From 936542b7afa923182fb5fc8f53f9244d96d56da5 Mon Sep 17 00:00:00 2001 From: DanielZhangQD <36026334+DanielZhangQD@users.noreply.github.com> Date: Wed, 18 Mar 2020 10:08:26 +0800 Subject: [PATCH] update permission for tidb-controller-manager and add example for tidb-monitor (#1954) * update permission for tidb-controller-manager and add example for tidb-monitor * address comments --- .../templates/controller-manager-rbac.yaml | 4 +- manifests/monitor/tidb-monitor.yaml | 83 +++++++++++++++++++ 2 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 manifests/monitor/tidb-monitor.yaml diff --git a/charts/tidb-operator/templates/controller-manager-rbac.yaml b/charts/tidb-operator/templates/controller-manager-rbac.yaml index 7e4930ef9c..626e8cc020 100644 --- a/charts/tidb-operator/templates/controller-manager-rbac.yaml +++ b/charts/tidb-operator/templates/controller-manager-rbac.yaml @@ -38,7 +38,7 @@ rules: verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: [""] resources: ["secrets"] - verbs: ["create", "get", "list", "watch"] + verbs: ["create", "update", "get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "create", "update", "delete"] @@ -135,7 +135,7 @@ rules: verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: [""] resources: ["secrets"] - verbs: ["create", "get", "list", "watch"] + verbs: ["create", "update", "get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "create", "update", "delete"] diff --git a/manifests/monitor/tidb-monitor.yaml b/manifests/monitor/tidb-monitor.yaml new file mode 100644 index 0000000000..06850363a2 --- /dev/null +++ b/manifests/monitor/tidb-monitor.yaml @@ -0,0 +1,83 @@ +apiVersion: pingcap.com/v1alpha1 +kind: TidbMonitor +metadata: + name: demo +spec: + clusters: + - name: demo + prometheus: + baseImage: prom/prometheus + version: v2.11.1 + resources: {} + # limits: + # cpu: 8000m + # memory: 8Gi + # requests: + # cpu: 4000m + # memory: 4Gi + imagePullPolicy: IfNotPresent + logLevel: info + reserveDays: 12 + service: + type: NodePort + portName: http-prometheus + grafana: + baseImage: grafana/grafana + version: 6.0.1 + imagePullPolicy: IfNotPresent + logLevel: info + resources: {} + # limits: + # cpu: 8000m + # memory: 8Gi + # requests: + # cpu: 4000m + # memory: 4Gi + username: admin + password: admin + envs: + # Configure Grafana using environment variables except GF_PATHS_DATA, GF_SECURITY_ADMIN_USER and GF_SECURITY_ADMIN_PASSWORD + # Ref https://grafana.com/docs/installation/configuration/#using-environment-variables + GF_AUTH_ANONYMOUS_ENABLED: "true" + GF_AUTH_ANONYMOUS_ORG_NAME: "Main Org." + GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer" + # if grafana is running behind a reverse proxy with subpath http://foo.bar/grafana + # GF_SERVER_DOMAIN: foo.bar + # GF_SERVER_ROOT_URL: "%(protocol)s://%(domain)s/grafana/" + service: + type: NodePort + portName: http-grafana + initializer: + baseImage: pingcap/tidb-monitor-initializer + version: v3.0.9 + imagePullPolicy: Always + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 50m + # memory: 64Mi + reloader: + baseImage: pingcap/tidb-monitor-reloader + version: v1.0.1 + imagePullPolicy: IfNotPresent + service: + type: NodePort + portName: tcp-reloader + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 50m + # memory: 64Mi + imagePullPolicy: IfNotPresent + persistent: true + storageClassName: local-storage + storage: 10Gi + nodeSelector: {} + annotations: {} + tolerations: [] + kubePrometheusURL: http://prometheus-k8s.monitoring.svc:9090 + alertmanagerURL: ""