Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add mysql-operator config files #356

Merged
merged 1 commit into from
Mar 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,350 changes: 1,350 additions & 0 deletions data/mysql_mysql-operator/context.json

Large diffs are not rendered by default.

1,095 changes: 1,095 additions & 0 deletions data/mysql_mysql-operator/deploy-crds.yaml

Large diffs are not rendered by default.

199 changes: 199 additions & 0 deletions data/mysql_mysql-operator/deploy-operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
# The main role for the operator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mysql-operator
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["get", "patch", "update", "watch"]
# Kopf needs patch on secrets or the sidecar will throw
# The operator needs this verb to be able to pass it to the sidecar
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create", "update", "list", "watch", "patch", "delete"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "create", "list", "update", "delete", "patch"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "create", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["get", "create"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["get", "create"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create"]
- apiGroups: ["batch"]
resources: ["cronjobs"]
verbs: ["get", "create", "update", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "create", "patch", "update", "watch", "delete"]
- apiGroups: ["mysql.oracle.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["zalando.org"]
resources: ["*"]
verbs: ["get", "patch", "list", "watch"]
# Kopf: runtime observation of namespaces & CRDs (addition/deletion).
- apiGroups: [apiextensions.k8s.io]
resources: [customresourcedefinitions]
verbs: [list, watch]
- apiGroups: [""]
resources: [namespaces]
verbs: [list, watch]
- apiGroups: ["monitoring.coreos.com"]
resources: ["servicemonitors"]
verbs: ["get", "create", "patch", "update", "delete"]
---
# role for the server sidecar
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mysql-sidecar
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["get", "patch", "update", "watch"]
# Kopf needs patch on secrets or the sidecar will throw
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "create", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "create", "list", "update"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "patch"]
- apiGroups: ["mysql.oracle.com"]
resources: ["innodbclusters"]
verbs: ["get", "watch", "list"]
- apiGroups: ["mysql.oracle.com"]
resources: ["mysqlbackups"]
verbs: ["create", "get", "list", "patch", "update", "watch", "delete"]
- apiGroups: ["mysql.oracle.com"]
resources: ["mysqlbackups/status"]
verbs: ["get", "patch", "update", "watch"]
---
# Give access to the operator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mysql-operator-rolebinding
subjects:
- kind: ServiceAccount
name: mysql-operator-sa
namespace: mysql-operator
# TODO The following entry is for dev purposes only
#- kind: Group
# name: system:serviceaccounts
# apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mysql-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: zalando.org/v1
kind: ClusterKopfPeering
metadata:
name: mysql-operator
---
apiVersion: v1
kind: Namespace
metadata:
name: mysql-operator
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: mysql-operator-sa
namespace: mysql-operator
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-operator
namespace: mysql-operator
labels:
version: "1.0"
app.kubernetes.io/name: mysql-operator
app.kubernetes.io/instance: mysql-operator
app.kubernetes.io/version: 8.3.0-2.1.2
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: mysql-operator
app.kubernetes.io/created-by: mysql-operator
spec:
replicas: 1
selector:
matchLabels:
name: mysql-operator
template:
metadata:
labels:
name: mysql-operator
spec:
containers:
- name: mysql-operator
image: container-registry.oracle.com/mysql/community-operator:8.3.0-2.1.2
imagePullPolicy: IfNotPresent
args:
[
"mysqlsh",
"--log-level=@INFO",
"--pym",
"mysqloperator",
"operator",
]
env:
- name: MYSQLSH_USER_CONFIG_HOME
value: /mysqlsh
- name: MYSQLSH_CREDENTIAL_STORE_SAVE_PASSWORDS
value: never
readinessProbe:
exec:
command:
- cat
- /tmp/mysql-operator-ready
initialDelaySeconds: 1
periodSeconds: 3
volumeMounts:
- name: mysqlsh-home
mountPath: /mysqlsh
- name: tmpdir
mountPath: /tmp
securityContext:
runAsUser: 2
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: mysqlsh-home
emptyDir: {}
- name: tmpdir
emptyDir: {}
serviceAccountName: mysql-operator-sa
36 changes: 36 additions & 0 deletions data/mysql_mysql-operator/mysql-operator-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"deploy": {
"steps": [
{
"apply": {
"file": "data/mysql_mysql-operator/deploy-crds.yaml",
"namespace": "default"
}
},
{
"wait": {
"duration": 10
}
},
{
"apply": {
"file": "data/mysql_mysql-operator/deploy-operator.yaml",
"operator": true
}
},
{
"wait": {
"duration": 10
}
},
{
"apply": {
"file": "data/mysql_mysql-operator/secret.yaml",
"operator": true
}
}
]
},
"crd_name": "innodbclusters.mysql.oracle.com",
"seed_custom_resource": "data/mysql_mysql-operator/cr.yaml"
}
23 changes: 23 additions & 0 deletions data/mysql_mysql-operator/mysql-operator-cr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
#
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
#
# This sample creates a simple InnoDB Cluster with help from the MySQL Operator.
# This yields:
# 3 MySQL Server Pods; one primary and two secondaries
# 1 MySQL Router Pod
# It uses self-signed TLS certificates.
# It requires a deployed Operator (e.g., deploy/deploy-operator.yaml),
# and requires root user credentials provided by a Kubernetes Secret;
# the Secret is named mypwds in this case (e.g., sample-secret.yaml)
#
apiVersion: mysql.oracle.com/v2
kind: InnoDBCluster
metadata:
name: test-cluster
spec:
secretName: mypwds
instances: 3
router:
instances: 1
tlsUseSelfSigned: true
19 changes: 19 additions & 0 deletions data/mysql_mysql-operator/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
#
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
#
# This sample adds a Secret to reference from an InnoDBCluster manifest.
# It's used to create a privileged MySQL user, a user used by a sysadmin to manage the cluster.
# Although typically named "root", it can be a different name.
# Note: MySQL Operator creates additional (internal) Secrets and MySQL users.
#
# This file requires editing before deployment; other samples here reference the name 'mypwds'
#
apiVersion: v1
kind: Secret
metadata:
name: mypwds
stringData:
rootUser: root
rootHost: '%'
rootPassword: password
Loading