github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/orioledb/templates/clusterdefinition.yaml (about) 1 apiVersion: apps.kubeblocks.io/v1alpha1 2 kind: ClusterDefinition 3 metadata: 4 name: orioledb 5 labels: 6 {{- include "orioledb.labels" . | nindent 4 }} 7 spec: 8 type: orioledb 9 connectionCredential: 10 username: postgres 11 password: "$(RANDOM_PASSWD)" 12 endpoint: "$(SVC_FQDN):$(SVC_PORT_tcp-orioledb)" 13 host: "$(SVC_FQDN)" 14 port: "$(SVC_PORT_tcp-orioledb)" 15 componentDefs: 16 - name: orioledb 17 workloadType: Replication 18 characterType: postgresql 19 switchoverSpec: 20 withCandidate: 21 cmdExecutorConfig: 22 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 23 command: 24 - /bin/bash 25 - -c 26 args: 27 - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)","candidate":"$(KB_SWITCHOVER_CANDIDATE_NAME)"}' 28 withoutCandidate: 29 cmdExecutorConfig: 30 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 31 command: 32 - /bin/bash 33 - -c 34 args: 35 - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)"}' 36 customLabelSpecs: 37 - key: apps.kubeblocks.postgres.patroni/scope 38 value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)" 39 resources: 40 - gvk: "v1/Pod" 41 selector: 42 app.kubernetes.io/managed-by: kubeblocks 43 - gvk: "apps/v1/StatefulSet" 44 selector: 45 app.kubernetes.io/managed-by: kubeblocks 46 probes: 47 roleProbe: 48 failureThreshold: 2 49 periodSeconds: 1 50 timeoutSeconds: 1 51 monitor: 52 builtIn: false 53 exporterConfig: 54 scrapePath: /metrics 55 scrapePort: {{ .Values.metrics.service.port }} 56 logConfigs: 57 {{- range $name,$pattern := .Values.logConfigs }} 58 - name: {{ $name }} 59 filePathPattern: {{ $pattern }} 60 {{- end }} 61 configSpecs: 62 - name: orioledb-configuration 63 templateRef: orioledb-configuration 64 constraintRef: orioledb-cc 65 keys: 66 - postgresql.conf 67 namespace: {{ .Release.Namespace }} 68 volumeName: postgresql-config 69 defaultMode: 0777 70 - name: orioledb-pgbouncer-configuration 71 templateRef: orioledb-pgbouncer-configuration 72 keys: 73 - pgbouncer.ini 74 namespace: {{ .Release.Namespace }} 75 volumeName: pgbouncer-config 76 defaultMode: 0777 77 - name: orioledb-custom-metrics 78 templateRef: orioledb-custom-metrics 79 namespace: {{ .Release.Namespace }} 80 volumeName: postgresql-custom-metrics 81 defaultMode: 0777 82 - name: agamotto-configuration 83 templateRef: orioledb-agamotto-configuration 84 namespace: {{ .Release.Namespace }} 85 volumeName: agamotto-configuration 86 defaultMode: 0777 87 - name: etcd-env 88 templateRef: etcd-env 89 namespace: {{ .Release.Namespace }} 90 volumeName: patroni-dependency 91 defaultMode: 0777 92 scriptSpecs: 93 - name: orioledb-scripts 94 templateRef: orioledb-scripts 95 namespace: {{ .Release.Namespace }} 96 volumeName: scripts 97 defaultMode: 0777 98 serviceRefDeclarations: 99 - name: etcdService 100 serviceRefDeclarationSpecs: 101 - serviceKind: etcd 102 serviceVersion: ^v3.\d...d$ 103 service: 104 ports: 105 - name: tcp-orioledb 106 port: 5432 107 targetPort: tcp-orioledb 108 - name: tcp-pgbouncer 109 port: 6432 110 targetPort: tcp-pgbouncer 111 volumeTypes: 112 - name: data 113 type: data 114 podSpec: 115 securityContext: 116 runAsUser: 0 117 fsGroup: 103 118 runAsGroup: 103 119 containers: 120 - name: postgresql 121 imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }} 122 command: 123 - bin/bash 124 - -c 125 - /kb-scripts/setup.sh 126 securityContext: 127 runAsUser: 0 128 readinessProbe: 129 failureThreshold: 3 130 initialDelaySeconds: 10 131 periodSeconds: 30 132 successThreshold: 1 133 timeoutSeconds: 5 134 exec: 135 command: 136 - /bin/sh 137 - -c 138 - -ee 139 - | 140 exec pg_isready -U {{ default "postgres" | quote }} -h 127.0.0.1 -p 5432 141 [ -f /postgresql/tmp/.initialized ] || [ -f /postgresql/.initialized ] 142 volumeMounts: 143 - name: dshm 144 mountPath: /dev/shm 145 - name: data 146 mountPath: /home/postgres/pgdata 147 - name: postgresql-config 148 mountPath: /home/postgres/conf 149 - name: scripts 150 mountPath: /kb-scripts 151 - name: pod-info 152 mountPath: /kb-podinfo 153 - name: patroni-dependency 154 mountPath: /dependency 155 ports: 156 - name: tcp-orioledb 157 containerPort: 5432 158 - name: patroni 159 containerPort: 8008 160 env: ## refer https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst 161 - name: PGROOT 162 value: /home/postgres/pgdata/pgroot 163 - name: SCOPE 164 value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)" 165 - name: KUBERNETES_SCOPE_LABEL 166 value: "apps.kubeblocks.postgres.patroni/scope" 167 - name: KUBERNETES_ROLE_LABEL 168 value: "apps.kubeblocks.postgres.patroni/role" 169 - name: RESTORE_DATA_DIR 170 value: /home/postgres/pgdata/kb_restore 171 - name: KB_PG_CONFIG_PATH 172 value: /home/postgres/conf/postgresql.conf 173 - name: ALLOW_NOSSL 174 value: "true" 175 - name: PGROOT 176 value: /home/postgres/pgdata/pgroot 177 - name: PGDATA 178 value: /home/postgres/pgdata/pgroot/data 179 - name: POD_IP 180 valueFrom: 181 fieldRef: 182 apiVersion: v1 183 fieldPath: status.podIP 184 - name: POD_NAMESPACE 185 valueFrom: 186 fieldRef: 187 apiVersion: v1 188 fieldPath: metadata.namespace 189 - name: PGUSER_SUPERUSER 190 valueFrom: 191 secretKeyRef: 192 name: $(CONN_CREDENTIAL_SECRET_NAME) 193 key: username 194 optional: false 195 - name: PGPASSWORD_SUPERUSER 196 valueFrom: 197 secretKeyRef: 198 name: $(CONN_CREDENTIAL_SECRET_NAME) 199 key: password 200 optional: false 201 - name: PGUSER_ADMIN 202 value: superadmin 203 - name: PGPASSWORD_ADMIN 204 valueFrom: 205 secretKeyRef: 206 name: $(CONN_CREDENTIAL_SECRET_NAME) 207 key: password 208 optional: false 209 - name: PGUSER_STANDBY 210 value: standby 211 - name: PGPASSWORD_STANDBY 212 valueFrom: 213 secretKeyRef: 214 name: $(CONN_CREDENTIAL_SECRET_NAME) 215 key: password 216 optional: false 217 - name: PGUSER 218 valueFrom: 219 secretKeyRef: 220 name: $(CONN_CREDENTIAL_SECRET_NAME) 221 key: username 222 optional: false 223 - name: POSTGRES_PASSWORD 224 valueFrom: 225 secretKeyRef: 226 name: $(CONN_CREDENTIAL_SECRET_NAME) 227 key: password 228 optional: false 229 - name: pgbouncer 230 imagePullPolicy: {{ .Values.pgbouncer.image.pullPolicy | quote }} 231 securityContext: 232 runAsUser: 0 233 ports: 234 - name: tcp-pgbouncer 235 containerPort: 6432 236 volumeMounts: 237 - name: pgbouncer-config 238 mountPath: /home/pgbouncer/conf 239 - name: scripts 240 mountPath: /kb-scripts 241 command: 242 - /kb-scripts/pgbouncer_setup.sh 243 livenessProbe: 244 failureThreshold: 3 245 initialDelaySeconds: 15 246 periodSeconds: 30 247 successThreshold: 1 248 timeoutSeconds: 5 249 tcpSocket: 250 port: tcp-pgbouncer 251 readinessProbe: 252 failureThreshold: 3 253 initialDelaySeconds: 15 254 periodSeconds: 30 255 successThreshold: 1 256 timeoutSeconds: 5 257 tcpSocket: 258 port: tcp-pgbouncer 259 env: 260 - name: PGBOUNCER_AUTH_TYPE 261 value: md5 262 - name: POSTGRESQL_USERNAME 263 valueFrom: 264 secretKeyRef: 265 name: $(CONN_CREDENTIAL_SECRET_NAME) 266 key: username 267 optional: false 268 - name: POSTGRESQL_PASSWORD 269 valueFrom: 270 secretKeyRef: 271 name: $(CONN_CREDENTIAL_SECRET_NAME) 272 key: password 273 optional: false 274 - name: POSTGRESQL_PORT 275 value: "5432" 276 - name: POSTGRESQL_HOST 277 valueFrom: 278 fieldRef: 279 apiVersion: v1 280 fieldPath: status.podIP 281 - name: PGBOUNCER_PORT 282 value: "6432" 283 - name: PGBOUNCER_BIND_ADDRESS 284 value: "0.0.0.0" 285 - name: metrics 286 image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }} 287 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} 288 securityContext: 289 runAsUser: 0 290 env: 291 - name: ENDPOINT 292 value: {{ printf "127.0.0.1:5432" }} 293 - name: DATA_SOURCE_PASS 294 valueFrom: 295 secretKeyRef: 296 name: $(CONN_CREDENTIAL_SECRET_NAME) 297 key: password 298 optional: false 299 - name: DATA_SOURCE_USER 300 valueFrom: 301 secretKeyRef: 302 name: $(CONN_CREDENTIAL_SECRET_NAME) 303 key: username 304 optional: false 305 command: 306 - "/bin/agamotto" 307 - "--config=/opt/agamotto/agamotto-config.yaml" 308 ports: 309 - name: http-metrics 310 containerPort: {{ .Values.metrics.service.port }} 311 volumeMounts: 312 - name: postgresql-custom-metrics 313 mountPath: /opt/conf 314 - name: agamotto-configuration 315 mountPath: /opt/agamotto 316 volumes: 317 - name: dshm 318 emptyDir: 319 medium: Memory 320 {{- with .Values.shmVolume.sizeLimit }} 321 sizeLimit: {{ . }} 322 {{- end }} 323 - name: pod-info 324 downwardAPI: 325 items: 326 - path: "pod-role" 327 fieldRef: 328 fieldPath: metadata.labels['kubeblocks.io/role'] 329 - path: "primary-pod" 330 fieldRef: 331 fieldPath: metadata.annotations['rs.apps.kubeblocks.io/primary'] 332 - path: "component-replicas" 333 fieldRef: 334 fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas'] 335 systemAccounts: 336 cmdExecutorConfig: 337 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 338 command: 339 - psql 340 args: 341 - -h$(KB_ACCOUNT_ENDPOINT) 342 - -c 343 - $(KB_ACCOUNT_STATEMENT) 344 env: 345 - name: PGUSER 346 valueFrom: 347 secretKeyRef: 348 name: $(CONN_CREDENTIAL_SECRET_NAME) 349 key: username 350 optional: false 351 - name: PGPASSWORD 352 valueFrom: 353 secretKeyRef: 354 name: $(CONN_CREDENTIAL_SECRET_NAME) 355 key: password 356 optional: false 357 passwordConfig: 358 length: 10 359 numDigits: 5 360 numSymbols: 0 361 letterCase: MixedCases 362 accounts: 363 - name: kbadmin 364 provisionPolicy: &kbAdminAcctRef 365 type: CreateByStmt 366 scope: AnyPods 367 statements: 368 creation: CREATE USER $(USERNAME) SUPERUSER PASSWORD '$(PASSWD)'; 369 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 370 - name: kbdataprotection 371 provisionPolicy: *kbAdminAcctRef 372 - name: kbprobe 373 provisionPolicy: &kbReadonlyAcctRef 374 type: CreateByStmt 375 scope: AnyPods 376 statements: 377 creation: CREATE USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; GRANT pg_monitor TO $(USERNAME); 378 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 379 - name: kbmonitoring 380 provisionPolicy: *kbReadonlyAcctRef 381 - name: kbreplicator 382 provisionPolicy: 383 type: CreateByStmt 384 scope: AnyPods 385 statements: 386 creation: CREATE USER $(USERNAME) WITH REPLICATION PASSWORD '$(PASSWD)'; 387 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';