Skip to content

Commit

Permalink
add mysql-operator config files
Browse files Browse the repository at this point in the history
  • Loading branch information
zyzuiuc committed Mar 11, 2024
1 parent 576dc5c commit daf3255
Show file tree
Hide file tree
Showing 6 changed files with 2,722 additions and 0 deletions.
1,350 changes: 1,350 additions & 0 deletions data/mysql_mysql-operator/context.json

Large diffs are not rendered by default.

1,095 changes: 1,095 additions & 0 deletions data/mysql_mysql-operator/deploy-crds.yaml

Large diffs are not rendered by default.

199 changes: 199 additions & 0 deletions data/mysql_mysql-operator/deploy-operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
# The main role for the operator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mysql-operator
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["get", "patch", "update", "watch"]
# Kopf needs patch on secrets or the sidecar will throw
# The operator needs this verb to be able to pass it to the sidecar
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create", "update", "list", "watch", "patch", "delete"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "create", "list", "update", "delete", "patch"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "create", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["get", "create"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["get", "create"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create"]
- apiGroups: ["batch"]
resources: ["cronjobs"]
verbs: ["get", "create", "update", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "create", "patch", "update", "watch", "delete"]
- apiGroups: ["mysql.oracle.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["zalando.org"]
resources: ["*"]
verbs: ["get", "patch", "list", "watch"]
# Kopf: runtime observation of namespaces & CRDs (addition/deletion).
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [list, watch]
- apiGroups: [""]
resources: [namespaces]
verbs: [list, watch]
- apiGroups: ["monitoring.coreos.com"]
resources: ["servicemonitors"]
verbs: ["get", "create", "patch", "update", "delete"]
---
# role for the server sidecar
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mysql-sidecar
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["get", "patch", "update", "watch"]
# Kopf needs patch on secrets or the sidecar will throw
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "create", "list", "update"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "patch"]
- apiGroups: ["mysql.oracle.com"]
resources: ["innodbclusters"]
verbs: ["get", "watch", "list"]
- apiGroups: ["mysql.oracle.com"]
resources: ["mysqlbackups"]
verbs: ["create", "get", "list", "patch", "update", "watch", "delete"]
- apiGroups: ["mysql.oracle.com"]
resources: ["mysqlbackups/status"]
verbs: ["get", "patch", "update", "watch"]
---
# Give access to the operator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mysql-operator-rolebinding
subjects:
- kind: ServiceAccount
name: mysql-operator-sa
namespace: mysql-operator
# TODO The following entry is for dev purposes only
#- kind: Group
# name: system:serviceaccounts
# apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mysql-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: zalando.org/v1
kind: ClusterKopfPeering
metadata:
name: mysql-operator
---
apiVersion: v1
kind: Namespace
metadata:
name: mysql-operator
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: mysql-operator-sa
namespace: mysql-operator
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-operator
namespace: mysql-operator
labels:
version: "1.0"
app.kubernetes.io/name: mysql-operator
app.kubernetes.io/instance: mysql-operator
app.kubernetes.io/version: 8.3.0-2.1.2
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: mysql-operator
app.kubernetes.io/created-by: mysql-operator
spec:
replicas: 1
selector:
matchLabels:
name: mysql-operator
template:
metadata:
labels:
name: mysql-operator
spec:
containers:
- name: mysql-operator
image: container-registry.oracle.com/mysql/community-operator:8.3.0-2.1.2
imagePullPolicy: IfNotPresent
args:
[
"mysqlsh",
"--log-level=@INFO",
"--pym",
"mysqloperator",
"operator",
]
env:
- name: MYSQLSH_USER_CONFIG_HOME
value: /mysqlsh
- name: MYSQLSH_CREDENTIAL_STORE_SAVE_PASSWORDS
value: never
readinessProbe:
exec:
command:
- cat
- /tmp/mysql-operator-ready
initialDelaySeconds: 1
periodSeconds: 3
volumeMounts:
- name: mysqlsh-home
mountPath: /mysqlsh
- name: tmpdir
mountPath: /tmp
securityContext:
runAsUser: 2
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: mysqlsh-home
emptyDir: {}
- name: tmpdir
emptyDir: {}
serviceAccountName: mysql-operator-sa
36 changes: 36 additions & 0 deletions data/mysql_mysql-operator/mysql-operator-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"deploy": {
"steps": [
{
"apply": {
"file": "data/mysql_mysql-operator/deploy-crds.yaml",
"namespace": "default"
}
},
{
"wait": {
"duration": 10
}
},
{
"apply": {
"file": "data/mysql_mysql-operator/deploy-operator.yaml",
"operator": true
}
},
{
"wait": {
"duration": 10
}
},
{
"apply": {
"file": "data/mysql_mysql-operator/secret.yaml",
"operator": true
}
}
]
},
"crd_name": "innodbclusters.mysql.oracle.com",
"seed_custom_resource": "data/mysql_mysql-operator/cr.yaml"
}
23 changes: 23 additions & 0 deletions data/mysql_mysql-operator/mysql-operator-cr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
#
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
#
# This sample creates a simple InnoDB Cluster with help from the MySQL Operator.
# This yields:
# 3 MySQL Server Pods; one primary and two secondaries
# 1 MySQL Router Pod
# It uses self-signed TLS certificates.
# It requires a deployed Operator (e.g., deploy/deploy-operator.yaml),
# and requires root user credentials provided by a Kubernetes Secret;
# the Secret is named mypwds in this case (e.g., sample-secret.yaml)
#
apiVersion: mysql.oracle.com/v2
kind: InnoDBCluster
metadata:
name: test-cluster
spec:
secretName: mypwds
instances: 3
router:
instances: 1
tlsUseSelfSigned: true
19 changes: 19 additions & 0 deletions data/mysql_mysql-operator/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
#
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
#
# This sample adds a Secret to reference from an InnoDBCluster manifest.
# It's used to create a privileged MySQL user, a user used by a sysadmin to manage the cluster.
# Although typically named "root", it can be a different name.
# Note: MySQL Operator creates additional (internal) Secrets and MySQL users.
#
# This file requires editing before deployment; other samples here reference the name 'mypwds'
#
apiVersion: v1
kind: Secret
metadata:
name: mypwds
stringData:
rootUser: root
rootHost: '%'
rootPassword: password

0 comments on commit daf3255

Please sign in to comment.