github.com/replicatedhq/ship@v0.55.0/integration/init/cockroach/expected/base/StatefulSet-cockroachdb.yaml (about) 1 apiVersion: apps/v1beta1 2 kind: StatefulSet 3 metadata: 4 name: cockroachdb 5 spec: 6 serviceName: "cockroachdb" 7 replicas: 3 8 template: 9 metadata: 10 labels: 11 app: cockroachdb 12 spec: 13 serviceAccountName: cockroachdb 14 # Init containers are run only once in the lifetime of a pod, before 15 # it's started up for the first time. It has to exit successfully 16 # before the pod's main containers are allowed to start. 17 initContainers: 18 # The init-certs container sends a certificate signing request to the 19 # kubernetes cluster. 20 # You can see pending requests using: kubectl get csr 21 # CSRs can be approved using: kubectl certificate approve <csr name> 22 # 23 # All addresses used to contact a node must be specified in the --addresses arg. 24 # 25 # In addition to the node certificate and key, the init-certs entrypoint will symlink 26 # the cluster CA to the certs directory. 27 - name: init-certs 28 image: cockroachdb/cockroach-k8s-request-cert:0.2 29 imagePullPolicy: IfNotPresent 30 command: 31 - "/bin/ash" 32 - "-ecx" 33 - "/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node -addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut -f 1-2 -d '.'),cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" 34 env: 35 - name: POD_IP 36 valueFrom: 37 fieldRef: 38 fieldPath: status.podIP 39 - name: POD_NAMESPACE 40 valueFrom: 41 fieldRef: 42 fieldPath: metadata.namespace 43 volumeMounts: 44 - name: certs 45 mountPath: /cockroach-certs 46 47 affinity: 48 podAntiAffinity: 49 preferredDuringSchedulingIgnoredDuringExecution: 50 - weight: 100 51 podAffinityTerm: 52 labelSelector: 53 matchExpressions: 54 - key: app 55 operator: In 56 values: 57 - cockroachdb 58 topologyKey: kubernetes.io/hostname 59 containers: 60 - name: cockroachdb 61 image: cockroachdb/cockroach:v1.1.5 62 imagePullPolicy: IfNotPresent 63 ports: 64 - containerPort: 26257 65 name: grpc 66 - containerPort: 8080 67 name: http 68 volumeMounts: 69 - name: datadir 70 mountPath: /cockroach/cockroach-data 71 - name: certs 72 mountPath: /cockroach/cockroach-certs 73 command: 74 - "/bin/bash" 75 - "-ecx" 76 # The use of qualified `hostname -f` is crucial: 77 # Other nodes aren't able to look up the unqualified hostname. 78 # Once 2.0 is out, we should be able to switch from --host to --advertise-host to make port-forwarding work to the main port. 79 - "exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs --host $(hostname -f) --http-host 0.0.0.0 --join cockroachdb-0.cockroachdb,cockroachdb-1.cockroachdb,cockroachdb-2.cockroachdb --cache 25% --max-sql-memory 25%" 80 # No pre-stop hook is required, a SIGTERM plus some time is all that's 81 # needed for graceful shutdown of a node. 82 terminationGracePeriodSeconds: 60 83 volumes: 84 - name: datadir 85 persistentVolumeClaim: 86 claimName: datadir 87 - name: certs 88 emptyDir: {} 89 updateStrategy: 90 type: RollingUpdate 91 volumeClaimTemplates: 92 - metadata: 93 name: datadir 94 spec: 95 accessModes: 96 - "ReadWriteOnce" 97 resources: 98 requests: 99 storage: 1Gi