUpdateTime: {} - f:message: {} - f:reason: {} f:status: {} f:type: {} - f:observedGeneration: {} - f:readyReplicas: {} - f:replicas: {} - f:updatedReplicas: {} + k:{"type":"PodReadyToStartContainers"}: + .: {} + f:lastProbeTime: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + k:{"type":"Ready"}: + .: {} + f:lastProbeTime: {} + f:lastTransitionTime: {} + f:status: {} + f:type: {} + f:containerStatuses: {} + f:hostIP: {} + f:hostIPs: {} + f:phase: {} + f:podIP: {} + f:podIPs: + .: {} + k:{"ip":"10.42.2.93"}: + .: {} + f:ip: {} + f:startTime: {} subresource: status - selfLink: /apis/apps/v1/namespaces/o11y/deployments/kube-state-metrics-1730873276 + selfLink: /api/v1/namespaces/o11y/pods/kube-state-metrics-1730873276-5444fc5775-lxm8d status: - observedGeneration: 1 - replicas: 1 - updatedReplicas: 1 - readyReplicas: 1 - availableReplicas: 1 + phase: Running conditions: - - type: Available + - type: PodReadyToStartContainers + status: 'True' + lastProbeTime: null + lastTransitionTime: '2024-11-06T06:07:59Z' + - type: Initialized + status: 'True' + lastProbeTime: null + lastTransitionTime: '2024-11-06T06:07:58Z' + - type: Ready + status: 'True' + lastProbeTime: null + lastTransitionTime: '2024-11-06T06:08:08Z' + - type: ContainersReady status: 'True' - lastUpdateTime: '2024-11-06T06:08:08Z' + lastProbeTime: null lastTransitionTime: '2024-11-06T06:08:08Z' - reason: MinimumReplicasAvailable - message: Deployment has minimum availability. - - type: Progressing + - type: PodScheduled status: 'True' - lastUpdateTime: '2024-11-06T06:08:08Z' + lastProbeTime: null lastTransitionTime: '2024-11-06T06:07:58Z' - reason: NewReplicaSetAvailable - message: >- - ReplicaSet "kube-state-metrics-1730873276-5444fc5775" has successfully - progressed. + hostIP: 192.168.0.103 + hostIPs: + - ip: 192.168.0.103 + podIP: 10.42.2.93 + podIPs: + - ip: 10.42.2.93 + startTime: '2024-11-06T06:07:58Z' + containerStatuses: + - name: kube-state-metrics + state: + running: + startedAt: '2024-11-06T06:07:59Z' + lastState: {} + ready: true + restartCount: 0 + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + imageID: >- + registry.k8s.io/kube-state-metrics/kube-state-metrics@sha256:639a1e2da549210adddc0391ff91e270e83f7873014aec53258462812f741e6f + containerID: >- + containerd://7f65efe25f19f377bd8f9907f2e974dd934c52cf89f8e519879d6ef59b35e3ca + started: true + qosClass: BestEffort spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: kube-state-metrics-1730873276 - app.kubernetes.io/name: kube-state-metrics - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/instance: kube-state-metrics-1730873276 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: 2.13.0 - helm.sh/chart: kube-state-metrics-5.26.0 - spec: - containers: - - name: kube-state-metrics - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - args: - - '--port=8080' - - >- - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments - ports: - - name: http - containerPort: 8080 - protocol: TCP - resources: {} - livenessProbe: - httpGet: - path: /livez - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - imagePullPolicy: IfNotPresent - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - serviceAccountName: kube-state-metrics-1730873276 - serviceAccount: kube-state-metrics-1730873276 - automountServiceAccountToken: true + volumes: + - name: kube-api-access-25fp2 + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + name: kube-root-ca.crt + items: + - key: ca.crt + path: ca.crt + - downwardAPI: + items: + - path: namespace + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + defaultMode: 420 + containers: + - name: kube-state-metrics + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + args: + - '--port=8080' + - >- + --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: {} + volumeMounts: + - name: kube-api-access-25fp2 + readOnly: true + mountPath: /var/run/secrets/kubernetes.io/serviceaccount + livenessProbe: + httpGet: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /readyz + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent securityContext: - runAsUser: 65534 - runAsGroup: 65534 - runAsNonRoot: true - fsGroup: 65534 - seccompProfile: - type: RuntimeDefault - schedulerName: default-scheduler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - revisionHistoryLimit: 10 - progressDeadlineSeconds: 600 + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: kube-state-metrics-1730873276 + serviceAccount: kube-state-metrics-1730873276 + automountServiceAccountToken: true + nodeName: mk3 + securityContext: + runAsUser: 65534 + runAsGroup: 65534 + runAsNonRoot: true + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + schedulerName: default-scheduler + tolerations: + - key: node.kubernetes.io/not-ready + operator: Exists + effect: NoExecute + tolerationSeconds: 300 + - key: node.kubernetes.io/unreachable + operator: Exists + effect: NoExecute + tolerationSeconds: 300 + priority: 0 + enableServiceLinks: true + preemptionPolicy: PreemptLowerPriority From c0dff01e066a08620c51446c5b48012d5d224c1b Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:21:18 +0900 Subject: [PATCH 20/46] state metric --- deploy/o11y/state-metrics.yml | 292 ---------------------------------- 1 file changed, 292 deletions(-) delete mode 100644 deploy/o11y/state-metrics.yml diff --git a/deploy/o11y/state-metrics.yml b/deploy/o11y/state-metrics.yml deleted file mode 100644 index 28bbe5a3..00000000 --- a/deploy/o11y/state-metrics.yml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: kube-state-metrics-1730873276-5444fc5775-lxm8d - generateName: kube-state-metrics-1730873276-5444fc5775- - namespace: o11y - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/instance: kube-state-metrics-1730873276 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: 2.13.0 - helm.sh/chart: kube-state-metrics-5.26.0 - pod-template-hash: 5444fc5775 - ownerReferences: - - apiVersion: apps/v1 - kind: ReplicaSet - name: kube-state-metrics-1730873276-5444fc5775 - uid: 60fccec7-6f1c-437a-b760-9a7aa7c7631c - controller: true - blockOwnerDeletion: true - managedFields: - - manager: k3s - operation: Update - apiVersion: v1 - time: '2024-11-06T06:07:58Z' - fieldsType: FieldsV1 - fieldsV1: - f:metadata: - f:generateName: {} - f:labels: - .: {} - f:app.kubernetes.io/component: {} - f:app.kubernetes.io/instance: {} - f:app.kubernetes.io/managed-by: {} - f:app.kubernetes.io/name: {} - f:app.kubernetes.io/part-of: {} - f:app.kubernetes.io/version: {} - f:helm.sh/chart: {} - f:pod-template-hash: {} - f:ownerReferences: - .: {} - k:{"uid":"60fccec7-6f1c-437a-b760-9a7aa7c7631c"}: {} - f:spec: - f:automountServiceAccountToken: {} - f:containers: - k:{"name":"kube-state-metrics"}: - .: {} - f:args: {} - f:image: {} - f:imagePullPolicy: {} - f:livenessProbe: - .: {} - f:failureThreshold: {} - f:httpGet: - .: {} - f:path: {} - f:port: {} - f:scheme: {} - f:initialDelaySeconds: {} - f:periodSeconds: {} - f:successThreshold: {} - f:timeoutSeconds: {} - f:name: {} - f:ports: - .: {} - k:{"containerPort":8080,"protocol":"TCP"}: - .: {} - f:containerPort: {} - f:name: {} - f:protocol: {} - f:readinessProbe: - .: {} - f:failureThreshold: {} - f:httpGet: - .: {} - f:path: {} - f:port: {} - f:scheme: {} - f:initialDelaySeconds: {} - f:periodSeconds: {} - f:successThreshold: {} - f:timeoutSeconds: {} - f:resources: {} - f:securityContext: - .: {} - f:allowPrivilegeEscalation: {} - f:capabilities: - .: {} - f:drop: {} - f:readOnlyRootFilesystem: {} - f:terminationMessagePath: {} - f:terminationMessagePolicy: {} - f:dnsPolicy: {} - f:enableServiceLinks: {} - f:restartPolicy: {} - f:schedulerName: {} - f:securityContext: - .: {} - f:fsGroup: {} - f:runAsGroup: {} - f:runAsNonRoot: {} - f:runAsUser: {} - f:seccompProfile: - .: {} - f:type: {} - f:serviceAccount: {} - f:serviceAccountName: {} - f:terminationGracePeriodSeconds: {} - - manager: k3s - operation: Update - apiVersion: v1 - time: '2024-11-06T06:08:08Z' - fieldsType: FieldsV1 - fieldsV1: - f:status: - f:conditions: - k:{"type":"ContainersReady"}: - .: {} - f:lastProbeTime: {} - f:lastTransitionTime: {} - f:status: {} - f:type: {} - k:{"type":"Initialized"}: - .: {} - f:lastProbeTime: {} - f:lastTransitionTime: {} - f:status: {} - f:type: {} - k:{"type":"PodReadyToStartContainers"}: - .: {} - f:lastProbeTime: {} - f:lastTransitionTime: {} - f:status: {} - f:type: {} - k:{"type":"Ready"}: - .: {} - f:lastProbeTime: {} - f:lastTransitionTime: {} - f:status: {} - f:type: {} - f:containerStatuses: {} - f:hostIP: {} - f:hostIPs: {} - f:phase: {} - f:podIP: {} - f:podIPs: - .: {} - k:{"ip":"10.42.2.93"}: - .: {} - f:ip: {} - f:startTime: {} - subresource: status - selfLink: /api/v1/namespaces/o11y/pods/kube-state-metrics-1730873276-5444fc5775-lxm8d -status: - phase: Running - conditions: - - type: PodReadyToStartContainers - status: 'True' - lastProbeTime: null - lastTransitionTime: '2024-11-06T06:07:59Z' - - type: Initialized - status: 'True' - lastProbeTime: null - lastTransitionTime: '2024-11-06T06:07:58Z' - - type: Ready - status: 'True' - lastProbeTime: null - lastTransitionTime: '2024-11-06T06:08:08Z' - - type: ContainersReady - status: 'True' - lastProbeTime: null - lastTransitionTime: '2024-11-06T06:08:08Z' - - type: PodScheduled - status: 'True' - lastProbeTime: null - lastTransitionTime: '2024-11-06T06:07:58Z' - hostIP: 192.168.0.103 - hostIPs: - - ip: 192.168.0.103 - podIP: 10.42.2.93 - podIPs: - - ip: 10.42.2.93 - startTime: '2024-11-06T06:07:58Z' - containerStatuses: - - name: kube-state-metrics - state: - running: - startedAt: '2024-11-06T06:07:59Z' - lastState: {} - ready: true - restartCount: 0 - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - imageID: >- - registry.k8s.io/kube-state-metrics/kube-state-metrics@sha256:639a1e2da549210adddc0391ff91e270e83f7873014aec53258462812f741e6f - containerID: >- - containerd://7f65efe25f19f377bd8f9907f2e974dd934c52cf89f8e519879d6ef59b35e3ca - started: true - qosClass: BestEffort -spec: - volumes: - - name: kube-api-access-25fp2 - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - name: kube-root-ca.crt - items: - - key: ca.crt - path: ca.crt - - downwardAPI: - items: - - path: namespace - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - defaultMode: 420 - containers: - - name: kube-state-metrics - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 - args: - - '--port=8080' - - >- - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments - ports: - - name: http - containerPort: 8080 - protocol: TCP - resources: {} - volumeMounts: - - name: kube-api-access-25fp2 - readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - livenessProbe: - httpGet: - path: /livez - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - initialDelaySeconds: 5 - timeoutSeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - imagePullPolicy: IfNotPresent - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - serviceAccountName: kube-state-metrics-1730873276 - serviceAccount: kube-state-metrics-1730873276 - automountServiceAccountToken: true - nodeName: mk3 - securityContext: - runAsUser: 65534 - runAsGroup: 65534 - runAsNonRoot: true - fsGroup: 65534 - seccompProfile: - type: RuntimeDefault - schedulerName: default-scheduler - tolerations: - - key: node.kubernetes.io/not-ready - operator: Exists - effect: NoExecute - tolerationSeconds: 300 - - key: node.kubernetes.io/unreachable - operator: Exists - effect: NoExecute - tolerationSeconds: 300 - priority: 0 - enableServiceLinks: true - preemptionPolicy: PreemptLowerPriority From 89109fbacbfa90dd4166d8bd1c5664917c97ba1c Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:37:43 +0900 Subject: [PATCH 21/46] state metric --- deploy/o11y/kube-state-metrics.yml | 333 +++++++++++++++++++++++++++++ 1 file changed, 333 insertions(+) create mode 100644 deploy/o11y/kube-state-metrics.yml diff --git a/deploy/o11y/kube-state-metrics.yml b/deploy/o11y/kube-state-metrics.yml new file mode 100644 index 00000000..ffc7dbf8 --- /dev/null +++ b/deploy/o11y/kube-state-metrics.yml @@ -0,0 +1,333 @@ +# Source: kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + name: my-kube-state-metrics + namespace: default +--- +# Source: kube-state-metrics/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + name: my-kube-state-metrics +rules: + + - apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + + - apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] + + - apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] + + - apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] + + - apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] + + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] + + - apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] + + - apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] + + - apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] + + - apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] + + - apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +--- +# Source: kube-state-metrics/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + name: my-kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: my-kube-state-metrics +subjects: + - kind: ServiceAccount + name: my-kube-state-metrics + namespace: default +--- +# Source: kube-state-metrics/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: "2.13.0" + annotations: + prometheus.io/scrape: 'true' +spec: + type: "ClusterIP" + ports: + - name: "http" + protocol: TCP + port: 8080 + targetPort: 8080 + + selector: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics +--- +# Source: kube-state-metrics/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-kube-state-metrics + namespace: default + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + replicas: 1 + strategy: + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: "2.13.0" + type: RuntimeDefault + containers: + - --port=8080 +--- +# Source: kube-state-metrics/templates/serviceaccount.yaml +app.kubernetes.io/name: kube-state-metrics +name: my-kube-state-metrics + app.kubernetes.io/name: kube-state-metrics +name: my-kube-state-metrics +resources: + - persistentvolumes +- apiGroups: ["policy"] + resources: +- apiGroups: [""] + verbs: ["list", "watch"] + verbs: ["list", "watch"] + resources: +apiVersion: rbac.authorization.k8s.io/v1 + name: my-kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: "2.13.0" + annotations: + prometheus.io/scrape: 'true' + matchLabels: + strategy: + type: RollingUpdate + revisionHistoryLimit: 10 + template: + metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + spec: + automountServiceAccountToken: true + hostNetwork: false + serviceAccountName: my-kube-state-metrics + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: kube-state-metrics + args: + - --port=8080 + - --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments + imagePullPolicy: IfNotPresent + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + ports: + - containerPort: 8080 + name: "http" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /livez + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + path: /readyz + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true \ No newline at end of file From 6e7d44f51ce0ec55ed547cff37eb61c883bcc24b Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:44:00 +0900 Subject: [PATCH 22/46] state metrics --- deploy/o11y/kube-state-metrics.yml | 98 ++++++++++++++++++++---------- 1 file changed, 67 insertions(+), 31 deletions(-) diff --git a/deploy/o11y/kube-state-metrics.yml b/deploy/o11y/kube-state-metrics.yml index ffc7dbf8..17360a19 100644 --- a/deploy/o11y/kube-state-metrics.yml +++ b/deploy/o11y/kube-state-metrics.yml @@ -17,6 +17,72 @@ metadata: # Source: kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + name: my-kube-state-metrics +rules: + + - apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] + + - apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] + + - apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] + + - apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] + + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + "raw.yaml" 306L, 7780B 1,1 Top +--- +# Source: kube-state-metrics/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: kube-state-metrics-5.26.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: my-kube-state-metrics + app.kubernetes.io/version: "2.13.0" + name: my-kube-state-metrics + namespace: default +--- +# Source: kube-state-metrics/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: labels: helm.sh/chart: kube-state-metrics-5.26.0 @@ -237,36 +303,6 @@ spec: app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/instance: my-kube-state-metrics replicas: 1 - strategy: - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: "2.13.0" - type: RuntimeDefault - containers: - - --port=8080 ---- -# Source: kube-state-metrics/templates/serviceaccount.yaml -app.kubernetes.io/name: kube-state-metrics -name: my-kube-state-metrics - app.kubernetes.io/name: kube-state-metrics -name: my-kube-state-metrics -resources: - - persistentvolumes -- apiGroups: ["policy"] - resources: -- apiGroups: [""] - verbs: ["list", "watch"] - verbs: ["list", "watch"] - resources: -apiVersion: rbac.authorization.k8s.io/v1 - name: my-kube-state-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/version: "2.13.0" - annotations: - prometheus.io/scrape: 'true' - matchLabels: strategy: type: RollingUpdate revisionHistoryLimit: 10 @@ -330,4 +366,4 @@ roleRef: capabilities: drop: - ALL - readOnlyRootFilesystem: true \ No newline at end of file + readOnlyRootFilesystem: true From f2a8d8549e597dcea25f6e6339e86f195263a2f2 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:45:22 +0900 Subject: [PATCH 23/46] state metrics --- deploy/o11y/kube-state-metrics.yml | 67 ------------------------------ 1 file changed, 67 deletions(-) diff --git a/deploy/o11y/kube-state-metrics.yml b/deploy/o11y/kube-state-metrics.yml index 17360a19..8c6e64fa 100644 --- a/deploy/o11y/kube-state-metrics.yml +++ b/deploy/o11y/kube-state-metrics.yml @@ -1,70 +1,3 @@ -# Source: kube-state-metrics/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - labels: - helm.sh/chart: kube-state-metrics-5.26.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/instance: my-kube-state-metrics - app.kubernetes.io/version: "2.13.0" - name: my-kube-state-metrics - namespace: default ---- -# Source: kube-state-metrics/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - helm.sh/chart: kube-state-metrics-5.26.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: kube-state-metrics - app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/instance: my-kube-state-metrics - app.kubernetes.io/version: "2.13.0" - name: my-kube-state-metrics -rules: - - - apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] - - - apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] - - - apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] - - - apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] - - - apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] - - - apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] - - - apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - "raw.yaml" 306L, 7780B 1,1 Top ---- -# Source: kube-state-metrics/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: true From 705e96d8a79e67b296be48182a5cfeb5ea7df6e5 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:48:47 +0900 Subject: [PATCH 24/46] port --- deploy/o11y/grafana.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index 4fa40763..bf01b278 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -66,7 +66,6 @@ spec: ports: - port: 3000 protocol: TCP - port: 3001 targetPort: 3000 selector: app: grafana \ No newline at end of file From 1289545b14d38e9cd27d0f62b68bdc3c228c659e Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:50:07 +0900 Subject: [PATCH 25/46] port --- deploy/o11y/grafana.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index bf01b278..33af1575 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -64,7 +64,7 @@ metadata: spec: type: NodePort ports: - - port: 3000 + - port: 3001 protocol: TCP targetPort: 3000 selector: From 0b74536389cb5bc49665b84c60258ab4d982ab07 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 15:51:57 +0900 Subject: [PATCH 26/46] port --- deploy/o11y/grafana.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index 33af1575..cc271747 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -64,8 +64,9 @@ metadata: spec: type: NodePort ports: - - port: 3001 + - port: 3000 protocol: TCP targetPort: 3000 + nodePort: 30000 selector: app: grafana \ No newline at end of file From cf0e27bcbdb4f751b80d6e11655828d84393a33a Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 16:40:31 +0900 Subject: [PATCH 27/46] grafana update --- deploy/o11y/grafana.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index cc271747..95087bf3 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -19,7 +19,7 @@ spec: spec: containers: - name: grafana - image: grafana/grafana:10.2.0 + image: grafana/grafana:11.3.0 env: - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" From 7b42d75cfd95c24862fb342546efeb2a774bb8d4 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 16:48:14 +0900 Subject: [PATCH 28/46] latest update --- deploy/o11y/grafana.yml | 2 +- deploy/o11y/prometheus.yml | 2 +- deploy/o11y/tempo.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index 95087bf3..71b8a9e9 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -19,7 +19,7 @@ spec: spec: containers: - name: grafana - image: grafana/grafana:11.3.0 + image: grafana/grafana:latest env: - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" diff --git a/deploy/o11y/prometheus.yml b/deploy/o11y/prometheus.yml index 33803f17..0f074d74 100644 --- a/deploy/o11y/prometheus.yml +++ b/deploy/o11y/prometheus.yml @@ -19,7 +19,7 @@ spec: spec: containers: - name: prometheus - image: prom/prometheus:v2.47.2 + image: prom/prometheus:latest args: - --config.file=/etc/prometheus.yml - --storage.tsdb.path=/prometheus diff --git a/deploy/o11y/tempo.yml b/deploy/o11y/tempo.yml index 045a73de..9bf5d8fc 100644 --- a/deploy/o11y/tempo.yml +++ b/deploy/o11y/tempo.yml @@ -19,7 +19,7 @@ spec: spec: containers: - name: tempo - image: grafana/tempo:2.2.4 + image: grafana/tempo:latest args: ["-config.file=/etc/tempo.yml"] ports: - containerPort: 3200 From 414252d343f4842747185851ea999de43a87857f Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 17:19:16 +0900 Subject: [PATCH 29/46] change namespace --- deploy/o11y/kube-state-metrics.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/o11y/kube-state-metrics.yml b/deploy/o11y/kube-state-metrics.yml index 8c6e64fa..c64156e1 100644 --- a/deploy/o11y/kube-state-metrics.yml +++ b/deploy/o11y/kube-state-metrics.yml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: my-kube-state-metrics app.kubernetes.io/version: "2.13.0" name: my-kube-state-metrics - namespace: default + namespace: o11y --- # Source: kube-state-metrics/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -188,14 +188,14 @@ roleRef: subjects: - kind: ServiceAccount name: my-kube-state-metrics - namespace: default + namespace: o11y --- # Source: kube-state-metrics/templates/service.yaml apiVersion: v1 kind: Service metadata: name: my-kube-state-metrics - namespace: default + namespace: o11y labels: helm.sh/chart: kube-state-metrics-5.26.0 app.kubernetes.io/managed-by: Helm @@ -221,7 +221,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: my-kube-state-metrics - namespace: default + namespace: o11y labels: helm.sh/chart: kube-state-metrics-5.26.0 app.kubernetes.io/managed-by: Helm From 444e6ffd538928d53696f89347644d24d1c30f38 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 6 Nov 2024 18:56:28 +0900 Subject: [PATCH 30/46] mysql cluster test deploy --- deploy/jiniaslog/mysql-main-cluster.yml | 49 +++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 deploy/jiniaslog/mysql-main-cluster.yml diff --git a/deploy/jiniaslog/mysql-main-cluster.yml b/deploy/jiniaslog/mysql-main-cluster.yml new file mode 100644 index 00000000..753d24f3 --- /dev/null +++ b/deploy/jiniaslog/mysql-main-cluster.yml @@ -0,0 +1,49 @@ +--- +# Source: mysql-innodbcluster/templates/service_account_cluster.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mycluster-sa + namespace: default +--- +# Source: mysql-innodbcluster/templates/cluster_secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-cluster-secret + namespace: default +stringData: + rootUser: "root" + rootHost: "%" + rootPassword: "password" +--- +# Source: mysql-innodbcluster/templates/deployment_cluster.yaml +apiVersion: mysql.oracle.com/v2 +kind: InnoDBCluster +metadata: + name: mycluster + namespace: default +spec: + instances: 3 + tlsUseSelfSigned: true + router: + instances: 1 + secretName: mycluster-cluster-secret + imagePullPolicy : IfNotPresent + baseServerId: 1000 + version: 9.1.0 + serviceAccountName: mycluster-sa + # mycnf + # datadirVolumeClaimTemplate + # datadirPermissions + # Keyring + # Init DB + # Backup Profiles + # Backup Schedules + # Pod Spec + # Pod Labels + # Pod Annotations + # Logs + # Service + # Metrics + # Read Replicas \ No newline at end of file From 734974fd9c5702c6bfc9429246bb55b8bb76d270 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Thu, 7 Nov 2024 10:44:10 +0900 Subject: [PATCH 31/46] fowarding --- deploy/jiniaslog/mysql-main-cluster.yml | 49 ------------------------- deploy/o11y/grafana.yml | 2 +- 2 files changed, 1 insertion(+), 50 deletions(-) delete mode 100644 deploy/jiniaslog/mysql-main-cluster.yml diff --git a/deploy/jiniaslog/mysql-main-cluster.yml b/deploy/jiniaslog/mysql-main-cluster.yml deleted file mode 100644 index 753d24f3..00000000 --- a/deploy/jiniaslog/mysql-main-cluster.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Source: mysql-innodbcluster/templates/service_account_cluster.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mycluster-sa - namespace: default ---- -# Source: mysql-innodbcluster/templates/cluster_secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: mycluster-cluster-secret - namespace: default -stringData: - rootUser: "root" - rootHost: "%" - rootPassword: "password" ---- -# Source: mysql-innodbcluster/templates/deployment_cluster.yaml -apiVersion: mysql.oracle.com/v2 -kind: InnoDBCluster -metadata: - name: mycluster - namespace: default -spec: - instances: 3 - tlsUseSelfSigned: true - router: - instances: 1 - secretName: mycluster-cluster-secret - imagePullPolicy : IfNotPresent - baseServerId: 1000 - version: 9.1.0 - serviceAccountName: mycluster-sa - # mycnf - # datadirVolumeClaimTemplate - # datadirPermissions - # Keyring - # Init DB - # Backup Profiles - # Backup Schedules - # Pod Spec - # Pod Labels - # Pod Annotations - # Logs - # Service - # Metrics - # Read Replicas \ No newline at end of file diff --git a/deploy/o11y/grafana.yml b/deploy/o11y/grafana.yml index 71b8a9e9..ac1684a0 100644 --- a/deploy/o11y/grafana.yml +++ b/deploy/o11y/grafana.yml @@ -67,6 +67,6 @@ spec: - port: 3000 protocol: TCP targetPort: 3000 - nodePort: 30000 + nodePort: 31272 selector: app: grafana \ No newline at end of file From 438a2fdc4b99ce3554e5430a03eca5de2cdc6b80 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Thu, 7 Nov 2024 11:16:58 +0900 Subject: [PATCH 32/46] redis test --- deploy/jiniaslog/monolith/redis.yml | 759 ++++++++++++++++++++++++++++ 1 file changed, 759 insertions(+) create mode 100644 deploy/jiniaslog/monolith/redis.yml diff --git a/deploy/jiniaslog/monolith/redis.yml b/deploy/jiniaslog/monolith/redis.yml new file mode 100644 index 00000000..8749761d --- /dev/null +++ b/deploy/jiniaslog/monolith/redis.yml @@ -0,0 +1,759 @@ +--- +# Source: redis/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: jinias-redis-redis + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 6379 +--- +# Source: redis/templates/master/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: jinias-redis-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: master +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: redis/templates/replicas/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: jinias-redis-redis-replicas + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: replica +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica +--- +# Source: redis/templates/master/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + name: jinias-redis-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +--- +# Source: redis/templates/replicas/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + name: jinias-redis-redis-replica + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +--- +# Source: redis/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: jinias-redis-redis + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +type: Opaque +data: + redis-password: "VGtjYjRKOVV4OA==" +--- +# Source: redis/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jinias-redis-redis-configuration + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +data: + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +--- +# Source: redis/templates/health-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jinias-redis-redis-health + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status +--- +# Source: redis/templates/scripts-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jinias-redis-redis-scripts + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo 26379 + ;; + "REDIS") + echo 6379 + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + echo "${full_hostname}" + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + HEADLESS_SERVICE="jinias-redis-redis-headless.default.svc.cluster.local" + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + exec redis-server "${ARGS[@]}" +--- +# Source: redis/templates/headless-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: jinias-redis-redis-headless + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis +--- +# Source: redis/templates/master/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: jinias-redis-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: master +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: redis/templates/replicas/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: jinias-redis-redis-replicas + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: replica +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica +--- +# Source: redis/templates/master/application.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: jinias-redis-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: master +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + serviceName: jinias-redis-redis-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: master + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 073a247dd6c6878205f6c125b83cf8fbeaf806fa723938420f4a8d77e65192cc + checksum/secret: 8abfbfcc422921076ff63bf344c2b748238a81c8ed9d6e382e347051204a91a9 + spec: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: jinias-redis-redis-master + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + enableServiceLinks: true + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.4.1-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "no" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: jinias-redis-redis + key: redis-password + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/redis/etc/ + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + volumes: + - name: start-scripts + configMap: + name: jinias-redis-redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: jinias-redis-redis-health + defaultMode: 0755 + - name: config + configMap: + name: jinias-redis-redis-configuration + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-data + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" +--- +# Source: redis/templates/replicas/application.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: jinias-redis-redis-replicas + namespace: "default" + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: replica +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + serviceName: jinias-redis-redis-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.1 + app.kubernetes.io/component: replica + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 073a247dd6c6878205f6c125b83cf8fbeaf806fa723938420f4a8d77e65192cc + checksum/secret: f33f3b65d3c59770a96723937dc2fb616e636139fa10e01f722f0c322823ce1e + spec: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: jinias-redis-redis-replica + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + enableServiceLinks: true + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.4.1-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: replica + - name: REDIS_MASTER_HOST + value: jinias-redis-redis-master-0.jinias-redis-redis-headless.default.svc.cluster.local + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + - name: ALLOW_EMPTY_PASSWORD + value: "no" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: jinias-redis-redis + key: redis-password + - name: REDIS_MASTER_PASSWORD + valueFrom: + secretKeyRef: + name: jinias-redis-redis + key: redis-password + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + startupProbe: + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + tcpSocket: + port: redis + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh 1 + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/redis/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + volumes: + - name: start-scripts + configMap: + name: jinias-redis-redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: jinias-redis-redis-health + defaultMode: 0755 + - name: config + configMap: + name: jinias-redis-redis-configuration + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-data + labels: + app.kubernetes.io/instance: jinias-redis + app.kubernetes.io/name: redis + app.kubernetes.io/component: replica + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" From 5d9e33fd940315892d2aebf3e6907c272a0ad19f Mon Sep 17 00:00:00 2001 From: jinia91 Date: Thu, 7 Nov 2024 11:53:10 +0900 Subject: [PATCH 33/46] version --- deploy/o11y/otel-collector-scraper.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/o11y/otel-collector-scraper.yml b/deploy/o11y/otel-collector-scraper.yml index 628bb658..abdf4133 100644 --- a/deploy/o11y/otel-collector-scraper.yml +++ b/deploy/o11y/otel-collector-scraper.yml @@ -17,7 +17,7 @@ spec: automountServiceAccountToken: true # 토큰 자동 마운트 설정 containers: - name: otel-collector - image: otel/opentelemetry-collector-contrib + image: otel/opentelemetry-collector-contrib:latest args: ["--config=/etc/otel-collector.yml"] ports: - containerPort: 4318 From db60fedd4f4cfee0ff4721345058079b629a4a06 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Mon, 11 Nov 2024 15:26:40 +0900 Subject: [PATCH 34/46] redis setting --- deploy/jiniaslog/monolith/redis.yml | 1729 +++++++++++++++++---------- 1 file changed, 1080 insertions(+), 649 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis.yml b/deploy/jiniaslog/monolith/redis.yml index 8749761d..a64a5789 100644 --- a/deploy/jiniaslog/monolith/redis.yml +++ b/deploy/jiniaslog/monolith/redis.yml @@ -1,759 +1,1190 @@ --- -# Source: redis/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: jinias-redis-redis - namespace: "default" - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 -spec: - podSelector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - policyTypes: - - Ingress - - Egress - egress: - - {} - ingress: - # Allow inbound connections - - ports: - - port: 6379 ---- -# Source: redis/templates/master/pdb.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: jinias-redis-redis-master - namespace: "default" - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: master -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: master ---- -# Source: redis/templates/replicas/pdb.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: jinias-redis-redis-replicas - namespace: "default" - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: replica -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: replica ---- -# Source: redis/templates/master/serviceaccount.yaml +# Source: redis-ha/templates/redis-ha-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount -automountServiceAccountToken: false metadata: - name: jinias-redis-redis-master + name: jinias-redis-ha namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 + release: jinias + chart: redis-ha-4.29.4 + app: jinias-redis-ha --- -# Source: redis/templates/replicas/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: false -metadata: - name: jinias-redis-redis-replica - namespace: "default" - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 ---- -# Source: redis/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: jinias-redis-redis - namespace: "default" - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 -type: Opaque -data: - redis-password: "VGtjYjRKOVV4OA==" ---- -# Source: redis/templates/configmap.yaml +# Source: redis-ha/templates/redis-ha-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: jinias-redis-redis-configuration + name: jinias-redis-ha-configmap namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 + release: jinias + chart: redis-ha-4.29.4 + app: jinias-redis-ha data: - redis.conf: |- - # User-supplied common configuration: - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" - # End of common configuration - master.conf: |- - dir /data - # User-supplied master configuration: - rename-command FLUSHDB "" - rename-command FLUSHALL "" - # End of master configuration - replica.conf: |- - dir /data - # User-supplied replica configuration: + redis.conf: | + dir "/data" + port 6379 rename-command FLUSHDB "" rename-command FLUSHALL "" - # End of replica configuration + maxmemory 0 + maxmemory-policy volatile-lru + min-replicas-max-lag 5 + min-replicas-to-write 1 + rdbchecksum yes + rdbcompression yes + repl-diskless-sync yes + save 900 1 + + sentinel.conf: | + dir "/data" + port 26379 + sentinel down-after-milliseconds mymaster 10000 + sentinel failover-timeout mymaster 180000 + maxclients 10000 + sentinel parallel-syncs mymaster 5 + + init.sh: | + echo "$(date) Start..." + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="mymaster" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=jinias-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (jinias-redis-ha), sentinel group name (mymaster)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + mkdir -p /data/conf/ + + echo "Initializing config.." + copy_config + + # where is redis master + identify_master + + identify_announce_ip + + if [ -z "${ANNOUNCE_IP}" ]; then + "Error: Could not resolve the announce ip for this pod." + exit 1 + elif [ "${MASTER}" ]; then + find_master + else + setup_defaults + fi + + if [ "${AUTH:-}" ]; then + echo "Setting redis auth values.." + ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" + fi + + if [ "${SENTINELAUTH:-}" ]; then + echo "Setting sentinel auth values" + ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" + fi + + echo "$(date) Ready..." + + fix-split-brain.sh: | + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="mymaster" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=jinias-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + ROLE='' + REDIS_MASTER='' + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (jinias-redis-ha), sentinel group name (mymaster)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + redis_role() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + else + ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + fi + set -e + } + + identify_redis_master() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + else + REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + fi + set -e + } + + reinit() { + set +e + sh /readonly-config/init.sh + + if [ "$REDIS_PORT" -eq 0 ]; then + echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + else + echo "shutdown" | redis-cli -p "${REDIS_PORT}" + fi + set -e + } + + identify_announce_ip + + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + + trap "exit 0" TERM + while true; do + sleep 60 + + # where is redis master + identify_master + + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then + redis_role + if [ "$ROLE" != "master" ]; then + reinit + fi + elif [ "${MASTER}" ]; then + identify_redis_master + if [ "$REDIS_MASTER" != "$MASTER" ]; then + reinit + fi + fi + done + + + haproxy_init.sh: | + HAPROXY_CONF=/data/haproxy.cfg + cp /readonly/haproxy.cfg "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts jinias-redis-ha-announce-0 && break + echo "Waiting for service jinias-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP0=$(getent hosts "jinias-redis-ha-announce-0" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP0" ]; then + echo "Could not resolve the announce ip for jinias-redis-ha-announce-0" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts jinias-redis-ha-announce-1 && break + echo "Waiting for service jinias-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP1=$(getent hosts "jinias-redis-ha-announce-1" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP1" ]; then + echo "Could not resolve the announce ip for jinias-redis-ha-announce-1" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts jinias-redis-ha-announce-2 && break + echo "Waiting for service jinias-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP2=$(getent hosts "jinias-redis-ha-announce-2" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP2" ]; then + echo "Could not resolve the announce ip for jinias-redis-ha-announce-2" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF" + trigger-failover-if-master.sh: | + get_redis_role() { + is_master=$( + redis-cli \ + -h localhost \ + -p 6379 \ + info | grep -c 'role:master' || true + ) + } + get_redis_role + if [[ "$is_master" -eq 1 ]]; then + echo "This node is currently master, we trigger a failover." + response=$( + redis-cli \ + -h localhost \ + -p 26379 \ + SENTINEL failover mymaster + ) + if [[ "$response" != "OK" ]] ; then + echo "$response" + exit 1 + fi + timeout=30 + while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do + sleep 1 + get_redis_role + timeout=$((timeout - 1)) + done + echo "Failover successful" + fi --- -# Source: redis/templates/health-configmap.yaml +# Source: redis-ha/templates/redis-ha-health-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: jinias-redis-redis-health + name: jinias-redis-ha-health-configmap namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 + release: jinias + chart: redis-ha-4.29.4 + app: jinias-redis-ha data: - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + redis_liveness.sh: | response=$( - timeout -s 15 $1 \ redis-cli \ -h localhost \ - -p $REDIS_PORT \ + -p 6379 \ ping ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + echo "response=$response" + case $response in + PONG|LOADING*) ;; + *) exit 1 ;; + esac + exit 0 + redis_readiness.sh: | response=$( - timeout -s 15 $1 \ redis-cli \ -h localhost \ - -p $REDIS_PORT \ + -p 6379 \ ping ) - if [ "$?" -eq "124" ]; then - echo "Timed out" + if [ "$response" != "PONG" ] ; then + echo "ping=$response" exit 1 fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi - ping_readiness_master.sh: |- - #!/bin/bash - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" response=$( - timeout -s 15 $1 \ redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ - ping + -h localhost \ + -p 6379 \ + role ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" + role=$( echo "$response" | sed "1!d" ) + if [ "$role" = "master" ]; then + echo "role=$role" + exit 0 + elif [ "$role" = "slave" ]; then + repl=$( echo "$response" | sed "4!d" ) + echo "role=$role; repl=$repl" + if [ "$repl" = "connected" ]; then + exit 0 + else + exit 1 + fi + else + echo "role=$role" exit 1 fi - ping_liveness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + sentinel_liveness.sh: | response=$( - timeout -s 15 $1 \ redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ + -h localhost \ + -p 26379 \ ping ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status + echo "response=$response" --- -# Source: redis/templates/scripts-configmap.yaml -apiVersion: v1 -kind: ConfigMap +# Source: redis-ha/templates/redis-ha-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: jinias-redis-redis-scripts + name: jinias-redis-ha namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 -data: - start-master.sh: | - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_PASSWORD}") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - exec redis-server "${ARGS[@]}" - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo 26379 - ;; - "REDIS") - echo 6379 - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - full_hostname="${hostname}.${HEADLESS_SERVICE}" - echo "${full_hostname}" - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - HEADLESS_SERVICE="jinias-redis-redis-headless.default.svc.cluster.local" - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - ARGS=("--port" "${REDIS_PORT}") - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - exec redis-server "${ARGS[@]}" + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get --- -# Source: redis/templates/headless-svc.yaml +# Source: redis-ha/templates/redis-ha-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jinias-redis-ha + namespace: "default" + labels: + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 +subjects: +- kind: ServiceAccount + name: jinias-redis-ha +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jinias-redis-ha +--- +# Source: redis-ha/templates/redis-ha-announce-service.yaml apiVersion: v1 kind: Service metadata: - name: jinias-redis-redis-headless + name: jinias-redis-ha-announce-0 namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: spec: + publishNotReadyAddresses: true type: ClusterIP - clusterIP: None ports: - - name: tcp-redis - port: 6379 - targetPort: redis + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel selector: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis + release: jinias + app: redis-ha + "statefulset.kubernetes.io/pod-name": jinias-redis-ha-server-0 --- -# Source: redis/templates/master/service.yaml +# Source: redis-ha/templates/redis-ha-announce-service.yaml apiVersion: v1 kind: Service metadata: - name: jinias-redis-redis-master + name: jinias-redis-ha-announce-1 namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: master + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: spec: + publishNotReadyAddresses: true type: ClusterIP - internalTrafficPolicy: Cluster - sessionAffinity: None ports: - - name: tcp-redis - port: 6379 - targetPort: redis - nodePort: null + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel selector: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: master + release: jinias + app: redis-ha + "statefulset.kubernetes.io/pod-name": jinias-redis-ha-server-1 --- -# Source: redis/templates/replicas/service.yaml +# Source: redis-ha/templates/redis-ha-announce-service.yaml apiVersion: v1 kind: Service metadata: - name: jinias-redis-redis-replicas + name: jinias-redis-ha-announce-2 namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: replica + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: spec: + publishNotReadyAddresses: true type: ClusterIP - internalTrafficPolicy: Cluster - sessionAffinity: None ports: - - name: tcp-redis - port: 6379 - targetPort: redis - nodePort: null + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel selector: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: replica + release: jinias + app: redis-ha + "statefulset.kubernetes.io/pod-name": jinias-redis-ha-server-2 --- -# Source: redis/templates/master/application.yaml -apiVersion: apps/v1 -kind: StatefulSet +# Source: redis-ha/templates/redis-ha-service.yaml +apiVersion: v1 +kind: Service metadata: - name: jinias-redis-redis-master + name: jinias-redis-ha namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: master + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: spec: - replicas: 1 - revisionHistoryLimit: 10 + type: ClusterIP + clusterIP: None + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel selector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: master - serviceName: jinias-redis-redis-headless - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: master - annotations: - checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 - checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 - checksum/scripts: 073a247dd6c6878205f6c125b83cf8fbeaf806fa723938420f4a8d77e65192cc - checksum/secret: 8abfbfcc422921076ff63bf344c2b748238a81c8ed9d6e382e347051204a91a9 - spec: - - securityContext: - fsGroup: 1001 - fsGroupChangePolicy: Always - supplementalGroups: [] - sysctls: [] - serviceAccountName: jinias-redis-redis-master - automountServiceAccountToken: false - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: master - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - enableServiceLinks: true - terminationGracePeriodSeconds: 30 - containers: - - name: redis - image: docker.io/bitnami/redis:7.4.1-debian-12-r0 - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seLinuxOptions: {} - seccompProfile: - type: RuntimeDefault - command: - - /bin/bash - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-master.sh - env: - - name: BITNAMI_DEBUG - value: "false" - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: "no" - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: jinias-redis-redis - key: redis-password - - name: REDIS_TLS_ENABLED - value: "no" - - name: REDIS_PORT - value: "6379" - ports: - - name: redis - containerPort: 6379 - livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 5 - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: 6 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh 5 - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 2 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh 1 - resources: - limits: - cpu: 150m - ephemeral-storage: 2Gi - memory: 192Mi - requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 128Mi - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: redis-data - mountPath: /data - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/redis/etc/ - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - volumes: - - name: start-scripts - configMap: - name: jinias-redis-redis-scripts - defaultMode: 0755 - - name: health - configMap: - name: jinias-redis-redis-health - defaultMode: 0755 - - name: config - configMap: - name: jinias-redis-redis-configuration - - name: empty-dir - emptyDir: {} - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-data - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: master - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" + release: jinias + app: redis-ha --- -# Source: redis/templates/replicas/application.yaml +# Source: redis-ha/templates/redis-ha-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: - name: jinias-redis-redis-replicas + name: jinias-redis-ha-server namespace: "default" labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: replica + jinias-redis-ha: replica + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: + {} spec: - replicas: 1 - revisionHistoryLimit: 10 selector: matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: replica - serviceName: jinias-redis-redis-headless + release: jinias + app: redis-ha + serviceName: jinias-redis-ha + replicas: 2 + podManagementPolicy: OrderedReady updateStrategy: type: RollingUpdate template: metadata: - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/version: 7.4.1 - app.kubernetes.io/component: replica annotations: - checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 - checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 - checksum/scripts: 073a247dd6c6878205f6c125b83cf8fbeaf806fa723938420f4a8d77e65192cc - checksum/secret: f33f3b65d3c59770a96723937dc2fb616e636139fa10e01f722f0c322823ce1e + checksum/init-config: 35476e45d4cc022feb5f56366eec7a3f71e1f3a10d86c29d8dca4c122db291fe + labels: + release: jinias + app: redis-ha + jinias-redis-ha: replica spec: - - securityContext: - fsGroup: 1001 - fsGroupChangePolicy: Always - supplementalGroups: [] - sysctls: [] - serviceAccountName: jinias-redis-redis-replica - automountServiceAccountToken: false + terminationGracePeriodSeconds: 60 affinity: - podAffinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: replica - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - enableServiceLinks: true - terminationGracePeriodSeconds: 30 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: redis-ha + release: jinias + jinias-redis-ha: replica + topologyKey: kubernetes.io/hostname + securityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: jinias-redis-ha + automountServiceAccountToken: false + initContainers: + - name: config-init + image: public.ecr.aws/docker/library/redis:7.2.4-alpine + imagePullPolicy: IfNotPresent + resources: + {} + command: + - sh + args: + - /readonly-config/init.sh + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + env: + - name: SENTINEL_ID_0 + value: 9942b44090ff59a3a1b9fb7b43a411ed4104d734 + - name: SENTINEL_ID_1 + value: 17c89c97289988e3fff73b7950ccdea44fc3c6df + - name: SENTINEL_ID_2 + value: 7409cb0eb3a6d3ac137cf151172e810f3c237307 + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + - name: data + mountPath: /data + + containers: + - name: redis + image: public.ecr.aws/docker/library/redis:7.2.4-alpine + imagePullPolicy: IfNotPresent + command: + - redis-server + args: + - /data/conf/redis.conf + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + startupProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + resources: + {} + ports: - name: redis - image: docker.io/bitnami/redis:7.4.1-debian-12-r0 - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seLinuxOptions: {} - seccompProfile: - type: RuntimeDefault - command: - - /bin/bash - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - env: - - name: BITNAMI_DEBUG - value: "false" - - name: REDIS_REPLICATION_MODE - value: replica - - name: REDIS_MASTER_HOST - value: jinias-redis-redis-master-0.jinias-redis-redis-headless.default.svc.cluster.local - - name: REDIS_MASTER_PORT_NUMBER - value: "6379" - - name: ALLOW_EMPTY_PASSWORD - value: "no" - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: jinias-redis-redis - key: redis-password - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: jinias-redis-redis - key: redis-password - - name: REDIS_TLS_ENABLED - value: "no" - - name: REDIS_PORT - value: "6379" - ports: - - name: redis - containerPort: 6379 - startupProbe: - failureThreshold: 22 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - tcpSocket: - port: redis - livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 6 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh 5 - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 2 - successThreshold: 1 - failureThreshold: 5 + containerPort: 6379 + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + - mountPath: /data + name: data + - mountPath: /health + name: health + lifecycle: + preStop: exec: command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh 1 - resources: - limits: - cpu: 150m - ephemeral-storage: 2Gi - memory: 192Mi - requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 128Mi - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: redis-data - mountPath: /data - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: empty-dir - mountPath: /opt/bitnami/redis/etc - subPath: app-conf-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - volumes: - - name: start-scripts - configMap: - name: jinias-redis-redis-scripts - defaultMode: 0755 - - name: health - configMap: - name: jinias-redis-redis-health - defaultMode: 0755 + - /bin/sh + - /readonly-config/trigger-failover-if-master.sh + - name: sentinel + image: public.ecr.aws/docker/library/redis:7.2.4-alpine + imagePullPolicy: IfNotPresent + command: + - redis-sentinel + args: + - /data/conf/sentinel.conf + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 3 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + startupProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + resources: + {} + ports: + - name: sentinel + containerPort: 26379 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /health + name: health + lifecycle: + {} + + - name: split-brain-fix + image: public.ecr.aws/docker/library/redis:7.2.4-alpine + imagePullPolicy: IfNotPresent + command: + - sh + args: + - /readonly-config/fix-split-brain.sh + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + env: + - name: SENTINEL_ID_0 + value: 9942b44090ff59a3a1b9fb7b43a411ed4104d734 + - name: SENTINEL_ID_1 + value: 17c89c97289988e3fff73b7950ccdea44fc3c6df + - name: SENTINEL_ID_2 + value: 7409cb0eb3a6d3ac137cf151172e810f3c237307 + resources: + {} + volumeMounts: - name: config - configMap: - name: jinias-redis-redis-configuration - - name: empty-dir - emptyDir: {} + mountPath: /readonly-config + readOnly: true + - mountPath: /data + name: data + volumes: + - name: config + configMap: + name: jinias-redis-ha-configmap + - name: health + configMap: + name: jinias-redis-ha-health-configmap + defaultMode: 0755 volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-data - labels: - app.kubernetes.io/instance: jinias-redis - app.kubernetes.io/name: redis - app.kubernetes.io/component: replica - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + annotations: + labels: + {} + + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" +--- +# Source: redis-ha/templates/tests/test-redis-ha-configmap.yaml +apiVersion: v1 +kind: Pod +metadata: + name: jinias-redis-ha-configmap-test + namespace: "default" + labels: + app: redis-ha + release: "jinias" + chart: redis-ha-4.29.4 + annotations: + "helm.sh/hook": test-success +spec: + nodeSelector: + {} + tolerations: + null + containers: + - name: check-init + image: koalaman/shellcheck:v0.5.0 + args: + - --shell=sh + - /readonly-config/init.sh + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + resources: + {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + restartPolicy: Never + volumes: + - name: config + configMap: + name: jinias-redis-ha-configmap From 06df834e8d54badb50fc34a55dbd8aadd5d024e4 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Mon, 11 Nov 2024 15:41:48 +0900 Subject: [PATCH 35/46] redis setting replicas 3 --- deploy/jiniaslog/monolith/redis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis.yml b/deploy/jiniaslog/monolith/redis.yml index a64a5789..1b6b6c09 100644 --- a/deploy/jiniaslog/monolith/redis.yml +++ b/deploy/jiniaslog/monolith/redis.yml @@ -896,7 +896,7 @@ spec: release: jinias app: redis-ha serviceName: jinias-redis-ha - replicas: 2 + replicas: 3 podManagementPolicy: OrderedReady updateStrategy: type: RollingUpdate @@ -930,7 +930,12 @@ spec: image: public.ecr.aws/docker/library/redis:7.2.4-alpine imagePullPolicy: IfNotPresent resources: - {} + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "1Gi" command: - sh args: From 056e30997de4b7413184b612c8760427baa444d9 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Mon, 11 Nov 2024 15:53:57 +0900 Subject: [PATCH 36/46] chage pkg --- deploy/jiniaslog/monolith/{ => redis}/redis.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deploy/jiniaslog/monolith/{ => redis}/redis.yml (100%) diff --git a/deploy/jiniaslog/monolith/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml similarity index 100% rename from deploy/jiniaslog/monolith/redis.yml rename to deploy/jiniaslog/monolith/redis/redis.yml From 959b44fb08f2afdaee5a769cfddac69f27f12cb5 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Mon, 11 Nov 2024 17:02:01 +0900 Subject: [PATCH 37/46] metric test --- deploy/jiniaslog/monolith/redis/redis.yml | 24 ++++++++++------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml index 1b6b6c09..b6c87c5a 100644 --- a/deploy/jiniaslog/monolith/redis/redis.yml +++ b/deploy/jiniaslog/monolith/redis/redis.yml @@ -7,7 +7,6 @@ metadata: namespace: "default" labels: release: jinias - chart: redis-ha-4.29.4 app: jinias-redis-ha --- # Source: redis-ha/templates/redis-ha-configmap.yaml @@ -776,7 +775,6 @@ metadata: app: redis-ha release: "jinias" chart: redis-ha-4.29.4 - annotations: spec: publishNotReadyAddresses: true type: ClusterIP @@ -804,7 +802,6 @@ metadata: app: redis-ha release: "jinias" chart: redis-ha-4.29.4 - annotations: spec: publishNotReadyAddresses: true type: ClusterIP @@ -832,7 +829,6 @@ metadata: app: redis-ha release: "jinias" chart: redis-ha-4.29.4 - annotations: spec: publishNotReadyAddresses: true type: ClusterIP @@ -860,7 +856,6 @@ metadata: app: redis-ha release: "jinias" chart: redis-ha-4.29.4 - annotations: spec: type: ClusterIP clusterIP: None @@ -904,6 +899,9 @@ spec: metadata: annotations: checksum/init-config: 35476e45d4cc022feb5f56366eec7a3f71e1f3a10d86c29d8dca4c122db291fe + prometheus.io/scrape: "true" + prometheus.io/port: "6379" + prometheus.io/path: "/metrics" labels: release: jinias app: redis-ha @@ -930,12 +928,7 @@ spec: image: public.ecr.aws/docker/library/redis:7.2.4-alpine imagePullPolicy: IfNotPresent resources: - requests: - cpu: "500m" - memory: "512Mi" - limits: - cpu: "1000m" - memory: "1Gi" + {} command: - sh args: @@ -962,8 +955,6 @@ spec: readOnly: true - name: data mountPath: /data - - containers: - name: redis image: public.ecr.aws/docker/library/redis:7.2.4-alpine @@ -1015,7 +1006,12 @@ spec: - -c - /health/redis_readiness.sh resources: - {} + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "1Gi" ports: - name: redis containerPort: 6379 From 4dddf5c6d61909b81129020450575fc623f6c31a Mon Sep 17 00:00:00 2001 From: jinia91 Date: Mon, 11 Nov 2024 17:35:09 +0900 Subject: [PATCH 38/46] metric test --- deploy/jiniaslog/monolith/redis/redis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml index b6c87c5a..0118dd0d 100644 --- a/deploy/jiniaslog/monolith/redis/redis.yml +++ b/deploy/jiniaslog/monolith/redis/redis.yml @@ -899,9 +899,6 @@ spec: metadata: annotations: checksum/init-config: 35476e45d4cc022feb5f56366eec7a3f71e1f3a10d86c29d8dca4c122db291fe - prometheus.io/scrape: "true" - prometheus.io/port: "6379" - prometheus.io/path: "/metrics" labels: release: jinias app: redis-ha From 78f3dedabc1f90bec4cb80518df9f3b3fff5af4e Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 12 Nov 2024 11:17:32 +0900 Subject: [PATCH 39/46] metric test --- .../monolith/redis/redis-exporter.yml | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 deploy/jiniaslog/monolith/redis/redis-exporter.yml diff --git a/deploy/jiniaslog/monolith/redis/redis-exporter.yml b/deploy/jiniaslog/monolith/redis/redis-exporter.yml new file mode 100644 index 00000000..f0b12696 --- /dev/null +++ b/deploy/jiniaslog/monolith/redis/redis-exporter.yml @@ -0,0 +1,112 @@ +--- +# Source: prometheus-redis-exporter/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-exporter-prometheus-redis-exporter + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" +--- +# Source: prometheus-redis-exporter/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-exporter-prometheus-redis-exporter + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [redis-exporter-prometheus-redis-exporter] +--- +# Source: prometheus-redis-exporter/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: redis-exporter-prometheus-redis-exporter + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-exporter-prometheus-redis-exporter +subjects: +- kind: ServiceAccount + name: redis-exporter-prometheus-redis-exporter +--- +# Source: prometheus-redis-exporter/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: redis-exporter-prometheus-redis-exporter + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" + annotations: + {} +spec: + type: ClusterIP + ports: + - name: redis-exporter + port: 9121 + targetPort: exporter-port + protocol: TCP + selector: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter +--- +# Source: prometheus-redis-exporter/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-exporter-prometheus-redis-exporter + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" + annotations: + {} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + template: + metadata: + annotations: + {} + labels: + app.kubernetes.io/name: prometheus-redis-exporter + app.kubernetes.io/instance: redis-exporter + app.kubernetes.io/version: "v1.66.0" + spec: + serviceAccountName: redis-exporter-prometheus-redis-exporter + containers: + - name: prometheus-redis-exporter + image: "oliver006/redis_exporter:v1.66.0" + imagePullPolicy: IfNotPresent + ports: + - name: exporter-port + containerPort: 9121 + env: + - name: REDIS_ADDR + value: redis://jinias-redis-ha:6379 + livenessProbe: + httpGet: + path: / + port: exporter-port + readinessProbe: + httpGet: + path: / + port: exporter-port + resources: + {} From d08ad7c7d391bf79ff0fb9069e9828c7ea29a8ba Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 12 Nov 2024 11:23:01 +0900 Subject: [PATCH 40/46] port --- deploy/jiniaslog/monolith/redis/redis-exporter.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/jiniaslog/monolith/redis/redis-exporter.yml b/deploy/jiniaslog/monolith/redis/redis-exporter.yml index f0b12696..a2b181d6 100644 --- a/deploy/jiniaslog/monolith/redis/redis-exporter.yml +++ b/deploy/jiniaslog/monolith/redis/redis-exporter.yml @@ -72,6 +72,8 @@ metadata: app.kubernetes.io/name: prometheus-redis-exporter app.kubernetes.io/instance: redis-exporter app.kubernetes.io/version: "v1.66.0" + prometheus.io/scrape: "true" + prometheus.io/port: "9121" annotations: {} spec: From f32a06fa5eb826fba908c618ca6acc5131aee0d4 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 12 Nov 2024 14:55:29 +0900 Subject: [PATCH 41/46] redis-exporter --- deploy/jiniaslog/monolith/redis/redis-exporter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis/redis-exporter.yml b/deploy/jiniaslog/monolith/redis/redis-exporter.yml index a2b181d6..69870c0a 100644 --- a/deploy/jiniaslog/monolith/redis/redis-exporter.yml +++ b/deploy/jiniaslog/monolith/redis/redis-exporter.yml @@ -50,6 +50,8 @@ metadata: app.kubernetes.io/name: prometheus-redis-exporter app.kubernetes.io/instance: redis-exporter app.kubernetes.io/version: "v1.66.0" + prometheus.io/scrape: "true" + prometheus.io/port: "9121" annotations: {} spec: @@ -72,8 +74,6 @@ metadata: app.kubernetes.io/name: prometheus-redis-exporter app.kubernetes.io/instance: redis-exporter app.kubernetes.io/version: "v1.66.0" - prometheus.io/scrape: "true" - prometheus.io/port: "9121" annotations: {} spec: From 91220e025b7c580ac0829b71615dcdc98dcb1f39 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 12 Nov 2024 15:53:01 +0900 Subject: [PATCH 42/46] redis-exporter --- .../monolith/redis/redis-exporter.yml | 228 +++++++++--------- deploy/jiniaslog/monolith/redis/redis.yml | 30 ++- 2 files changed, 143 insertions(+), 115 deletions(-) diff --git a/deploy/jiniaslog/monolith/redis/redis-exporter.yml b/deploy/jiniaslog/monolith/redis/redis-exporter.yml index 69870c0a..5bb695db 100644 --- a/deploy/jiniaslog/monolith/redis/redis-exporter.yml +++ b/deploy/jiniaslog/monolith/redis/redis-exporter.yml @@ -1,114 +1,114 @@ ---- -# Source: prometheus-redis-exporter/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-exporter-prometheus-redis-exporter - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" ---- -# Source: prometheus-redis-exporter/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: redis-exporter-prometheus-redis-exporter - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [redis-exporter-prometheus-redis-exporter] ---- -# Source: prometheus-redis-exporter/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: redis-exporter-prometheus-redis-exporter - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-exporter-prometheus-redis-exporter -subjects: -- kind: ServiceAccount - name: redis-exporter-prometheus-redis-exporter ---- -# Source: prometheus-redis-exporter/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: redis-exporter-prometheus-redis-exporter - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - annotations: - {} -spec: - type: ClusterIP - ports: - - name: redis-exporter - port: 9121 - targetPort: exporter-port - protocol: TCP - selector: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter ---- -# Source: prometheus-redis-exporter/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-exporter-prometheus-redis-exporter - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" - annotations: - {} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - template: - metadata: - annotations: - {} - labels: - app.kubernetes.io/name: prometheus-redis-exporter - app.kubernetes.io/instance: redis-exporter - app.kubernetes.io/version: "v1.66.0" - spec: - serviceAccountName: redis-exporter-prometheus-redis-exporter - containers: - - name: prometheus-redis-exporter - image: "oliver006/redis_exporter:v1.66.0" - imagePullPolicy: IfNotPresent - ports: - - name: exporter-port - containerPort: 9121 - env: - - name: REDIS_ADDR - value: redis://jinias-redis-ha:6379 - livenessProbe: - httpGet: - path: / - port: exporter-port - readinessProbe: - httpGet: - path: / - port: exporter-port - resources: - {} +#--- +## Source: prometheus-redis-exporter/templates/serviceaccount.yaml +#apiVersion: v1 +#kind: ServiceAccount +#metadata: +# name: redis-exporter-prometheus-redis-exporter +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +#--- +## Source: prometheus-redis-exporter/templates/role.yaml +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: Role +#metadata: +# name: redis-exporter-prometheus-redis-exporter +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +#rules: +#- apiGroups: ['extensions'] +# resources: ['podsecuritypolicies'] +# verbs: ['use'] +# resourceNames: [redis-exporter-prometheus-redis-exporter] +#--- +## Source: prometheus-redis-exporter/templates/rolebinding.yaml +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: RoleBinding +#metadata: +# name: redis-exporter-prometheus-redis-exporter +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: Role +# name: redis-exporter-prometheus-redis-exporter +#subjects: +#- kind: ServiceAccount +# name: redis-exporter-prometheus-redis-exporter +#--- +## Source: prometheus-redis-exporter/templates/service.yaml +#apiVersion: v1 +#kind: Service +#metadata: +# name: redis-exporter-prometheus-redis-exporter +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +# prometheus.io/scrape: "true" +# prometheus.io/port: "9121" +# annotations: +# {} +#spec: +# type: ClusterIP +# ports: +# - name: redis-exporter +# port: 9121 +# targetPort: exporter-port +# protocol: TCP +# selector: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +#--- +## Source: prometheus-redis-exporter/templates/deployment.yaml +#apiVersion: apps/v1 +#kind: Deployment +#metadata: +# name: redis-exporter-prometheus-redis-exporter +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +# annotations: +# {} +#spec: +# replicas: 1 +# selector: +# matchLabels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# template: +# metadata: +# annotations: +# {} +# labels: +# app.kubernetes.io/name: prometheus-redis-exporter +# app.kubernetes.io/instance: redis-exporter +# app.kubernetes.io/version: "v1.66.0" +# spec: +# serviceAccountName: redis-exporter-prometheus-redis-exporter +# containers: +# - name: prometheus-redis-exporter +# image: "oliver006/redis_exporter:v1.66.0" +# imagePullPolicy: IfNotPresent +# ports: +# - name: exporter-port +# containerPort: 9121 +# env: +# - name: REDIS_ADDR +# value: redis://jinias-redis-ha:6379 +# livenessProbe: +# httpGet: +# path: / +# port: exporter-port +# readinessProbe: +# httpGet: +# path: / +# port: exporter-port +# resources: +# {} diff --git a/deploy/jiniaslog/monolith/redis/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml index 0118dd0d..1317d544 100644 --- a/deploy/jiniaslog/monolith/redis/redis.yml +++ b/deploy/jiniaslog/monolith/redis/redis.yml @@ -787,6 +787,10 @@ spec: port: 26379 protocol: TCP targetPort: sentinel + - name: metrics + port: 9121 + protocol: TCP + targetPort: 9121 selector: release: jinias app: redis-ha @@ -899,6 +903,9 @@ spec: metadata: annotations: checksum/init-config: 35476e45d4cc022feb5f56366eec7a3f71e1f3a10d86c29d8dca4c122db291fe + prometheus.io/scrape: "true" + prometheus.io/port: "9121" + labels: release: jinias app: redis-ha @@ -1088,6 +1095,28 @@ spec: lifecycle: {} + - name: redis-exporter + image: oliver006/redis_exporter:v1.66.0 + imagePullPolicy: IfNotPresent + env: + - name: REDIS_ADDR + value: "redis://localhost:6379" + ports: + - name: exporter-port + containerPort: 9121 + livenessProbe: + httpGet: + path: / + port: exporter-port + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: exporter-port + initialDelaySeconds: 5 + periodSeconds: 10 + - name: split-brain-fix image: public.ecr.aws/docker/library/redis:7.2.4-alpine imagePullPolicy: IfNotPresent @@ -1132,7 +1161,6 @@ spec: kind: PersistentVolumeClaim metadata: name: data - annotations: labels: {} From a955daa43c909df2cc51b6a1923bf1ca311cdffd Mon Sep 17 00:00:00 2001 From: jinia91 Date: Tue, 12 Nov 2024 17:59:36 +0900 Subject: [PATCH 43/46] redis-memory --- .../monolith/redis/redis-exporter.yml | 114 ------------------ deploy/jiniaslog/monolith/redis/redis.yml | 2 +- 2 files changed, 1 insertion(+), 115 deletions(-) delete mode 100644 deploy/jiniaslog/monolith/redis/redis-exporter.yml diff --git a/deploy/jiniaslog/monolith/redis/redis-exporter.yml b/deploy/jiniaslog/monolith/redis/redis-exporter.yml deleted file mode 100644 index 5bb695db..00000000 --- a/deploy/jiniaslog/monolith/redis/redis-exporter.yml +++ /dev/null @@ -1,114 +0,0 @@ -#--- -## Source: prometheus-redis-exporter/templates/serviceaccount.yaml -#apiVersion: v1 -#kind: ServiceAccount -#metadata: -# name: redis-exporter-prometheus-redis-exporter -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -#--- -## Source: prometheus-redis-exporter/templates/role.yaml -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: Role -#metadata: -# name: redis-exporter-prometheus-redis-exporter -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -#rules: -#- apiGroups: ['extensions'] -# resources: ['podsecuritypolicies'] -# verbs: ['use'] -# resourceNames: [redis-exporter-prometheus-redis-exporter] -#--- -## Source: prometheus-redis-exporter/templates/rolebinding.yaml -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: RoleBinding -#metadata: -# name: redis-exporter-prometheus-redis-exporter -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: Role -# name: redis-exporter-prometheus-redis-exporter -#subjects: -#- kind: ServiceAccount -# name: redis-exporter-prometheus-redis-exporter -#--- -## Source: prometheus-redis-exporter/templates/service.yaml -#apiVersion: v1 -#kind: Service -#metadata: -# name: redis-exporter-prometheus-redis-exporter -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -# prometheus.io/scrape: "true" -# prometheus.io/port: "9121" -# annotations: -# {} -#spec: -# type: ClusterIP -# ports: -# - name: redis-exporter -# port: 9121 -# targetPort: exporter-port -# protocol: TCP -# selector: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -#--- -## Source: prometheus-redis-exporter/templates/deployment.yaml -#apiVersion: apps/v1 -#kind: Deployment -#metadata: -# name: redis-exporter-prometheus-redis-exporter -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -# annotations: -# {} -#spec: -# replicas: 1 -# selector: -# matchLabels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# template: -# metadata: -# annotations: -# {} -# labels: -# app.kubernetes.io/name: prometheus-redis-exporter -# app.kubernetes.io/instance: redis-exporter -# app.kubernetes.io/version: "v1.66.0" -# spec: -# serviceAccountName: redis-exporter-prometheus-redis-exporter -# containers: -# - name: prometheus-redis-exporter -# image: "oliver006/redis_exporter:v1.66.0" -# imagePullPolicy: IfNotPresent -# ports: -# - name: exporter-port -# containerPort: 9121 -# env: -# - name: REDIS_ADDR -# value: redis://jinias-redis-ha:6379 -# livenessProbe: -# httpGet: -# path: / -# port: exporter-port -# readinessProbe: -# httpGet: -# path: / -# port: exporter-port -# resources: -# {} diff --git a/deploy/jiniaslog/monolith/redis/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml index 1317d544..658d8846 100644 --- a/deploy/jiniaslog/monolith/redis/redis.yml +++ b/deploy/jiniaslog/monolith/redis/redis.yml @@ -25,7 +25,7 @@ data: port 6379 rename-command FLUSHDB "" rename-command FLUSHALL "" - maxmemory 0 + maxmemory 1gb maxmemory-policy volatile-lru min-replicas-max-lag 5 min-replicas-to-write 1 From e24f6a9afe8cb7b3636c82886295c8ddf37b734e Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 13 Nov 2024 14:13:27 +0900 Subject: [PATCH 44/46] mysql operator --- .../monolith/mysql/mysql-operator.yml | 209 ++++++++++++++++++ 1 file changed, 209 insertions(+) create mode 100644 deploy/jiniaslog/monolith/mysql/mysql-operator.yml diff --git a/deploy/jiniaslog/monolith/mysql/mysql-operator.yml b/deploy/jiniaslog/monolith/mysql/mysql-operator.yml new file mode 100644 index 00000000..19335515 --- /dev/null +++ b/deploy/jiniaslog/monolith/mysql/mysql-operator.yml @@ -0,0 +1,209 @@ +--- +# Source: mysql-operator/templates/service_account_operator.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mysql-operator-sa + namespace: mysql-operator +--- +# Source: mysql-operator/templates/cluster_role_operator.yaml +# The main role for the operator +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mysql-operator +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["get", "patch", "update", "watch"] + # Kopf needs patch on secrets or the sidecar will throw + # The operator needs this verb to be able to pass it to the sidecar + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "create", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch", "update"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] + verbs: ["get", "create"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["get", "create"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create"] + - apiGroups: ["batch"] + resources: ["cronjobs"] + verbs: ["create", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "create", "patch", "watch", "delete"] + - apiGroups: ["mysql.oracle.com"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["zalando.org"] + resources: ["*"] + verbs: ["get", "patch", "list", "watch"] + # Kopf: runtime observation of namespaces & CRDs (addition/deletion). + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [list, watch] + - apiGroups: [""] + resources: [namespaces] + verbs: [list, watch] +--- +# Source: mysql-operator/templates/cluster_role_sidecar.yaml +# role for the server sidecar +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mysql-sidecar +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["pods/status"] + verbs: ["get", "patch", "update", "watch"] + # Kopf needs patch on secrets or the sidecar will throw + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "create", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch", "update"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "patch"] + - apiGroups: ["mysql.oracle.com"] + resources: ["innodbclusters"] + verbs: ["get", "watch", "list"] + - apiGroups: ["mysql.oracle.com"] + resources: ["mysqlbackups"] + verbs: ["create", "get", "list", "patch", "update", "watch", "delete"] + - apiGroups: ["mysql.oracle.com"] + resources: ["mysqlbackups/status"] + verbs: ["get", "patch", "update", "watch"] +--- +# Source: mysql-operator/templates/cluster_role_binding_operator.yaml +# Give access to the operator +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mysql-operator-rolebinding +subjects: + - kind: ServiceAccount + name: mysql-operator-sa + namespace: mysql-operator + # TODO The following entry is for dev purposes only and must be deleted + #- kind: Group + # name: system:serviceaccounts + # apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: mysql-operator + apiGroup: rbac.authorization.k8s.io +--- +# Source: mysql-operator/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: mysql-operator + namespace: mysql-operator + labels: + name: mysql-operator +spec: + type: ClusterIP + ports: + - port: 9443 + protocol: TCP + selector: + name: mysql-operator +--- +# Source: mysql-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql-operator + namespace: mysql-operator + labels: + version: "8.0.40-2.0.16" + app.kubernetes.io/name: mysql-operator + app.kubernetes.io/instance: mysql-operator + app.kubernetes.io/version: "8.0.40-2.0.16" + app.kubernetes.io/component: controller +spec: + replicas: 1 + selector: + matchLabels: + name: mysql-operator + template: + metadata: + labels: + name: mysql-operator + spec: + containers: + - name: mysql-operator + image: container-registry.oracle.com/mysql/community-operator:8.0.40-2.0.16 + imagePullPolicy: IfNotPresent + args: ["mysqlsh", "--log-level=@INFO", "--pym", "mysqloperator", "operator"] + env: + - name: MYSQLSH_USER_CONFIG_HOME + value: /mysqlsh + - name: MYSQLSH_CREDENTIAL_STORE_SAVE_PASSWORDS + value: never + + - name: MYSQL_OPERATOR_IMAGE_PULL_POLICY + value: IfNotPresent + + readinessProbe: + exec: + command: + - cat + - /tmp/mysql-operator-ready + initialDelaySeconds: 1 + periodSeconds: 3 + volumeMounts: + - name: mysqlsh-home + mountPath: /mysqlsh + - name: tmpdir + mountPath: /tmp + securityContext: + runAsUser: 2 + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + volumes: + - name: mysqlsh-home + emptyDir: {} + - name: tmpdir + emptyDir: {} + serviceAccountName: mysql-operator-sa +--- +# Source: mysql-operator/templates/cluster_kopf_keepering.yaml +apiVersion: zalando.org/v1 +kind: ClusterKopfPeering +metadata: + name: mysql-operator From 96850c0a1fffd189ad1e9930f44c6d7cf7d3dccb Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 13 Nov 2024 14:49:07 +0900 Subject: [PATCH 45/46] mysql operator --- deploy/jiniaslog/monolith/mysql/crds.yml | 1110 ++++++++++++++++++++++ 1 file changed, 1110 insertions(+) create mode 100644 deploy/jiniaslog/monolith/mysql/crds.yml diff --git a/deploy/jiniaslog/monolith/mysql/crds.yml b/deploy/jiniaslog/monolith/mysql/crds.yml new file mode 100644 index 00000000..0f5b955a --- /dev/null +++ b/deploy/jiniaslog/monolith/mysql/crds.yml @@ -0,0 +1,1110 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: innodbclusters.mysql.oracle.com +spec: + group: mysql.oracle.com + versions: + - name: v2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ["spec"] + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 40 + spec: + type: object + required: ["secretName"] + properties: + secretName: + type: string + description: "Name of a generic type Secret containing root/default account password" + tlsCASecretName: + type: string + description: "Name of a generic type Secret containing CA (ca.pem) and optional CRL (crl.pem) for SSL" + tlsSecretName: + type: string + description: "Name of a TLS type Secret containing Server certificate and private key for SSL" + tlsUseSelfSigned: + type: boolean + default: false + description: "Enables use of self-signed TLS certificates, reducing or disabling TLS based security verifications" + version: + type: string + pattern: '^\d+\.\d+\.\d+(-.+)?' + description: "MySQL Server version" + edition: + type: string + pattern: "^(community|enterprise)$" + description: "MySQL Server Edition (community or enterprise)" + imageRepository: + type: string + description: "Repository where images are pulled from; defaults to container-registry.oracle.com/mysql" + imagePullPolicy: + type: string + description: "Defaults to Always, but set to IfNotPresent in deploy-operator.yaml when deploying Operator" + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + serviceAccountName: + type: string + baseServerId: + type: integer + minimum: 0 + maximum: 4294967195 + default: 1000 + description: "Base value for MySQL server_id for instances in the cluster" + datadirVolumeClaimTemplate: + type: object + x-kubernetes-preserve-unknown-fields: true + description: "Template for a PersistentVolumeClaim, to be used as datadir" + datadirPermissions: + type: object + properties: + setRightsUsingInitContainer: + type: boolean + default: true + description: "Whether to use an init container to set at start the DataDir permissions " + fsGroupChangePolicy: + type: string + description: "Optional fsGroupChangePolicy value to be set in the pod security context. Some possible values are OnRootMismatch and Always. For more information check the official Kubernetes documentation" + default: "" + mycnf: + type: string + description: "Custom configuration additions for my.cnf" + instances: + type: integer + minimum: 1 + maximum: 9 + default: 1 + description: "Number of MySQL replica instances for the cluster" + podSpec: + type: object + x-kubernetes-preserve-unknown-fields: true + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + keyring: + type: object + description: "Keyring specification" + properties: + file: + type: object + description: "Keyring 'File' specification" + required: ["storage"] + properties: + fileName: + type: string + default: "mysql_keyring" + description: "Path to the keyring file name inside the storage volume (will be prefixed by mount path)" + readOnly: + type: boolean + default: false + description: "Whether to open the keyring file in read-only mode" + storage: + type: object + description : "Specification of the volume to be mounted where the keyring file resides" + x-kubernetes-preserve-unknown-fields: true + encryptedFile: + type: object + description: "Keyring 'Encrypted File' specification" + required: ["storage", "password"] + properties: + fileName: + type: string + default: "mysql_keyring" + description: "Path to the keyring file name inside the storage volume (will be prefixed by mount path)" + readOnly: + type: boolean + default: false + description: "Whether to open the keyring file in read-only mode" + password: + type: string + description: "Name of a secret that contains password for the keyring in the key 'keyring_password'" + storage: + type: object + description : "Specification of the volume to be mounted where the keyring file resides" + x-kubernetes-preserve-unknown-fields: true + oci: + type: object + description: "Keyring 'OCI' specification" + required: ["user", "keySecret", "keyFingerprint", "tenancy"] + properties: + user: + type: string + description: "User identifier in the form of ocid1.user.oc1..." + pattern: '^ocid1\.user\.' + keySecret: + type: string + description: "A secret that contains the private key under the field 'privatekey'" + keyFingerprint: + type: string + description: "Private key fingerprint" + pattern: '([0-9a-f]{2}:){15}[0-9a-f]{2}$' + tenancy: + type: string + description: "Tenancy identifier in the form ocid1.tenancy.oc1..." + pattern: '^ocid1\.tenancy\.' + compartment: + type: string + description: "Compartment identifier in the form ocid1.compartment.oc1..." + pattern: '^ocid1\.compartment\.' + virtualVault: + type: string + description: "Vault identifier in the form ocid1.vault.oc1..." + pattern: '^ocid1\.vault\.' + masterKey: + type: string + description: "Master key identified in the form ocid1.key.oc1..." + pattern: '^ocid1\.key\.' + endpoints: + type: object + description: "" + properties: + encryption: + type: string + description: "Encryption endpoint URI like {identifier}-crypto.kms.{region}.oraclecloud.com" + management: + type: string + description: "Management endpoint URI like {identifier}-management.kms.{region}.oraclecloud.com" + vaults: + type: string + description: "Vaults endpoint URI like vaults.{region}.oci.oraclecloud.com" + secrets: + type: string + description: "Secrets endpoint URI like secrets.vaults.{region}.oci.oraclecloud.com" + caCertificate: + type: string + description: "Secret that contains ca.crt field with CA certificate bundle file that the keyring_oci plugin uses for Oracle Cloud Infrastructure certificate verification" + initDB: + type: object + properties: + clone: + type: object + required: ["donorUrl", "secretKeyRef"] + properties: + donorUrl: + type: string + description: "URL of the cluster to clone from" + rootUser: + type: string + default: "root" + description: "User name used for cloning" + secretKeyRef: + type: object + required: ["name"] + properties: + name: + type: string + description: "Secret name with key 'rootPassword' storing the password for the user specified in rootUser" + dump: + type: object + required: ["storage"] + properties: + name: + type: string + description: "Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator" + path: + type: string + description: "Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure." + options: + type: object + description: "A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()" + x-kubernetes-preserve-unknown-fields: true + storage: + type: object + properties: + ociObjectStorage: + type: object + required: ["bucketName", "prefix", "credentials"] + properties: + bucketName: + type: string + description: "Name of the OCI bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + credentials: + type: string + description: "Name of a Secret with data for accessing the bucket" + s3: + type: object + required: ["bucketName", "prefix", "config"] + properties: + bucketName: + type: string + description: "Name of the S3 bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + config: + type: string + description: "Name of a Secret with S3 configuration and credentials" + profile: + type: string + default: "" + description: "Profile being used in configuration files" + endpoint: + type: string + description: "Override endpoint URL" + azure: + type: object + required: ["containerName", "prefix", "config"] + properties: + containerName: + type: string + description: "Name of the Azure BLOB Storage container where the dump is stored" + prefix: + type: string + description: "Path in the container where the dump files are stored" + config: + type: string + description: "Name of a Secret with Azure BLOB Storage configuration and credentials" + persistentVolumeClaim: + type: object + description : "Specification of the PVC to be used. Used 'as is' in the cloning pod." + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + router: + type: object + description: "MySQL Router specification" + properties: + instances: + type: integer + minimum: 0 + default: 1 + description: "Number of MySQL Router instances to deploy" + tlsSecretName: + type: string + description: "Name of a TLS type Secret containing MySQL Router certificate and private key used for SSL" + version: + type: string + pattern: '^\d+\.\d+\.\d+(-.+)?' + description: "Override MySQL Router version" + podSpec: + type: object + x-kubernetes-preserve-unknown-fields: true + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + bootstrapOptions: + description: "Command line options passed to MySQL Router while bootstrapping" + type: array + items: + type: string + options: + description: "Command line options passed to MySQL Router while running" + type: array + items: + type: string + routingOptions: + description: "Set routing options for the cluster" + type: object + properties: + # naming pattern follows Shell's naming documented at + # https://dev.mysql.com/doc/mysql-shell/8.1/en/innodb-clusterset-router-setroutingoption.html + # ClusterSet-related options and tags currently not supported + invalidated_cluster_policy: + type: string + enum: ["drop_all", "accept_ro"] + stats_updates_frequency: + type: integer + default: 0 + minimum: 0 + read_only_targets: + type: string + enum: ["all", "read_replicas", "secondaries"] + service: + type: object + description: "Configuration of the Service used by applications connecting to the InnoDB Cluster" + properties: + type: + type: string + enum: ["ClusterIP", "NodePort", "LoadBalancer"] + default: ClusterIP + annotations: + type: object + description: "Custom annotations for the Service" + x-kubernetes-preserve-unknown-fields: true + labels: + type: object + description: "Custom labels for the Service" + x-kubernetes-preserve-unknown-fields: true + defaultPort: + type: string + description: "Target for the Service's default (3306) port. If mysql-rw traffic will go to the primary and allow read and write operations, with mysql-ro traffic goes to the replica and allows only read operations, with mysql-rw-split the router's read-write-splitting will be targeted" + enum: ["mysql-rw", "mysql-ro", "mysql-rw-split"] + default: "mysql-rw" + + metrics: + type: object + description: "Configuration of a Prometheus-style metrics provider" + required: ["enable", "image"] + properties: + enable: + type: boolean + default: false + description: "Toggle to enable or disable the metrics sidecar" + image: + type: string + description: "Name of an image to be used for the metrics sidecar, if provided metrics will be enabled" + options: + type: array + description: "Options passed to the metrics provider as command line arguments" + items: + type: string + webConfig: + type: string + description: "Name of a ConfigMap with a web.config file, if this option is provided a command line option --web.config.file is added" + tlsSecret: + type: string + description: "Name of a Secret with TLS certificate, key and CA, which will be mounted at /tls into the container an can be used from webConfig" + monitor: + type: boolean + description: "Create a ServiceMonitor for Prometheus Operator" + default: false + monitorSpec: + type: object + x-kubernetes-preserve-unknown-fields: true + description: "Custom configuration for the ServiceMonitor object" + default: {} + + # These are only supported for development purpose: + #dbUser: + # type: object + # description: "MySQL user accoutn to be used for collecting metrics" + # properties: + # name: + # type: string + # description: "The account name, host part will always be localhost" + # default: mysqlmetrics + # grants: + # type: array + # description: "GRANTs given to the account" + # default: [ 'PROCESS', 'REPLICATION CLIENT', 'SELECT' ] + # items: + # type: string + # maxConnections: + # type: integer + # default: 3 + # description: "Maximum number of connections" + + backupProfiles: + type: array + description: "Backup profile specifications for the cluster, which can be referenced from backup schedules and one-off backup jobs" + items: + type: object + required: ["name"] + properties: + name: + type: string + description: "Embedded backup profile, referenced as backupProfileName elsewhere" + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + dumpInstance: + type: object + properties: + dumpOptions: + type: object + description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" + x-kubernetes-preserve-unknown-fields: true + storage: + type: object + properties: + ociObjectStorage: + type: object + required: ["bucketName", "credentials"] + properties: + bucketName: + type: string + description: "Name of the OCI bucket where backup is stored" + prefix: + type: string + description: "Path in bucket where backup is stored" + credentials: + type: string + description: "Name of a Secret with data for accessing the bucket" + s3: + type: object + required: ["bucketName", "config"] + properties: + bucketName: + type: string + description: "Name of the S3 bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + config: + type: string + description: "Name of a Secret with S3 configuration and credentials" + profile: + type: string + default: "" + description: "Profile being used in configuration files" + endpoint: + type: string + description: "Override endpoint URL" + azure: + type: object + required: ["containerName", "config"] + properties: + containerName: + type: string + description: "Name of the Azure BLOB Storage container where the dump is stored" + prefix: + type: string + description: "Path in the container where the dump files are stored" + config: + type: string + description: "Name of a Secret with Azure BLOB Storage configuration and credentials" + persistentVolumeClaim: + type: object + description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + snapshot: + type: object + properties: + storage: + type: object + properties: + ociObjectStorage: + type: object + required: ["bucketName", "credentials"] + properties: + bucketName: + type: string + description: "Bucket name where backup is stored" + prefix: + type: string + description: "Path in bucket where backup is stored" + credentials: + type: string + description: "Name of a Secret with data for accessing the bucket" + s3: + type: object + required: ["bucketName", "config"] + properties: + bucketName: + type: string + description: "Name of the S3 bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + config: + type: string + description: "Name of a Secret with S3 configuration and credentials" + profile: + type: string + default: "" + description: "Profile being used in configuration files" + endpoint: + type: string + description: "Override endpoint URL" + azure: + type: object + required: ["containerName", "config"] + properties: + containerName: + type: string + description: "Name of the Azure BLOB Storage container where the dump is stored" + prefix: + type: string + description: "Path in the container where the dump files are stored" + config: + type: string + description: "Name of a Secret with Azure BLOB Storage configuration and credentials" + persistentVolumeClaim: + type: object + description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + backupSchedules: + type: array + description: "Schedules for periodically executed backups" + items: + type: object + required: ["name", "schedule"] + x-kubernetes-preserve-unknown-fields: true + properties: + name: + type: string + description: "Name of the backup schedule" + schedule: + type: string + description: "The schedule of the job, syntax as a cron expression" + backupProfileName: + type: string + description: "Name of the backupProfile to be used" + backupProfile: + type: object + description: "backupProfile specification if backupProfileName is not specified" + x-kubernetes-preserve-unknown-fields: true + properties: + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + dumpInstance: + type: object + properties: + dumpOptions: + type: object + description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" + x-kubernetes-preserve-unknown-fields: true + storage: + type: object + properties: + ociObjectStorage: + type: object + required: ["bucketName", "credentials"] + properties: + bucketName: + type: string + description: "Name of the OCI Bucket where backup is stored" + prefix: + type: string + description: "Path in bucket where backup is stored" + credentials: + type: string + description: "Name of a Secret with data for accessing the bucket" + s3: + type: object + required: ["bucketName", "config"] + properties: + bucketName: + type: string + description: "Name of the S3 bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + config: + type: string + description: "Name of a Secret with S3 configuration and credentials" + profile: + type: string + default: "" + description: "Profile being used in configuration files" + endpoint: + type: string + description: "Override endpoint URL" + azure: + type: object + required: ["containerName", "config"] + properties: + containerName: + type: string + description: "Name of the Azure BLOB Storage container where the dump is stored" + prefix: + type: string + description: "Path in the container where the dump files are stored" + config: + type: string + description: "Name of a Secret with Azure BLOB Storage configuration and credentials" + persistentVolumeClaim: + type: object + description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + deleteBackupData: + type: boolean + default: false + description: "Whether to delete the backup data in case the MySQLBackup object created by the job is deleted" + enabled: + type: boolean + default: true + description: "Whether the schedule is enabled or not" + timeZone: + type: string + description: "Timezone for the backup schedule, example: 'America/New_York'" + logs: + type: object + properties: + general: + type: object + properties: + enabled: + type: boolean + default: false + description: "Whether general logging should be enabled" + collect: + type: boolean + default: false + description: "Whether general logging data should be collected. Implies that the logging should be enabled." + error: + type: object + properties: + collect: + type: boolean + default: false + description: "Whether error logging data should be collected. Implies that the logging should be enabled. If enabled the error log will be switched to JSON format output" + verbosity: + type: integer + default: 3 + minimum: 1 + maximum: 3 + description: "Log error verbosity. For details, see the MySQL Server --log-error-verbosity documentation." + slowQuery: + type: object + properties: + enabled: + type: boolean + default: false + description: "Whether slow query logging should be enabled" + longQueryTime: + type: number + minimum: 0 + default: 10 + description: "Long query time threshold" + collect: + type: boolean + default: false + description: "Whether slow query logging data should be collected. Implies that the logging should be enabled." + collector: + type: object + oneOf: + - required: ["image", "fluentd"] + properties: + image: + type: string + description: "Name of an image, including registry and repository, to be used for the log collector sidecar. If provided it needs to be an image for the configured collector type." + containerName: + type: string + default: "logcollector" + description: "Name of the collector container sidecar" + env: + type: array + items: + type: object + description: "Environment variables to be passed to the image. Definition will be directly copied like podSpec fields are" + x-kubernetes-preserve-unknown-fields: true + fluentd: + type: object + description: "Properties of the fluentd log collector" + oneOf: + - required: ["sinks"] + properties: + generalLog: + type: object + properties: + tag: + type: string + default: "" + description: "Tag for the general log records" + options: + type: object + description: "fluentd specific options for the general log" + x-kubernetes-preserve-unknown-fields: true + errorLog: + type: object + properties: + tag: + type: string + default: "" + description: "Tag for the error log records" + options: + type: object + description: "fluentd specific options for the error log" + x-kubernetes-preserve-unknown-fields: true + slowQueryLog: + type: object + properties: + tag: + type: string + default: "" + description: "Tag for the slow log records" + options: + type: object + description: "fluentd specific options for the slow log" + x-kubernetes-preserve-unknown-fields: true + recordAugmentation: + type: object + properties: + enabled: + type: boolean + default: false + description: "Whether to enable record augmentation with additional data" + labels: + type: array + items: + type: object + required: ["fieldName", "labelName"] + properties: + fieldName: + type: string + description: "Name of the field added to the log record with value from labelName" + labelName: + type: string + description: "Name of the pod label that holds the value to be stored under fieldName in the log record" + annotations: + type: array + items: + type: object + required: ["fieldName", "annotationName"] + properties: + fieldName: + type: string + description: "Name of the field added to the log record with value from annotationName" + annotationName: + type: string + description: "Name of the pod label that holds the value to be stored under fieldName in the log record" + staticFields: + type: array + items: + type: object + required: ["fieldName", "fieldValue"] + properties: + fieldName: + type: string + description: "Name of the field added to the log record with value from fieldValue" + fieldValue: + type: string + description: "Value for the static field with name taken from fieldName" + podFields: + type: array + items: + type: object + required: ["fieldName", "fieldPath"] + properties: + fieldName: + type: string + description: "Name of the field added to the log record with value taken from a field with path stored in fieldPath" + fieldPath: + type: string + description: "Value for the field fieldName. The path should be of the same syntax as the one used for mounting environment variables from field reference - valueFrom.fieldRef.fieldPath . The field will be mounted in the pod as a environment variable, prefixed with a prefix and used then added to the log record. Examples for fieldRef are : spec.nodeName, metadata.namespace, status.podIP, etc." + resourceFields: + type: array + items: + type: object + required: ["fieldName", "containerName", "resource"] + properties: + fieldName: + type: string + description: "Name of the field added to the log record with value taken from a field with path stored in fieldPath" + containerName: + type: string + resource: + type: string + description: "See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/#use-container-fields-as-values-for-environment-variables" + additionalFilterConfiguration: + type: string + description: "Raw configuration of additional Fluentd filters to be added to the configuration file" + sinks: + type: array + items: + type: object + required: ["name", "rawConfig"] + x-kubernetes-preserve-unknown-fields: true + properties: + name: + type: string + description: "Name of the sink. Used only for documentation purposes" + rawConfig: + type: "string" + description: "Raw configuration of the sink" + + readReplicas: + type: array + items: + type: object + required: ["name", "baseServerId"] + properties: + name: + type: string + version: + type: string + pattern: '^\d+\.\d+\.\d+(-.+)?' + description: "MySQL Server version" + baseServerId: + type: integer + minimum: 0 + maximum: 4294967195 + default: 0 + description: "Base value for MySQL server_id for instances of the readReplica, if 0 it will be assigned automatically" + datadirVolumeClaimTemplate: + type: object + x-kubernetes-preserve-unknown-fields: true + description: "Template for a PersistentVolumeClaim, to be used as datadir" + mycnf: + type: string + description: "Custom configuration additions for my.cnf" + instances: + type: integer + minimum: 1 + maximum: 999 + default: 1 + description: "Number of MySQL instances for the set of read replica" + podSpec: + type: object + x-kubernetes-preserve-unknown-fields: true + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + serviceFqdnTemplate: + type: string + description: "Template for a FQDN resolving to the cluster's headless instance Service and individual Pods" + #default: "{service}.{namespace}.svc.{domain}" - We can't set the default as that would override the environment value from the operator + status: + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: Status of the InnoDB Cluster + jsonPath: .status.cluster.status + - name: Online + type: integer + description: Number of ONLINE InnoDB Cluster instances + jsonPath: .status.cluster.onlineInstances + - name: Instances + type: integer + description: Number of InnoDB Cluster instances configured + jsonPath: .spec.instances + - name: Routers + type: integer + description: Number of Router instances configured for the InnoDB Cluster + jsonPath: .spec.router.instances + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + scope: Namespaced + names: + kind: InnoDBCluster + listKind: InnoDBClusterList + singular: innodbcluster + plural: innodbclusters + shortNames: + - ic + - ics +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: mysqlbackups.mysql.oracle.com +spec: + group: mysql.oracle.com + scope: Namespaced + names: + kind: MySQLBackup + listKind: MySQLBackupList + singular: mysqlbackup + plural: mysqlbackups + shortNames: + - mbk + versions: + - name: v2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + required: ["clusterName"] + properties: + clusterName: + type: string + backupProfileName: + type: string + backupProfile: + type: object + description: "backupProfile specification if backupProfileName is not specified" + x-kubernetes-preserve-unknown-fields: true + properties: + podAnnotations: + type: object + x-kubernetes-preserve-unknown-fields: true + podLabels: + type: object + x-kubernetes-preserve-unknown-fields: true + dumpInstance: + type: object + properties: + dumpOptions: + type: object + description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" + x-kubernetes-preserve-unknown-fields: true + storage: + type: object + properties: + ociObjectStorage: + type: object + required: ["bucketName", "credentials"] + properties: + bucketName: + type: string + description: "Name of the OCI bucket where backup is stored" + prefix: + type: string + description: "Path in bucket where backup is stored" + credentials: + type: string + description: "Name of a Secret with data for accessing the bucket" + s3: + type: object + required: ["bucketName", "config"] + properties: + bucketName: + type: string + description: "Name of the S3 bucket where the dump is stored" + prefix: + type: string + description: "Path in the bucket where the dump files are stored" + config: + type: string + description: "Name of a Secret with S3 configuration and credentials" + profile: + type: string + default: "" + description: "Profile being used in configuration files" + endpoint: + type: string + description: "Override endpoint URL" + azure: + type: object + required: ["containerName", "config"] + properties: + containerName: + type: string + description: "Name of the Azure BLOB Storage container where the dump is stored" + prefix: + type: string + description: "Path in the container where the dump files are stored" + config: + type: string + description: "Name of a Secret with Azure BLOB Storage configuration and credentials" + persistentVolumeClaim: + type: object + description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + addTimestampToBackupDirectory: + type: boolean + default: true + deleteBackupData: + type: boolean + default: false + status: + type: object + properties: + status: + type: string + startTime: + type: string + completionTime: + type: string + elapsedTime: + type: string + output: + type: string + method: + type: string + source: + type: string + bucket: + type: string + ociTenancy: + type: string + container: + type: string + spaceAvailable: + type: string + size: + type: string + message: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Cluster + type: string + description: Name of the target cluster + jsonPath: .spec.clusterName + - name: Status + type: string + description: Status of the Backup + jsonPath: .status.status + - name: Output + type: string + description: Name of the produced file/directory + jsonPath: .status.output + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterkopfpeerings.zalando.org +spec: + scope: Cluster + group: zalando.org + names: + kind: ClusterKopfPeering + plural: clusterkopfpeerings + singular: clusterkopfpeering + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + x-kubernetes-preserve-unknown-fields: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kopfpeerings.zalando.org +spec: + scope: Namespaced + group: zalando.org + names: + kind: KopfPeering + plural: kopfpeerings + singular: kopfpeering + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + x-kubernetes-preserve-unknown-fields: true \ No newline at end of file From 3909281a4f14ea91271a3bff3465d414ef24ee39 Mon Sep 17 00:00:00 2001 From: jinia91 Date: Wed, 13 Nov 2024 14:52:33 +0900 Subject: [PATCH 46/46] mysql operator --- deploy/jiniaslog/monolith/mysql/crds.yml | 1110 ----------------- .../monolith/mysql/mysql-operator.yml | 209 ---- deploy/jiniaslog/monolith/redis/redis.yml | 2 +- 3 files changed, 1 insertion(+), 1320 deletions(-) delete mode 100644 deploy/jiniaslog/monolith/mysql/crds.yml delete mode 100644 deploy/jiniaslog/monolith/mysql/mysql-operator.yml diff --git a/deploy/jiniaslog/monolith/mysql/crds.yml b/deploy/jiniaslog/monolith/mysql/crds.yml deleted file mode 100644 index 0f5b955a..00000000 --- a/deploy/jiniaslog/monolith/mysql/crds.yml +++ /dev/null @@ -1,1110 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: innodbclusters.mysql.oracle.com -spec: - group: mysql.oracle.com - versions: - - name: v2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: ["spec"] - properties: - metadata: - type: object - properties: - name: - type: string - maxLength: 40 - spec: - type: object - required: ["secretName"] - properties: - secretName: - type: string - description: "Name of a generic type Secret containing root/default account password" - tlsCASecretName: - type: string - description: "Name of a generic type Secret containing CA (ca.pem) and optional CRL (crl.pem) for SSL" - tlsSecretName: - type: string - description: "Name of a TLS type Secret containing Server certificate and private key for SSL" - tlsUseSelfSigned: - type: boolean - default: false - description: "Enables use of self-signed TLS certificates, reducing or disabling TLS based security verifications" - version: - type: string - pattern: '^\d+\.\d+\.\d+(-.+)?' - description: "MySQL Server version" - edition: - type: string - pattern: "^(community|enterprise)$" - description: "MySQL Server Edition (community or enterprise)" - imageRepository: - type: string - description: "Repository where images are pulled from; defaults to container-registry.oracle.com/mysql" - imagePullPolicy: - type: string - description: "Defaults to Always, but set to IfNotPresent in deploy-operator.yaml when deploying Operator" - imagePullSecrets: - type: array - items: - type: object - properties: - name: - type: string - serviceAccountName: - type: string - baseServerId: - type: integer - minimum: 0 - maximum: 4294967195 - default: 1000 - description: "Base value for MySQL server_id for instances in the cluster" - datadirVolumeClaimTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - description: "Template for a PersistentVolumeClaim, to be used as datadir" - datadirPermissions: - type: object - properties: - setRightsUsingInitContainer: - type: boolean - default: true - description: "Whether to use an init container to set at start the DataDir permissions " - fsGroupChangePolicy: - type: string - description: "Optional fsGroupChangePolicy value to be set in the pod security context. Some possible values are OnRootMismatch and Always. For more information check the official Kubernetes documentation" - default: "" - mycnf: - type: string - description: "Custom configuration additions for my.cnf" - instances: - type: integer - minimum: 1 - maximum: 9 - default: 1 - description: "Number of MySQL replica instances for the cluster" - podSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - keyring: - type: object - description: "Keyring specification" - properties: - file: - type: object - description: "Keyring 'File' specification" - required: ["storage"] - properties: - fileName: - type: string - default: "mysql_keyring" - description: "Path to the keyring file name inside the storage volume (will be prefixed by mount path)" - readOnly: - type: boolean - default: false - description: "Whether to open the keyring file in read-only mode" - storage: - type: object - description : "Specification of the volume to be mounted where the keyring file resides" - x-kubernetes-preserve-unknown-fields: true - encryptedFile: - type: object - description: "Keyring 'Encrypted File' specification" - required: ["storage", "password"] - properties: - fileName: - type: string - default: "mysql_keyring" - description: "Path to the keyring file name inside the storage volume (will be prefixed by mount path)" - readOnly: - type: boolean - default: false - description: "Whether to open the keyring file in read-only mode" - password: - type: string - description: "Name of a secret that contains password for the keyring in the key 'keyring_password'" - storage: - type: object - description : "Specification of the volume to be mounted where the keyring file resides" - x-kubernetes-preserve-unknown-fields: true - oci: - type: object - description: "Keyring 'OCI' specification" - required: ["user", "keySecret", "keyFingerprint", "tenancy"] - properties: - user: - type: string - description: "User identifier in the form of ocid1.user.oc1..." - pattern: '^ocid1\.user\.' - keySecret: - type: string - description: "A secret that contains the private key under the field 'privatekey'" - keyFingerprint: - type: string - description: "Private key fingerprint" - pattern: '([0-9a-f]{2}:){15}[0-9a-f]{2}$' - tenancy: - type: string - description: "Tenancy identifier in the form ocid1.tenancy.oc1..." - pattern: '^ocid1\.tenancy\.' - compartment: - type: string - description: "Compartment identifier in the form ocid1.compartment.oc1..." - pattern: '^ocid1\.compartment\.' - virtualVault: - type: string - description: "Vault identifier in the form ocid1.vault.oc1..." - pattern: '^ocid1\.vault\.' - masterKey: - type: string - description: "Master key identified in the form ocid1.key.oc1..." - pattern: '^ocid1\.key\.' - endpoints: - type: object - description: "" - properties: - encryption: - type: string - description: "Encryption endpoint URI like {identifier}-crypto.kms.{region}.oraclecloud.com" - management: - type: string - description: "Management endpoint URI like {identifier}-management.kms.{region}.oraclecloud.com" - vaults: - type: string - description: "Vaults endpoint URI like vaults.{region}.oci.oraclecloud.com" - secrets: - type: string - description: "Secrets endpoint URI like secrets.vaults.{region}.oci.oraclecloud.com" - caCertificate: - type: string - description: "Secret that contains ca.crt field with CA certificate bundle file that the keyring_oci plugin uses for Oracle Cloud Infrastructure certificate verification" - initDB: - type: object - properties: - clone: - type: object - required: ["donorUrl", "secretKeyRef"] - properties: - donorUrl: - type: string - description: "URL of the cluster to clone from" - rootUser: - type: string - default: "root" - description: "User name used for cloning" - secretKeyRef: - type: object - required: ["name"] - properties: - name: - type: string - description: "Secret name with key 'rootPassword' storing the password for the user specified in rootUser" - dump: - type: object - required: ["storage"] - properties: - name: - type: string - description: "Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator" - path: - type: string - description: "Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure." - options: - type: object - description: "A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()" - x-kubernetes-preserve-unknown-fields: true - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "prefix", "credentials"] - properties: - bucketName: - type: string - description: "Name of the OCI bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - credentials: - type: string - description: "Name of a Secret with data for accessing the bucket" - s3: - type: object - required: ["bucketName", "prefix", "config"] - properties: - bucketName: - type: string - description: "Name of the S3 bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - config: - type: string - description: "Name of a Secret with S3 configuration and credentials" - profile: - type: string - default: "" - description: "Profile being used in configuration files" - endpoint: - type: string - description: "Override endpoint URL" - azure: - type: object - required: ["containerName", "prefix", "config"] - properties: - containerName: - type: string - description: "Name of the Azure BLOB Storage container where the dump is stored" - prefix: - type: string - description: "Path in the container where the dump files are stored" - config: - type: string - description: "Name of a Secret with Azure BLOB Storage configuration and credentials" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in the cloning pod." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - router: - type: object - description: "MySQL Router specification" - properties: - instances: - type: integer - minimum: 0 - default: 1 - description: "Number of MySQL Router instances to deploy" - tlsSecretName: - type: string - description: "Name of a TLS type Secret containing MySQL Router certificate and private key used for SSL" - version: - type: string - pattern: '^\d+\.\d+\.\d+(-.+)?' - description: "Override MySQL Router version" - podSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - bootstrapOptions: - description: "Command line options passed to MySQL Router while bootstrapping" - type: array - items: - type: string - options: - description: "Command line options passed to MySQL Router while running" - type: array - items: - type: string - routingOptions: - description: "Set routing options for the cluster" - type: object - properties: - # naming pattern follows Shell's naming documented at - # https://dev.mysql.com/doc/mysql-shell/8.1/en/innodb-clusterset-router-setroutingoption.html - # ClusterSet-related options and tags currently not supported - invalidated_cluster_policy: - type: string - enum: ["drop_all", "accept_ro"] - stats_updates_frequency: - type: integer - default: 0 - minimum: 0 - read_only_targets: - type: string - enum: ["all", "read_replicas", "secondaries"] - service: - type: object - description: "Configuration of the Service used by applications connecting to the InnoDB Cluster" - properties: - type: - type: string - enum: ["ClusterIP", "NodePort", "LoadBalancer"] - default: ClusterIP - annotations: - type: object - description: "Custom annotations for the Service" - x-kubernetes-preserve-unknown-fields: true - labels: - type: object - description: "Custom labels for the Service" - x-kubernetes-preserve-unknown-fields: true - defaultPort: - type: string - description: "Target for the Service's default (3306) port. If mysql-rw traffic will go to the primary and allow read and write operations, with mysql-ro traffic goes to the replica and allows only read operations, with mysql-rw-split the router's read-write-splitting will be targeted" - enum: ["mysql-rw", "mysql-ro", "mysql-rw-split"] - default: "mysql-rw" - - metrics: - type: object - description: "Configuration of a Prometheus-style metrics provider" - required: ["enable", "image"] - properties: - enable: - type: boolean - default: false - description: "Toggle to enable or disable the metrics sidecar" - image: - type: string - description: "Name of an image to be used for the metrics sidecar, if provided metrics will be enabled" - options: - type: array - description: "Options passed to the metrics provider as command line arguments" - items: - type: string - webConfig: - type: string - description: "Name of a ConfigMap with a web.config file, if this option is provided a command line option --web.config.file is added" - tlsSecret: - type: string - description: "Name of a Secret with TLS certificate, key and CA, which will be mounted at /tls into the container an can be used from webConfig" - monitor: - type: boolean - description: "Create a ServiceMonitor for Prometheus Operator" - default: false - monitorSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - description: "Custom configuration for the ServiceMonitor object" - default: {} - - # These are only supported for development purpose: - #dbUser: - # type: object - # description: "MySQL user accoutn to be used for collecting metrics" - # properties: - # name: - # type: string - # description: "The account name, host part will always be localhost" - # default: mysqlmetrics - # grants: - # type: array - # description: "GRANTs given to the account" - # default: [ 'PROCESS', 'REPLICATION CLIENT', 'SELECT' ] - # items: - # type: string - # maxConnections: - # type: integer - # default: 3 - # description: "Maximum number of connections" - - backupProfiles: - type: array - description: "Backup profile specifications for the cluster, which can be referenced from backup schedules and one-off backup jobs" - items: - type: object - required: ["name"] - properties: - name: - type: string - description: "Embedded backup profile, referenced as backupProfileName elsewhere" - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - dumpInstance: - type: object - properties: - dumpOptions: - type: object - description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" - x-kubernetes-preserve-unknown-fields: true - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "credentials"] - properties: - bucketName: - type: string - description: "Name of the OCI bucket where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Name of a Secret with data for accessing the bucket" - s3: - type: object - required: ["bucketName", "config"] - properties: - bucketName: - type: string - description: "Name of the S3 bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - config: - type: string - description: "Name of a Secret with S3 configuration and credentials" - profile: - type: string - default: "" - description: "Profile being used in configuration files" - endpoint: - type: string - description: "Override endpoint URL" - azure: - type: object - required: ["containerName", "config"] - properties: - containerName: - type: string - description: "Name of the Azure BLOB Storage container where the dump is stored" - prefix: - type: string - description: "Path in the container where the dump files are stored" - config: - type: string - description: "Name of a Secret with Azure BLOB Storage configuration and credentials" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - snapshot: - type: object - properties: - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "credentials"] - properties: - bucketName: - type: string - description: "Bucket name where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Name of a Secret with data for accessing the bucket" - s3: - type: object - required: ["bucketName", "config"] - properties: - bucketName: - type: string - description: "Name of the S3 bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - config: - type: string - description: "Name of a Secret with S3 configuration and credentials" - profile: - type: string - default: "" - description: "Profile being used in configuration files" - endpoint: - type: string - description: "Override endpoint URL" - azure: - type: object - required: ["containerName", "config"] - properties: - containerName: - type: string - description: "Name of the Azure BLOB Storage container where the dump is stored" - prefix: - type: string - description: "Path in the container where the dump files are stored" - config: - type: string - description: "Name of a Secret with Azure BLOB Storage configuration and credentials" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - backupSchedules: - type: array - description: "Schedules for periodically executed backups" - items: - type: object - required: ["name", "schedule"] - x-kubernetes-preserve-unknown-fields: true - properties: - name: - type: string - description: "Name of the backup schedule" - schedule: - type: string - description: "The schedule of the job, syntax as a cron expression" - backupProfileName: - type: string - description: "Name of the backupProfile to be used" - backupProfile: - type: object - description: "backupProfile specification if backupProfileName is not specified" - x-kubernetes-preserve-unknown-fields: true - properties: - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - dumpInstance: - type: object - properties: - dumpOptions: - type: object - description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" - x-kubernetes-preserve-unknown-fields: true - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "credentials"] - properties: - bucketName: - type: string - description: "Name of the OCI Bucket where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Name of a Secret with data for accessing the bucket" - s3: - type: object - required: ["bucketName", "config"] - properties: - bucketName: - type: string - description: "Name of the S3 bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - config: - type: string - description: "Name of a Secret with S3 configuration and credentials" - profile: - type: string - default: "" - description: "Profile being used in configuration files" - endpoint: - type: string - description: "Override endpoint URL" - azure: - type: object - required: ["containerName", "config"] - properties: - containerName: - type: string - description: "Name of the Azure BLOB Storage container where the dump is stored" - prefix: - type: string - description: "Path in the container where the dump files are stored" - config: - type: string - description: "Name of a Secret with Azure BLOB Storage configuration and credentials" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - deleteBackupData: - type: boolean - default: false - description: "Whether to delete the backup data in case the MySQLBackup object created by the job is deleted" - enabled: - type: boolean - default: true - description: "Whether the schedule is enabled or not" - timeZone: - type: string - description: "Timezone for the backup schedule, example: 'America/New_York'" - logs: - type: object - properties: - general: - type: object - properties: - enabled: - type: boolean - default: false - description: "Whether general logging should be enabled" - collect: - type: boolean - default: false - description: "Whether general logging data should be collected. Implies that the logging should be enabled." - error: - type: object - properties: - collect: - type: boolean - default: false - description: "Whether error logging data should be collected. Implies that the logging should be enabled. If enabled the error log will be switched to JSON format output" - verbosity: - type: integer - default: 3 - minimum: 1 - maximum: 3 - description: "Log error verbosity. For details, see the MySQL Server --log-error-verbosity documentation." - slowQuery: - type: object - properties: - enabled: - type: boolean - default: false - description: "Whether slow query logging should be enabled" - longQueryTime: - type: number - minimum: 0 - default: 10 - description: "Long query time threshold" - collect: - type: boolean - default: false - description: "Whether slow query logging data should be collected. Implies that the logging should be enabled." - collector: - type: object - oneOf: - - required: ["image", "fluentd"] - properties: - image: - type: string - description: "Name of an image, including registry and repository, to be used for the log collector sidecar. If provided it needs to be an image for the configured collector type." - containerName: - type: string - default: "logcollector" - description: "Name of the collector container sidecar" - env: - type: array - items: - type: object - description: "Environment variables to be passed to the image. Definition will be directly copied like podSpec fields are" - x-kubernetes-preserve-unknown-fields: true - fluentd: - type: object - description: "Properties of the fluentd log collector" - oneOf: - - required: ["sinks"] - properties: - generalLog: - type: object - properties: - tag: - type: string - default: "" - description: "Tag for the general log records" - options: - type: object - description: "fluentd specific options for the general log" - x-kubernetes-preserve-unknown-fields: true - errorLog: - type: object - properties: - tag: - type: string - default: "" - description: "Tag for the error log records" - options: - type: object - description: "fluentd specific options for the error log" - x-kubernetes-preserve-unknown-fields: true - slowQueryLog: - type: object - properties: - tag: - type: string - default: "" - description: "Tag for the slow log records" - options: - type: object - description: "fluentd specific options for the slow log" - x-kubernetes-preserve-unknown-fields: true - recordAugmentation: - type: object - properties: - enabled: - type: boolean - default: false - description: "Whether to enable record augmentation with additional data" - labels: - type: array - items: - type: object - required: ["fieldName", "labelName"] - properties: - fieldName: - type: string - description: "Name of the field added to the log record with value from labelName" - labelName: - type: string - description: "Name of the pod label that holds the value to be stored under fieldName in the log record" - annotations: - type: array - items: - type: object - required: ["fieldName", "annotationName"] - properties: - fieldName: - type: string - description: "Name of the field added to the log record with value from annotationName" - annotationName: - type: string - description: "Name of the pod label that holds the value to be stored under fieldName in the log record" - staticFields: - type: array - items: - type: object - required: ["fieldName", "fieldValue"] - properties: - fieldName: - type: string - description: "Name of the field added to the log record with value from fieldValue" - fieldValue: - type: string - description: "Value for the static field with name taken from fieldName" - podFields: - type: array - items: - type: object - required: ["fieldName", "fieldPath"] - properties: - fieldName: - type: string - description: "Name of the field added to the log record with value taken from a field with path stored in fieldPath" - fieldPath: - type: string - description: "Value for the field fieldName. The path should be of the same syntax as the one used for mounting environment variables from field reference - valueFrom.fieldRef.fieldPath . The field will be mounted in the pod as a environment variable, prefixed with a prefix and used then added to the log record. Examples for fieldRef are : spec.nodeName, metadata.namespace, status.podIP, etc." - resourceFields: - type: array - items: - type: object - required: ["fieldName", "containerName", "resource"] - properties: - fieldName: - type: string - description: "Name of the field added to the log record with value taken from a field with path stored in fieldPath" - containerName: - type: string - resource: - type: string - description: "See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/#use-container-fields-as-values-for-environment-variables" - additionalFilterConfiguration: - type: string - description: "Raw configuration of additional Fluentd filters to be added to the configuration file" - sinks: - type: array - items: - type: object - required: ["name", "rawConfig"] - x-kubernetes-preserve-unknown-fields: true - properties: - name: - type: string - description: "Name of the sink. Used only for documentation purposes" - rawConfig: - type: "string" - description: "Raw configuration of the sink" - - readReplicas: - type: array - items: - type: object - required: ["name", "baseServerId"] - properties: - name: - type: string - version: - type: string - pattern: '^\d+\.\d+\.\d+(-.+)?' - description: "MySQL Server version" - baseServerId: - type: integer - minimum: 0 - maximum: 4294967195 - default: 0 - description: "Base value for MySQL server_id for instances of the readReplica, if 0 it will be assigned automatically" - datadirVolumeClaimTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - description: "Template for a PersistentVolumeClaim, to be used as datadir" - mycnf: - type: string - description: "Custom configuration additions for my.cnf" - instances: - type: integer - minimum: 1 - maximum: 999 - default: 1 - description: "Number of MySQL instances for the set of read replica" - podSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - serviceFqdnTemplate: - type: string - description: "Template for a FQDN resolving to the cluster's headless instance Service and individual Pods" - #default: "{service}.{namespace}.svc.{domain}" - We can't set the default as that would override the environment value from the operator - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: Status of the InnoDB Cluster - jsonPath: .status.cluster.status - - name: Online - type: integer - description: Number of ONLINE InnoDB Cluster instances - jsonPath: .status.cluster.onlineInstances - - name: Instances - type: integer - description: Number of InnoDB Cluster instances configured - jsonPath: .spec.instances - - name: Routers - type: integer - description: Number of Router instances configured for the InnoDB Cluster - jsonPath: .spec.router.instances - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - scope: Namespaced - names: - kind: InnoDBCluster - listKind: InnoDBClusterList - singular: innodbcluster - plural: innodbclusters - shortNames: - - ic - - ics ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: mysqlbackups.mysql.oracle.com -spec: - group: mysql.oracle.com - scope: Namespaced - names: - kind: MySQLBackup - listKind: MySQLBackupList - singular: mysqlbackup - plural: mysqlbackups - shortNames: - - mbk - versions: - - name: v2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - required: ["clusterName"] - properties: - clusterName: - type: string - backupProfileName: - type: string - backupProfile: - type: object - description: "backupProfile specification if backupProfileName is not specified" - x-kubernetes-preserve-unknown-fields: true - properties: - podAnnotations: - type: object - x-kubernetes-preserve-unknown-fields: true - podLabels: - type: object - x-kubernetes-preserve-unknown-fields: true - dumpInstance: - type: object - properties: - dumpOptions: - type: object - description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" - x-kubernetes-preserve-unknown-fields: true - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "credentials"] - properties: - bucketName: - type: string - description: "Name of the OCI bucket where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Name of a Secret with data for accessing the bucket" - s3: - type: object - required: ["bucketName", "config"] - properties: - bucketName: - type: string - description: "Name of the S3 bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - config: - type: string - description: "Name of a Secret with S3 configuration and credentials" - profile: - type: string - default: "" - description: "Profile being used in configuration files" - endpoint: - type: string - description: "Override endpoint URL" - azure: - type: object - required: ["containerName", "config"] - properties: - containerName: - type: string - description: "Name of the Azure BLOB Storage container where the dump is stored" - prefix: - type: string - description: "Path in the container where the dump files are stored" - config: - type: string - description: "Name of a Secret with Azure BLOB Storage configuration and credentials" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - addTimestampToBackupDirectory: - type: boolean - default: true - deleteBackupData: - type: boolean - default: false - status: - type: object - properties: - status: - type: string - startTime: - type: string - completionTime: - type: string - elapsedTime: - type: string - output: - type: string - method: - type: string - source: - type: string - bucket: - type: string - ociTenancy: - type: string - container: - type: string - spaceAvailable: - type: string - size: - type: string - message: - type: string - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - type: string - description: Name of the target cluster - jsonPath: .spec.clusterName - - name: Status - type: string - description: Status of the Backup - jsonPath: .status.status - - name: Output - type: string - description: Name of the produced file/directory - jsonPath: .status.output - - name: Age - type: date - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterkopfpeerings.zalando.org -spec: - scope: Cluster - group: zalando.org - names: - kind: ClusterKopfPeering - plural: clusterkopfpeerings - singular: clusterkopfpeering - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - x-kubernetes-preserve-unknown-fields: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kopfpeerings.zalando.org -spec: - scope: Namespaced - group: zalando.org - names: - kind: KopfPeering - plural: kopfpeerings - singular: kopfpeering - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - x-kubernetes-preserve-unknown-fields: true \ No newline at end of file diff --git a/deploy/jiniaslog/monolith/mysql/mysql-operator.yml b/deploy/jiniaslog/monolith/mysql/mysql-operator.yml deleted file mode 100644 index 19335515..00000000 --- a/deploy/jiniaslog/monolith/mysql/mysql-operator.yml +++ /dev/null @@ -1,209 +0,0 @@ ---- -# Source: mysql-operator/templates/service_account_operator.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mysql-operator-sa - namespace: mysql-operator ---- -# Source: mysql-operator/templates/cluster_role_operator.yaml -# The main role for the operator -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: mysql-operator -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["pods/status"] - verbs: ["get", "patch", "update", "watch"] - # Kopf needs patch on secrets or the sidecar will throw - # The operator needs this verb to be able to pass it to the sidecar - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "create", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch", "update"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["rolebindings"] - verbs: ["get", "create"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["get", "create"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create"] - - apiGroups: ["batch"] - resources: ["cronjobs"] - verbs: ["create", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "create", "patch", "watch", "delete"] - - apiGroups: ["mysql.oracle.com"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["zalando.org"] - resources: ["*"] - verbs: ["get", "patch", "list", "watch"] - # Kopf: runtime observation of namespaces & CRDs (addition/deletion). - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [list, watch] - - apiGroups: [""] - resources: [namespaces] - verbs: [list, watch] ---- -# Source: mysql-operator/templates/cluster_role_sidecar.yaml -# role for the server sidecar -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: mysql-sidecar -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["pods/status"] - verbs: ["get", "patch", "update", "watch"] - # Kopf needs patch on secrets or the sidecar will throw - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "create", "list"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch", "update"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "patch"] - - apiGroups: ["mysql.oracle.com"] - resources: ["innodbclusters"] - verbs: ["get", "watch", "list"] - - apiGroups: ["mysql.oracle.com"] - resources: ["mysqlbackups"] - verbs: ["create", "get", "list", "patch", "update", "watch", "delete"] - - apiGroups: ["mysql.oracle.com"] - resources: ["mysqlbackups/status"] - verbs: ["get", "patch", "update", "watch"] ---- -# Source: mysql-operator/templates/cluster_role_binding_operator.yaml -# Give access to the operator -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: mysql-operator-rolebinding -subjects: - - kind: ServiceAccount - name: mysql-operator-sa - namespace: mysql-operator - # TODO The following entry is for dev purposes only and must be deleted - #- kind: Group - # name: system:serviceaccounts - # apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: mysql-operator - apiGroup: rbac.authorization.k8s.io ---- -# Source: mysql-operator/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: mysql-operator - namespace: mysql-operator - labels: - name: mysql-operator -spec: - type: ClusterIP - ports: - - port: 9443 - protocol: TCP - selector: - name: mysql-operator ---- -# Source: mysql-operator/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mysql-operator - namespace: mysql-operator - labels: - version: "8.0.40-2.0.16" - app.kubernetes.io/name: mysql-operator - app.kubernetes.io/instance: mysql-operator - app.kubernetes.io/version: "8.0.40-2.0.16" - app.kubernetes.io/component: controller -spec: - replicas: 1 - selector: - matchLabels: - name: mysql-operator - template: - metadata: - labels: - name: mysql-operator - spec: - containers: - - name: mysql-operator - image: container-registry.oracle.com/mysql/community-operator:8.0.40-2.0.16 - imagePullPolicy: IfNotPresent - args: ["mysqlsh", "--log-level=@INFO", "--pym", "mysqloperator", "operator"] - env: - - name: MYSQLSH_USER_CONFIG_HOME - value: /mysqlsh - - name: MYSQLSH_CREDENTIAL_STORE_SAVE_PASSWORDS - value: never - - - name: MYSQL_OPERATOR_IMAGE_PULL_POLICY - value: IfNotPresent - - readinessProbe: - exec: - command: - - cat - - /tmp/mysql-operator-ready - initialDelaySeconds: 1 - periodSeconds: 3 - volumeMounts: - - name: mysqlsh-home - mountPath: /mysqlsh - - name: tmpdir - mountPath: /tmp - securityContext: - runAsUser: 2 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - volumes: - - name: mysqlsh-home - emptyDir: {} - - name: tmpdir - emptyDir: {} - serviceAccountName: mysql-operator-sa ---- -# Source: mysql-operator/templates/cluster_kopf_keepering.yaml -apiVersion: zalando.org/v1 -kind: ClusterKopfPeering -metadata: - name: mysql-operator diff --git a/deploy/jiniaslog/monolith/redis/redis.yml b/deploy/jiniaslog/monolith/redis/redis.yml index 658d8846..b51033c6 100644 --- a/deploy/jiniaslog/monolith/redis/redis.yml +++ b/deploy/jiniaslog/monolith/redis/redis.yml @@ -1169,7 +1169,7 @@ spec: - "ReadWriteOnce" resources: requests: - storage: "10Gi" + storage: "1Gi" --- # Source: redis-ha/templates/tests/test-redis-ha-configmap.yaml apiVersion: v1