github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/multiregion/external-name-svc.yaml

github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/multiregion/external-name-svc.yaml (about)

     1  # This file contains the definitions needed to expose cockroachdb in a namespace
     2  # other than the one it's running in.
     3  # To use this file:
     4  # 1. Replace "YOUR_ZONE_HERE" in this file with the name of the namespace that
     5  #    cockroachdb is running in in the given cluster.
     6  # 2. Create a secret containing the certificates in the namespace that you want
     7  #    to expose the service in (the "default" namespace is assumed by the
     8  #    certificate creation commands in setup.py):
     9  #      kubectl create secret generic cockroachdb.client.root --namespace=YOUR_ZONE_HERE --from-file=certs
    10  # 3. Create the resources in this cluster:
    11  #      kubectl apply -f external-name-svc.yaml
    12  #
    13  # After completing these steps, you should be able to access the cockroachdb
    14  # cluster at the name `cockroachdb-public` in the default Kubernetes namespace
    15  # (or at the name `cockroachdb-public.default` from any namespace).
    16  #
    17  # Note that the ServiceAccount and roles defined below are only needed for
    18  # accessing the Secret containing the root client certificate. If you are
    19  # managing client certificates (or passwords) some other way, you can do away
    20  # with everything in this file other than the Service.
    21  kind: Service
    22  apiVersion: v1
    23  metadata:
    24    name: cockroachdb-public
    25  spec:
    26    type: ExternalName
    27    externalName: cockroachdb-public.YOUR_ZONE_HERE.svc.cluster.local
    28  ---
    29  apiVersion: v1
    30  kind: ServiceAccount
    31  metadata:
    32    name: cockroachdb
    33    labels:
    34      app: cockroachdb
    35  ---
    36  apiVersion: rbac.authorization.k8s.io/v1beta1
    37  kind: Role
    38  metadata:
    39    name: cockroachdb
    40    labels:
    41      app: cockroachdb
    42  rules:
    43  - apiGroups:
    44    - ""
    45    resources:
    46    - secrets
    47    verbs:
    48    - create
    49    - get
    50  ---
    51  apiVersion: rbac.authorization.k8s.io/v1beta1
    52  kind: RoleBinding
    53  metadata:
    54    name: cockroachdb
    55    labels:
    56      app: cockroachdb
    57  roleRef:
    58    apiGroup: rbac.authorization.k8s.io
    59    kind: Role
    60    name: cockroachdb
    61  subjects:
    62  - kind: ServiceAccount
    63    name: cockroachdb
    64    namespace: default