alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 4 Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-03-18 17:05:35 +00:00
parent ff4bbf0fbd
commit 2afab824e5
40 changed files with 14732 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/cl01tl/manifests/mariadb-operator/-.yaml
View File

@@ -1 +0,0 @@

34
clusters/cl01tl/manifests/mariadb-operator/ClusterRole-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mariadb-operator-cert-controller
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- list
- update
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
- endpointslices/restricted
verbs:
- get
- list
- watch

10
clusters/cl01tl/manifests/mariadb-operator/ClusterRole-mariadb-operator-edit.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mariadb-operator-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["k8s.mariadb.com"]
resources: ["*"]
verbs: ["create", "update", "patch", "delete"]

10
clusters/cl01tl/manifests/mariadb-operator/ClusterRole-mariadb-operator-view.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mariadb-operator-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: ["k8s.mariadb.com"]
resources: ["*"]
verbs: ["get", "list", "watch"]

250
clusters/cl01tl/manifests/mariadb-operator/ClusterRole-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,250 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mariadb-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
- secrets
- serviceaccounts
- services
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- deletecollection
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- list
- patch
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- list
- patch
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- list
- patch
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
- endpointslices/restricted
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- list
- patch
- watch
- apiGroups:
- k8s.mariadb.com
resources:
- backups
- connections
- databases
- externalmariadbs
- grants
- mariadbs
- maxscales
- physicalbackups
- restores
- sqljobs
- users
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.mariadb.com
resources:
- backups/finalizers
- connections/finalizers
- databases/finalizers
- externalmariadbs/finalizers
- grants/finalizers
- mariadbs/finalizers
- maxscales/finalizers
- physicalbackups/finalizers
- restores/finalizers
- sqljobs/finalizers
- users/finalizers
verbs:
- update
- apiGroups:
- k8s.mariadb.com
resources:
- backups/status
- connections/status
- databases/status
- externalmariadbs/status
- grants/status
- mariadbs/status
- maxscales/status
- physicalbackups/status
- pointintimerecoveries/status
- restores/status
- sqljobs/status
- users/status
verbs:
- get
- patch
- update
- apiGroups:
- k8s.mariadb.com
resources:
- maxscale
verbs:
- create
- list
- patch
- watch
- apiGroups:
- k8s.mariadb.com
resources:
- pointintimerecoveries
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- rolebindings
- roles
verbs:
- create
- list
- patch
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- delete
- get
- list
- patch
- watch

12
clusters/cl01tl/manifests/mariadb-operator/ClusterRoleBinding-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mariadb-operator-cert-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: mariadb-operator-cert-controller
subjects:
- kind: ServiceAccount
name: mariadb-operator-cert-controller-cert-controller
namespace: mariadb-operator

12
clusters/cl01tl/manifests/mariadb-operator/ClusterRoleBinding-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mariadb-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: mariadb-operator
subjects:
- kind: ServiceAccount
name: mariadb-operator
namespace: mariadb-operator

12
clusters/cl01tl/manifests/mariadb-operator/ClusterRoleBinding-mariadb-operator:auth-delegator.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mariadb-operator:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: mariadb-operator
namespace: mariadb-operator

14
clusters/cl01tl/manifests/mariadb-operator/ConfigMap-mariadb-operator-env.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
data:
MARIADB_OPERATOR_IMAGE: "docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:26.3.0"
MARIADB_GALERA_LIB_PATH: "/usr/lib/galera/libgalera_smm.so"
MARIADB_DEFAULT_VERSION: "11.8"
RELATED_IMAGE_MARIADB: "docker-registry1.mariadb.com/library/mariadb:11.8.5"
RELATED_IMAGE_MARIADB_NAME: "docker-registry1.mariadb.com/library/mariadb"
RELATED_IMAGE_MAXSCALE: "docker-registry2.mariadb.com/mariadb/maxscale:23.08.5"
RELATED_IMAGE_EXPORTER: "prom/mysqld-exporter:v0.15.1"
RELATED_IMAGE_EXPORTER_MAXSCALE: "docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1"
kind: ConfigMap
metadata:
creationTimestamp: null
name: mariadb-operator-env

1102
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-backups.k8s.mariadb.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

245
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-connections.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,245 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: connections.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: Connection
listKind: ConnectionList
plural: connections
shortNames:
- cmdb
singular: connection
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .spec.secretName
name: Secret
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Connection is the Schema for the connections API. It is used to configure connection strings for the applications connecting to MariaDB.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ConnectionSpec defines the desired state of Connection
properties:
database:
description: Database to use when configuring the Connection.
type: string
healthCheck:
description: HealthCheck to be used in the Connection.
properties:
interval:
description: Interval used to perform health checks.
type: string
retryInterval:
description: RetryInterval is the interval used to perform health check retries.
type: string
type: object
host:
description: Host to connect to. If not provided, it defaults to the MariaDB host or to the MaxScale host.
type: string
mariaDbRef:
description: MariaDBRef is a reference to the MariaDB to connect to. Either MariaDBRef or MaxScaleRef must be provided.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
maxScaleRef:
description: MaxScaleRef is a reference to the MaxScale to connect to. Either MariaDBRef or MaxScaleRef must be provided.
properties:
name:
type: string
namespace:
type: string
type: object
params:
additionalProperties:
type: string
description: Params to be used in the Connection.
type: object
passwordSecretKeyRef:
description: |-
PasswordSecretKeyRef is a reference to the password to use for configuring the Connection.
Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
port:
description: Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
format: int32
type: integer
secretName:
description: SecretName to be used in the Connection.
type: string
secretTemplate:
description: SecretTemplate to be used in the Connection.
properties:
databaseKey:
description: DatabaseKey to be used in the Secret.
type: string
format:
description: Format to be used in the Secret.
type: string
hostKey:
description: HostKey to be used in the Secret.
type: string
key:
description: Key to be used in the Secret.
type: string
metadata:
description: Metadata to be added to the Secret object.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
passwordKey:
description: PasswordKey to be used in the Secret.
type: string
portKey:
description: PortKey to be used in the Secret.
type: string
usernameKey:
description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
description: ServiceName to be used in the Connection.
type: string
tlsClientCertSecretRef:
description: |-
TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when checking the connection health.
Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.
If not provided, the client certificate provided by the referred MariaDB is used if TLS is enabled.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the client certificate.
properties:
name:
default: ""
type: string
type: object
username:
description: Username to use for configuring the Connection.
type: string
required:
- username
type: object
status:
description: ConnectionStatus defines the observed state of Connection
properties:
conditions:
description: Conditions for the Connection object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

171
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-databases.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: databases.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: Database
listKind: DatabaseList
plural: databases
shortNames:
- dmdb
singular: database
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .spec.characterSet
name: CharSet
type: string
- jsonPath: .spec.collate
name: Collate
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.name
name: Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Database is the Schema for the databases API. It is used to define a logical database as if you were running a 'CREATE DATABASE' statement.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DatabaseSpec defines the desired state of Database
properties:
characterSet:
default: utf8
description: CharacterSet to use in the Database.
type: string
cleanupPolicy:
description: CleanupPolicy defines the behavior for cleaning up a SQL resource.
enum:
- Skip
- Delete
type: string
collate:
default: utf8_general_ci
description: Collate to use in the Database.
type: string
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
name:
description: Name overrides the default Database name provided by metadata.name.
maxLength: 80
type: string
requeueInterval:
description: RequeueInterval is used to perform requeue reconciliations.
type: string
retryInterval:
description: RetryInterval is the interval used to perform retries.
type: string
required:
- mariaDbRef
type: object
status:
description: DatabaseStatus defines the observed state of Database
properties:
conditions:
description: Conditions for the Database object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

369
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-externalmariadbs.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,369 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: externalmariadbs.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: ExternalMariaDB
listKind: ExternalMariaDBList
plural: externalmariadbs
shortNames:
- emdb
singular: externalmariadb
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ExternalMariaDB is the Schema for the external MariaDBs API. It is used to define external MariaDB server.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ExternalMariaDBSpec defines the desired state of an External MariaDB
properties:
connection:
description: Connection defines a template to configure a Connection for the external MariaDB.
properties:
healthCheck:
description: HealthCheck to be used in the Connection.
properties:
interval:
description: Interval used to perform health checks.
type: string
retryInterval:
description: RetryInterval is the interval used to perform health check retries.
type: string
type: object
params:
additionalProperties:
type: string
description: Params to be used in the Connection.
type: object
port:
description: Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
format: int32
type: integer
secretName:
description: SecretName to be used in the Connection.
type: string
secretTemplate:
description: SecretTemplate to be used in the Connection.
properties:
databaseKey:
description: DatabaseKey to be used in the Secret.
type: string
format:
description: Format to be used in the Secret.
type: string
hostKey:
description: HostKey to be used in the Secret.
type: string
key:
description: Key to be used in the Secret.
type: string
metadata:
description: Metadata to be added to the Secret object.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
passwordKey:
description: PasswordKey to be used in the Secret.
type: string
portKey:
description: PortKey to be used in the Secret.
type: string
usernameKey:
description: UsernameKey to be used in the Secret.
type: string
type: object
serviceName:
description: ServiceName to be used in the Connection.
type: string
type: object
host:
description: Hostname of the external MariaDB.
type: string
image:
description: |-
Image name to be used to perform operations on the external MariaDB, for example, for taking backups.
The supported format is `<image>:<tag>`. Only MariaDB official images are supported.
If not provided, the MariaDB image version be inferred by the operator in runtime. The default MariaDB image will be used in this case,
type: string
imagePullPolicy:
description: ImagePullPolicy is the image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`.
enum:
- Always
- Never
- IfNotPresent
type: string
imagePullSecrets:
description: ImagePullSecrets is the list of pull Secrets to be used to pull the image.
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
type: array
inheritMetadata:
description: InheritMetadata defines the metadata to be inherited by children resources.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
passwordSecretKeyRef:
description: PasswordSecretKeyRef is a reference to the password to connect to the external MariaDB.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
port:
default: 3306
description: Port of the external MariaDB.
format: int32
type: integer
tls:
description: TLS defines the PKI to be used with the external MariaDB.
properties:
clientCASecretRef:
description: |-
ClientCASecretRef is a reference to a Secret containing the client certificate authority keypair. It is used to establish trust and issue client certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either clientCertSecretRef or clientCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the client certificate.
properties:
name:
default: ""
type: string
type: object
clientCertIssuerRef:
description: |-
ClientCertIssuerRef is a reference to a cert-manager issuer object used to issue the client certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with clientCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via clientCASecretRef.
properties:
group:
description: |-
Group of the issuer being referred to.
Defaults to 'cert-manager.io'.
type: string
kind:
description: |-
Kind of the issuer being referred to.
Defaults to 'Issuer'.
type: string
name:
description: Name of the issuer being referred to.
type: string
required:
- name
type: object
clientCertSecretRef:
description: |-
ClientCertSecretRef is a reference to a TLS Secret containing the client certificate.
It is mutually exclusive with clientCertIssuerRef.
properties:
name:
default: ""
type: string
type: object
enabled:
description: |-
Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance.
It is enabled by default.
type: boolean
galeraSSTEnabled:
description: |-
GaleraSSTEnabled determines whether Galera SST connections should use TLS.
It disabled by default.
type: boolean
mutual:
description: |-
Mutual specifies whether TLS must be mutual between server and client for external connections.
When set to false, the client certificate will not be sent during the TLS handshake.
It is enabled by default.
type: boolean
required:
description: |-
Required specifies whether TLS must be enforced for all connections.
User TLS requirements take precedence over this.
It disabled by default.
type: boolean
serverCASecretRef:
description: |-
ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate.
properties:
name:
default: ""
type: string
type: object
serverCertIssuerRef:
description: |-
ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with serverCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef.
properties:
group:
description: |-
Group of the issuer being referred to.
Defaults to 'cert-manager.io'.
type: string
kind:
description: |-
Kind of the issuer being referred to.
Defaults to 'Issuer'.
type: string
name:
description: Name of the issuer being referred to.
type: string
required:
- name
type: object
serverCertSecretRef:
description: |-
ServerCertSecretRef is a reference to a TLS Secret containing the server certificate.
It is mutually exclusive with serverCertIssuerRef.
properties:
name:
default: ""
type: string
type: object
type: object
username:
description: Username is the username to connect to the external MariaDB.
type: string
required:
- host
- username
type: object
status:
description: ExternalMariaDBStatus defines the observed state of MariaDB
properties:
conditions:
description: Conditions for the ExternalMariadb object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
isGaleraEnabled:
description: IsGaleraEnabled indicates that the external MariaDb has Galera enabled.
type: boolean
version:
description: Version of the external MariaDB server.
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

195
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-grants.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,195 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: grants.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: Grant
listKind: GrantList
plural: grants
shortNames:
- gmdb
singular: grant
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .spec.database
name: Database
type: string
- jsonPath: .spec.table
name: Table
type: string
- jsonPath: .spec.username
name: Username
type: string
- jsonPath: .spec.grantOption
name: GrantOpt
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Grant is the Schema for the grants API. It is used to define grants as if you were running a 'GRANT' statement.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GrantSpec defines the desired state of Grant
properties:
cleanupPolicy:
description: CleanupPolicy defines the behavior for cleaning up a SQL resource.
enum:
- Skip
- Delete
type: string
database:
default: '*'
description: Database to use in the Grant.
type: string
grantOption:
default: false
description: GrantOption to use in the Grant.
type: boolean
host:
description: Host to use in the Grant. It can be localhost, an IP or '%'.
type: string
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
privileges:
description: Privileges to use in the Grant.
items:
type: string
minItems: 1
type: array
requeueInterval:
description: RequeueInterval is used to perform requeue reconciliations.
type: string
retryInterval:
description: RetryInterval is the interval used to perform retries.
type: string
table:
default: '*'
description: Table to use in the Grant.
type: string
username:
description: Username to use in the Grant.
type: string
required:
- mariaDbRef
- privileges
- username
type: object
status:
description: GrantStatus defines the observed state of Grant
properties:
conditions:
description: Conditions for the Grant object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
currentPrivileges:
description: |-
CurrentPrivileges is the list of current privileges used in the Grant.
It allows to detect the divergence from the desired privileges.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

6038
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-mariadbs.k8s.mariadb.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2423
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-maxscales.k8s.mariadb.com.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

972
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-physicalbackups.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,972 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: physicalbackups.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: PhysicalBackup
listKind: PhysicalBackupList
plural: physicalbackups
shortNames:
- pbmdb
singular: physicalbackup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Complete")].status
name: Complete
type: string
- jsonPath: .status.conditions[?(@.type=="Complete")].message
name: Status
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .status.lastScheduleTime
name: Last Scheduled
type: date
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: PhysicalBackup is the Schema for the physicalbackups API. It is used to define physical backup jobs and its storage.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PhysicalBackupSpec defines the desired state of PhysicalBackup.
properties:
args:
description: Args to be used in the Container.
items:
type: string
type: array
backoffLimit:
description: BackoffLimit defines the maximum number of attempts to successfully take a PhysicalBackup.
format: int32
type: integer
compression:
description: Compression algorithm to be used in the Backup.
enum:
- none
- bzip2
- gzip
type: string
imagePullSecrets:
description: ImagePullSecrets is the list of pull Secrets to be used to pull the image.
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
type: array
inheritMetadata:
description: InheritMetadata defines the metadata to be inherited by children resources.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
logLevel:
default: info
description: LogLevel to be used in the PhysicalBackup Job. It defaults to 'info'.
enum:
- debug
- info
- warn
- error
- dpanic
- panic
- fatal
type: string
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
maxRetention:
description: |-
MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days.
type: string
podAffinity:
description: |-
PodAffinity indicates whether the Jobs should run in the same Node as the MariaDB Pods to be able to attach the PVC.
It defaults to true.
type: boolean
podMetadata:
description: PodMetadata defines extra metadata for the Pod.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
podSecurityContext:
description: SecurityContext holds pod-level security attributes and common container settings.
properties:
appArmorProfile:
description: AppArmorProfile defines a pod or container's AppArmor settings.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.
type: string
required:
- type
type: object
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
description: |-
PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
when volume is mounted.
type: string
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptions are the labels to be applied to the container
properties:
level:
description: Level is SELinux level label that applies to the container.
type: string
role:
description: Role is a SELinux role label that applies to the container.
type: string
type:
description: Type is a SELinux type label that applies to the container.
type: string
user:
description: User is a SELinux user label that applies to the container.
type: string
type: object
seccompProfile:
description: |-
SeccompProfile defines a pod/container's seccomp profile settings.
Only one profile source may be set.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
items:
format: int64
type: integer
type: array
x-kubernetes-list-type: atomic
type: object
priorityClassName:
description: PriorityClassName to be used in the Pod.
type: string
resources:
description: Resources describes the compute resource requirements.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
type: object
restartPolicy:
default: OnFailure
description: RestartPolicy to be added to the PhysicalBackup Pod.
enum:
- Always
- OnFailure
- Never
type: string
schedule:
description: Schedule defines when the PhysicalBackup will be taken.
properties:
cron:
description: Cron is a cron expression that defines the schedule.
type: string
immediate:
description: Immediate indicates whether the first backup should be taken immediately after creating the PhysicalBackup.
type: boolean
onDemand:
description: |-
OnDemand is an identifier used to trigger an on-demand backup.
If the identifier is different than the one tracked under status.lastScheduleOnDemand, a new physical backup will be triggered.
type: string
suspend:
default: false
description: Suspend defines whether the schedule is active or not.
type: boolean
type: object
securityContext:
description: SecurityContext holds security configuration that will be applied to a container.
properties:
allowPrivilegeEscalation:
type: boolean
capabilities:
description: Adds and removes POSIX capabilities from running containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
type: object
privileged:
type: boolean
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
type: string
stagingStorage:
description: |-
StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the PhysicalBackup Job is scheduled.
The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately.
properties:
persistentVolumeClaim:
description: PersistentVolumeClaim is a Kubernetes PVC specification.
properties:
accessModes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
description: VolumeResourceRequirements describes the storage resource requirements for a volume.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
type: string
type: object
volume:
description: Volume is a Kubernetes volume specification.
properties:
csi:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#csivolumesource-v1-core.'
properties:
driver:
type: string
fsType:
type: string
nodePublishSecretRef:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
readOnly:
type: boolean
volumeAttributes:
additionalProperties:
type: string
type: object
required:
- driver
type: object
emptyDir:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#emptydirvolumesource-v1-core.'
properties:
medium:
description: StorageMedium defines ways that storage can be allocated to a volume.
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
hostPath:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#hostpathvolumesource-v1-core'
properties:
path:
type: string
type:
type: string
required:
- path
type: object
nfs:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nfsvolumesource-v1-core.'
properties:
path:
type: string
readOnly:
type: boolean
server:
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#persistentvolumeclaimvolumesource-v1-core.'
properties:
claimName:
type: string
readOnly:
type: boolean
required:
- claimName
type: object
type: object
type: object
storage:
description: Storage defines the final storage for backups.
properties:
azureBlob:
description: AzureBlob defines the configuration to store backups in a AzureBlob compatible storage.
properties:
containerName:
description: ContainerName is the name of the storage container.
type: string
prefix:
description: 'Prefix indicates a folder/subfolder in the container. For example: mariadb/ or mariadb/backups. A trailing slash ''/'' is added if not provided.'
type: string
serviceURL:
description: 'ServiceURL is the full URL for connecting to Azure, usually in the form: http(s)://<account>.blob.core.windows.net/.'
type: string
storageAccountKey:
description: StorageAccountKey is a reference to a Secret key containing the Azure Blob Storage Storage account Key. Pairs with StorageAccountKey for static credential authentication
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
storageAccountName:
description: StorageAccountName is the name of the storage account. Pairs with StorageAccountKey for static credential authentication
type: string
tls:
description: TLS provides the configuration required to establish TLS connections with Azure Blob Storage.
properties:
caSecretKeyRef:
description: |-
CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
enabled:
description: Enabled is a flag to enable TLS.
type: boolean
type: object
required:
- containerName
- serviceURL
type: object
persistentVolumeClaim:
description: PersistentVolumeClaim is a Kubernetes PVC specification.
properties:
accessModes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
description: VolumeResourceRequirements describes the storage resource requirements for a volume.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
type: string
type: object
s3:
description: S3 defines the configuration to store backups in a S3 compatible storage.
properties:
accessKeyIdSecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
description: Bucket is the name Name of the bucket to store backups.
type: string
endpoint:
description: Endpoint is the S3 API endpoint without scheme.
type: string
prefix:
description: 'Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash ''/'' is added if not provided.'
type: string
region:
description: Region is the S3 region name to use.
type: string
secretAccessKeySecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecretKeyRef:
description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
ssec:
description: |-
SSEC is a reference to a Secret containing the SSE-C (Server-Side Encryption with Customer-Provided Keys) key.
The secret must contain a 32-byte key (256 bits) in the specified key.
This enables server-side encryption where you provide and manage the encryption key.
properties:
customerKeySecretKeyRef:
description: |-
CustomerKeySecretKeyRef is a reference to a Secret key containing the SSE-C customer-provided encryption key.
The key must be a 32-byte (256-bit) key encoded in base64.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- customerKeySecretKeyRef
type: object
tls:
description: TLS provides the configuration required to establish TLS connections with S3.
properties:
caSecretKeyRef:
description: |-
CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
enabled:
description: Enabled is a flag to enable TLS.
type: boolean
type: object
required:
- bucket
- endpoint
type: object
volume:
description: Volume is a Kubernetes volume specification.
properties:
csi:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#csivolumesource-v1-core.'
properties:
driver:
type: string
fsType:
type: string
nodePublishSecretRef:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
readOnly:
type: boolean
volumeAttributes:
additionalProperties:
type: string
type: object
required:
- driver
type: object
emptyDir:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#emptydirvolumesource-v1-core.'
properties:
medium:
description: StorageMedium defines ways that storage can be allocated to a volume.
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
hostPath:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#hostpathvolumesource-v1-core'
properties:
path:
type: string
type:
type: string
required:
- path
type: object
nfs:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nfsvolumesource-v1-core.'
properties:
path:
type: string
readOnly:
type: boolean
server:
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#persistentvolumeclaimvolumesource-v1-core.'
properties:
claimName:
type: string
readOnly:
type: boolean
required:
- claimName
type: object
type: object
volumeSnapshot:
description: VolumeSnapshot is a Kubernetes VolumeSnapshot specification.
properties:
metadata:
description: Metadata is extra metadata to the added to the VolumeSnapshot objects.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
volumeSnapshotClassName:
description: VolumeSnapshotClassName is the VolumeSnapshot class to be used to take snapshots.
type: string
required:
- volumeSnapshotClassName
type: object
type: object
successfulJobsHistoryLimit:
description: SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. It defaults to 5.
format: int32
minimum: 0
type: integer
target:
description: Target defines in which Pod the physical backups will be taken. It defaults to "Replica", meaning that the physical backups will only be taken in ready replicas.
enum:
- Replica
- PreferReplica
type: string
timeout:
description: |-
Timeout defines the maximum duration of a PhysicalBackup job or snapshot.
If this duration is exceeded, the job or snapshot is considered expired and is deleted by the operator.
A new job or snapshot will then be created according to the schedule.
It defaults to 1 hour.
type: string
tolerations:
description: Tolerations to be used in the Pod.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
required:
- mariaDbRef
- storage
type: object
status:
description: PhysicalBackupStatus defines the observed state of PhysicalBackup.
properties:
conditions:
description: Conditions for the PhysicalBackup object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastScheduleCheckTime:
description: LastScheduleCheckTime is the last time that the schedule was checked.
format: date-time
type: string
lastScheduleOnDemand:
description: LastScheduleOnDemand is the last on-demand schedule identifier.
type: string
lastScheduleTime:
description: LastScheduleTime is the last time that a backup was scheduled.
format: date-time
type: string
nextScheduleTime:
description: NextScheduleTime is the next time that a backup will be scheduled.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

255
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-pointintimerecoveries.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,255 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: pointintimerecoveries.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: PointInTimeRecovery
listKind: PointInTimeRecoveryList
plural: pointintimerecoveries
shortNames:
- pitr
singular: pointintimerecovery
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.physicalBackupRef.name
name: Physical Backup
type: string
- jsonPath: .status.lastRecoverableTime
name: Last Recoverable Time
type: string
- jsonPath: .spec.strictMode
name: Strict Mode
type: boolean
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: PointInTimeRecovery is the Schema for the pointintimerecoveries API. It contains binlog archival and point-in-time restoration settings.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PointInTimeRecoverySpec defines the desired state of PointInTimeRecovery. It contains binlog archive and point-in-time restoration settings.
properties:
archiveTimeout:
default: 1h
description: |-
ArchiveTimeout defines the maximum duration for the binary log archival.
If this duration is exceeded, the sidecar agent will log an error and it will be retried in the next archive cycle.
It defaults to 1 hour.
type: string
compression:
description: |-
Compression algorithm to be used for compressing the binary logs.
This field is immutable, it cannot be updated after creation.
enum:
- none
- bzip2
- gzip
type: string
physicalBackupRef:
description: PhysicalBackupRef is a reference to a PhysicalBackup object that will be used as base backup.
properties:
name:
default: ""
type: string
type: object
storage:
description: PointInTimeRecoveryStorage is the storage where the point in time recovery data will be stored
properties:
azureBlob:
description: AzureBlob is the Azure Blob Storage where the binary logs will be kept.
properties:
containerName:
description: ContainerName is the name of the storage container.
type: string
prefix:
description: 'Prefix indicates a folder/subfolder in the container. For example: mariadb/ or mariadb/backups. A trailing slash ''/'' is added if not provided.'
type: string
serviceURL:
description: 'ServiceURL is the full URL for connecting to Azure, usually in the form: http(s)://<account>.blob.core.windows.net/.'
type: string
storageAccountKey:
description: StorageAccountKey is a reference to a Secret key containing the Azure Blob Storage Storage account Key. Pairs with StorageAccountKey for static credential authentication
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
storageAccountName:
description: StorageAccountName is the name of the storage account. Pairs with StorageAccountKey for static credential authentication
type: string
tls:
description: TLS provides the configuration required to establish TLS connections with Azure Blob Storage.
properties:
caSecretKeyRef:
description: |-
CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
enabled:
description: Enabled is a flag to enable TLS.
type: boolean
type: object
required:
- containerName
- serviceURL
type: object
s3:
description: S3 is the S3-compatible storage where the binary logs will be kept.
properties:
accessKeyIdSecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
description: Bucket is the name Name of the bucket to store backups.
type: string
endpoint:
description: Endpoint is the S3 API endpoint without scheme.
type: string
prefix:
description: 'Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash ''/'' is added if not provided.'
type: string
region:
description: Region is the S3 region name to use.
type: string
secretAccessKeySecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecretKeyRef:
description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
ssec:
description: |-
SSEC is a reference to a Secret containing the SSE-C (Server-Side Encryption with Customer-Provided Keys) key.
The secret must contain a 32-byte key (256 bits) in the specified key.
This enables server-side encryption where you provide and manage the encryption key.
properties:
customerKeySecretKeyRef:
description: |-
CustomerKeySecretKeyRef is a reference to a Secret key containing the SSE-C customer-provided encryption key.
The key must be a 32-byte (256-bit) key encoded in base64.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- customerKeySecretKeyRef
type: object
tls:
description: TLS provides the configuration required to establish TLS connections with S3.
properties:
caSecretKeyRef:
description: |-
CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
enabled:
description: Enabled is a flag to enable TLS.
type: boolean
type: object
required:
- bucket
- endpoint
type: object
type: object
strictMode:
description: |-
StrictMode controls the behavior when a point-in-time restoration cannot reach the exact target time:
When enabled: Returns an error and avoids replaying binary logs if target time is not reached.
When disabled (default): Replays available binary logs until the last recoverable time. It logs logs an error if target time is not reached.
type: boolean
required:
- physicalBackupRef
- storage
type: object
status:
description: PointInTimeRecoveryStatus represents the current status of the point-in-time-recovery.
properties:
lastRecoverableTime:
description: LastRecoverableTime is the most recent recoverable time based on the current state of physical backups and archived binary logs.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

980
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-restores.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,980 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: restores.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: Restore
listKind: RestoreList
plural: restores
shortNames:
- rmdb
singular: restore
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Complete")].status
name: Complete
type: string
- jsonPath: .status.conditions[?(@.type=="Complete")].message
name: Status
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Restore is the Schema for the restores API. It is used to define restore jobs and its restoration source.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RestoreSpec defines the desired state of restore
properties:
affinity:
description: Affinity to be used in the Pod.
properties:
antiAffinityEnabled:
description: |-
AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA.
Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
type: boolean
nodeAffinity:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeaffinity-v1-core'
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#preferredschedulingterm-v1-core'
properties:
preference:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselector-v1-core'
properties:
nodeSelectorTerms:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: array
x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
type: object
podAntiAffinity:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podantiaffinity-v1-core.'
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#weightedpodaffinityterm-v1-core.'
properties:
podAffinityTerm:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.'
properties:
labelSelector:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta'
properties:
key:
type: string
operator:
description: A label selector operator is the set of operators that can be used in a selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.'
properties:
labelSelector:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta'
properties:
key:
type: string
operator:
description: A label selector operator is the set of operators that can be used in a selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: object
args:
description: Args to be used in the Container.
items:
type: string
type: array
backoffLimit:
default: 5
description: BackoffLimit defines the maximum number of attempts to successfully perform a Backup.
format: int32
type: integer
backupRef:
description: BackupRef is a reference to a Backup object. It has priority over S3 and Volume.
properties:
name:
default: ""
type: string
type: object
database:
description: |-
Database defines the logical database to be restored. If not provided, all databases available in the backup are restored.
IMPORTANT: The database must previously exist.
type: string
imagePullSecrets:
description: ImagePullSecrets is the list of pull Secrets to be used to pull the image.
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
type: array
inheritMetadata:
description: InheritMetadata defines the metadata to be inherited by children resources.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
logLevel:
default: info
description: LogLevel to be used n the Backup Job. It defaults to 'info'.
enum:
- debug
- info
- warn
- error
- dpanic
- panic
- fatal
type: string
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector to be used in the Pod.
type: object
podMetadata:
description: PodMetadata defines extra metadata for the Pod.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
podSecurityContext:
description: SecurityContext holds pod-level security attributes and common container settings.
properties:
appArmorProfile:
description: AppArmorProfile defines a pod or container's AppArmor settings.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.
type: string
required:
- type
type: object
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
description: |-
PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
when volume is mounted.
type: string
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptions are the labels to be applied to the container
properties:
level:
description: Level is SELinux level label that applies to the container.
type: string
role:
description: Role is a SELinux role label that applies to the container.
type: string
type:
description: Type is a SELinux type label that applies to the container.
type: string
user:
description: User is a SELinux user label that applies to the container.
type: string
type: object
seccompProfile:
description: |-
SeccompProfile defines a pod/container's seccomp profile settings.
Only one profile source may be set.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
items:
format: int64
type: integer
type: array
x-kubernetes-list-type: atomic
type: object
priorityClassName:
description: PriorityClassName to be used in the Pod.
type: string
resources:
description: Resources describes the compute resource requirements.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
type: object
restartPolicy:
default: OnFailure
description: RestartPolicy to be added to the Backup Job.
enum:
- Always
- OnFailure
- Never
type: string
s3:
description: S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.
properties:
accessKeyIdSecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
description: Bucket is the name Name of the bucket to store backups.
type: string
endpoint:
description: Endpoint is the S3 API endpoint without scheme.
type: string
prefix:
description: 'Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash ''/'' is added if not provided.'
type: string
region:
description: Region is the S3 region name to use.
type: string
secretAccessKeySecretKeyRef:
description: AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecretKeyRef:
description: SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
ssec:
description: |-
SSEC is a reference to a Secret containing the SSE-C (Server-Side Encryption with Customer-Provided Keys) key.
The secret must contain a 32-byte key (256 bits) in the specified key.
This enables server-side encryption where you provide and manage the encryption key.
properties:
customerKeySecretKeyRef:
description: |-
CustomerKeySecretKeyRef is a reference to a Secret key containing the SSE-C customer-provided encryption key.
The key must be a 32-byte (256-bit) key encoded in base64.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- customerKeySecretKeyRef
type: object
tls:
description: TLS provides the configuration required to establish TLS connections with S3.
properties:
caSecretKeyRef:
description: |-
CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
enabled:
description: Enabled is a flag to enable TLS.
type: boolean
type: object
required:
- bucket
- endpoint
type: object
securityContext:
description: SecurityContext holds security configuration that will be applied to a container.
properties:
allowPrivilegeEscalation:
type: boolean
capabilities:
description: Adds and removes POSIX capabilities from running containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
type: object
privileged:
type: boolean
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
type: string
stagingStorage:
description: |-
StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.
properties:
persistentVolumeClaim:
description: PersistentVolumeClaim is a Kubernetes PVC specification.
properties:
accessModes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
resources:
description: VolumeResourceRequirements describes the storage resource requirements for a volume.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
selector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
storageClassName:
type: string
type: object
volume:
description: Volume is a Kubernetes volume specification.
properties:
csi:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#csivolumesource-v1-core.'
properties:
driver:
type: string
fsType:
type: string
nodePublishSecretRef:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
readOnly:
type: boolean
volumeAttributes:
additionalProperties:
type: string
type: object
required:
- driver
type: object
emptyDir:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#emptydirvolumesource-v1-core.'
properties:
medium:
description: StorageMedium defines ways that storage can be allocated to a volume.
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
hostPath:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#hostpathvolumesource-v1-core'
properties:
path:
type: string
type:
type: string
required:
- path
type: object
nfs:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nfsvolumesource-v1-core.'
properties:
path:
type: string
readOnly:
type: boolean
server:
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#persistentvolumeclaimvolumesource-v1-core.'
properties:
claimName:
type: string
readOnly:
type: boolean
required:
- claimName
type: object
type: object
type: object
targetRecoveryTime:
description: |-
TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time.
format: date-time
type: string
tolerations:
description: Tolerations to be used in the Pod.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
volume:
description: Volume is a Kubernetes Volume object that contains a backup.
properties:
csi:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#csivolumesource-v1-core.'
properties:
driver:
type: string
fsType:
type: string
nodePublishSecretRef:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
readOnly:
type: boolean
volumeAttributes:
additionalProperties:
type: string
type: object
required:
- driver
type: object
emptyDir:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#emptydirvolumesource-v1-core.'
properties:
medium:
description: StorageMedium defines ways that storage can be allocated to a volume.
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
hostPath:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#hostpathvolumesource-v1-core'
properties:
path:
type: string
type:
type: string
required:
- path
type: object
nfs:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nfsvolumesource-v1-core.'
properties:
path:
type: string
readOnly:
type: boolean
server:
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#persistentvolumeclaimvolumesource-v1-core.'
properties:
claimName:
type: string
readOnly:
type: boolean
required:
- claimName
type: object
type: object
required:
- mariaDbRef
type: object
status:
description: RestoreStatus defines the observed state of restore
properties:
conditions:
description: Conditions for the Restore object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

704
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-sqljobs.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,704 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: sqljobs.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: SqlJob
listKind: SqlJobList
plural: sqljobs
shortNames:
- smdb
singular: sqljob
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Complete")].status
name: Complete
type: string
- jsonPath: .status.conditions[?(@.type=="Complete")].message
name: Status
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SqlJob is the Schema for the sqljobs API. It is used to run sql scripts as jobs.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SqlJobSpec defines the desired state of SqlJob
properties:
affinity:
description: Affinity to be used in the Pod.
properties:
antiAffinityEnabled:
description: |-
AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA.
Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.
type: boolean
nodeAffinity:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeaffinity-v1-core'
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#preferredschedulingterm-v1-core'
properties:
preference:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselector-v1-core'
properties:
nodeSelectorTerms:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core'
properties:
key:
type: string
operator:
description: |-
A node selector operator is the set of operators that can be used in
a node selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: array
x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
type: object
podAntiAffinity:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podantiaffinity-v1-core.'
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#weightedpodaffinityterm-v1-core.'
properties:
podAffinityTerm:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.'
properties:
labelSelector:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta'
properties:
key:
type: string
operator:
description: A label selector operator is the set of operators that can be used in a selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.'
properties:
labelSelector:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta'
properties:
matchExpressions:
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta'
properties:
key:
type: string
operator:
description: A label selector operator is the set of operators that can be used in a selector requirement.
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: object
args:
description: Args to be used in the Container.
items:
type: string
type: array
backoffLimit:
default: 5
description: BackoffLimit defines the maximum number of attempts to successfully execute a SqlJob.
format: int32
type: integer
database:
description: Username to be used when executing the SqlJob.
type: string
dependsOn:
description: DependsOn defines dependencies with other SqlJob objectecs.
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
type: array
failedJobsHistoryLimit:
description: FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed.
format: int32
minimum: 0
type: integer
imagePullSecrets:
description: ImagePullSecrets is the list of pull Secrets to be used to pull the image.
items:
description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.'
properties:
name:
default: ""
type: string
type: object
type: array
inheritMetadata:
description: InheritMetadata defines the metadata to be inherited by children resources.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector to be used in the Pod.
type: object
passwordSecretKeyRef:
description: UserPasswordSecretKeyRef is a reference to the impersonated user's password to be used when executing the SqlJob.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
podMetadata:
description: PodMetadata defines extra metadata for the Pod.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to children resources.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to children resources.
type: object
type: object
podSecurityContext:
description: SecurityContext holds pod-level security attributes and common container settings.
properties:
appArmorProfile:
description: AppArmorProfile defines a pod or container's AppArmor settings.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.
type: string
required:
- type
type: object
fsGroup:
format: int64
type: integer
fsGroupChangePolicy:
description: |-
PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume
when volume is mounted.
type: string
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptions are the labels to be applied to the container
properties:
level:
description: Level is SELinux level label that applies to the container.
type: string
role:
description: Role is a SELinux role label that applies to the container.
type: string
type:
description: Type is a SELinux type label that applies to the container.
type: string
user:
description: User is a SELinux user label that applies to the container.
type: string
type: object
seccompProfile:
description: |-
SeccompProfile defines a pod/container's seccomp profile settings.
Only one profile source may be set.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
items:
format: int64
type: integer
type: array
x-kubernetes-list-type: atomic
type: object
priorityClassName:
description: PriorityClassName to be used in the Pod.
type: string
resources:
description: Resources describes the compute resource requirements.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceList is a set of (resource name, quantity) pairs.
type: object
type: object
restartPolicy:
default: OnFailure
description: RestartPolicy to be added to the SqlJob Pod.
enum:
- Always
- OnFailure
- Never
type: string
schedule:
description: Schedule defines when the SqlJob will be executed.
properties:
cron:
description: Cron is a cron expression that defines the schedule.
type: string
suspend:
default: false
description: Suspend defines whether the schedule is active or not.
type: boolean
required:
- cron
type: object
securityContext:
description: SecurityContext holds security configuration that will be applied to a container.
properties:
allowPrivilegeEscalation:
type: boolean
capabilities:
description: Adds and removes POSIX capabilities from running containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
type: object
privileged:
type: boolean
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
type: string
sql:
description: Sql is the script to be executed by the SqlJob.
type: string
sqlConfigMapKeyRef:
description: |-
SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script.
It is defaulted to a ConfigMap with the contents of the Sql field.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
successfulJobsHistoryLimit:
description: SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed.
format: int32
minimum: 0
type: integer
timeZone:
description: TimeZone defines the timezone associated with the cron expression.
type: string
tlsCASecretRef:
description: |-
TLSCACertSecretRef is a reference toa CA Secret used to establish trust when executing the SqlJob.
If not provided, the CA bundle provided by the referred MariaDB is used.
properties:
name:
default: ""
type: string
type: object
tlsClientCertSecretRef:
description: |-
TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when executing the SqlJob.
If not provided, the client certificate provided by the referred MariaDB is used.
properties:
name:
default: ""
type: string
type: object
tolerations:
description: Tolerations to be used in the Pod.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
username:
description: Username to be impersonated when executing the SqlJob.
type: string
required:
- mariaDbRef
- passwordSecretKeyRef
- username
type: object
status:
description: SqlJobStatus defines the observed state of SqlJob
properties:
conditions:
description: Conditions for the SqlJob object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

243
clusters/cl01tl/manifests/mariadb-operator/CustomResourceDefinition-users.k8s.mariadb.com.yaml Normal file
View File

@@ -0,0 +1,243 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
name: users.k8s.mariadb.com
spec:
group: k8s.mariadb.com
names:
kind: User
listKind: UserList
plural: users
shortNames:
- umdb
singular: user
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .spec.maxUserConnections
name: MaxConns
type: string
- jsonPath: .spec.mariaDbRef.name
name: MariaDB
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: User is the Schema for the users API. It is used to define grants as if you were running a 'CREATE USER' statement.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
cleanupPolicy:
description: CleanupPolicy defines the behavior for cleaning up a SQL resource.
enum:
- Skip
- Delete
type: string
host:
description: Host related to the User.
maxLength: 255
type: string
mariaDbRef:
description: MariaDBRef is a reference to a MariaDB object.
properties:
kind:
description: Kind of the referent.
type: string
name:
type: string
namespace:
type: string
waitForIt:
default: true
description: WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.
type: boolean
type: object
maxUserConnections:
default: 10
description: MaxUserConnections defines the maximum number of simultaneous connections that the User can establish.
format: int32
type: integer
name:
description: Name overrides the default name provided by metadata.name.
maxLength: 80
type: string
passwordHashSecretKeyRef:
description: |-
PasswordHashSecretKeyRef is a reference to the password hash to be used by the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
passwordPlugin:
description: PasswordPlugin is a reference to the password plugin and arguments to be used by the User.
properties:
pluginArgSecretKeyRef:
description: |-
PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
pluginNameSecretKeyRef:
description: |-
PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
passwordSecretKeyRef:
description: |-
PasswordSecretKeyRef is a reference to the password to be used by the User.
If not provided, the account will be locked and the password will expire.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
properties:
key:
type: string
name:
default: ""
type: string
required:
- key
type: object
x-kubernetes-map-type: atomic
requeueInterval:
description: RequeueInterval is used to perform requeue reconciliations.
type: string
require:
description: 'Require specifies TLS requirements for the user to connect. See: https://mariadb.com/kb/en/securing-connections-for-client-and-server/#requiring-tls.'
properties:
issuer:
description: Issuer indicates that the TLS certificate provided by the user must be issued by a specific issuer.
type: string
ssl:
description: SSL indicates that the user must connect via TLS.
type: boolean
subject:
description: Subject indicates that the TLS certificate provided by the user must have a specific subject.
type: string
x509:
description: X509 indicates that the user must provide a valid x509 certificate to connect.
type: boolean
type: object
retryInterval:
description: RetryInterval is the interval used to perform retries.
type: string
required:
- mariaDbRef
type: object
status:
description: UserStatus defines the observed state of User
properties:
conditions:
description: Conditions for the User object.
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

58
clusters/cl01tl/manifests/mariadb-operator/Deployment-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-operator-cert-controller
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
template:
metadata:
labels:
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
spec:
serviceAccountName: mariadb-operator-cert-controller-cert-controller
automountServiceAccountToken: true
containers:
- image: "docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:26.3.0"
imagePullPolicy: IfNotPresent
name: cert-controller
args:
- cert-controller
- --ca-secret-name=mariadb-operator-webhook-ca
- --ca-secret-namespace=mariadb-operator
- --ca-lifetime=26280h
- --cert-secret-name=mariadb-operator-webhook-cert
- --cert-secret-namespace=mariadb-operator
- --cert-lifetime=2160h
- --renew-before-percentage=33
- --service-name=mariadb-operator-webhook
- --service-namespace=mariadb-operator
- --requeue-duration=5m
- --metrics-addr=:8080
- --health-addr=:8081
- --log-level=INFO
ports:
- containerPort: 8080
protocol: TCP
name: metrics
- containerPort: 8081
protocol: TCP
name: health
env:
- name: CLUSTER_NAME
value: cluster.local
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 20
periodSeconds: 5

69
clusters/cl01tl/manifests/mariadb-operator/Deployment-mariadb-operator-webhook.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-operator-webhook
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
template:
metadata:
labels:
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
spec:
serviceAccountName: mariadb-operator-webhook
automountServiceAccountToken: true
hostNetwork: false
containers:
- image: "docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:26.3.0"
imagePullPolicy: IfNotPresent
name: webhook
args:
- webhook
- --ca-cert-path=/tmp/k8s-webhook-server/certificate-authority/tls.crt
- --cert-dir=/tmp/k8s-webhook-server/serving-certs
- --dns-name=mariadb-operator-webhook.mariadb-operator.svc
- --port=9443
- --metrics-addr=:8080
- --health-addr=:8081
- --log-level=INFO
ports:
- containerPort: 9443
protocol: TCP
name: https
- containerPort: 8080
protocol: TCP
name: metrics
- containerPort: 8081
protocol: TCP
name: health
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/certificate-authority
name: ca
readOnly: true
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 20
periodSeconds: 5
volumes:
- name: ca
secret:
defaultMode: 420
secretName: mariadb-operator-webhook-ca
- name: cert
secret:
defaultMode: 420
secretName: mariadb-operator-webhook-cert

53
clusters/cl01tl/manifests/mariadb-operator/Deployment-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-operator
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
template:
metadata:
labels:
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
spec:
serviceAccountName: mariadb-operator
automountServiceAccountToken: true
terminationGracePeriodSeconds: 10
containers:
- image: "docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:26.3.0"
imagePullPolicy: IfNotPresent
name: controller
args:
- --metrics-addr=:8080
- --log-level=INFO
- --leader-elect
ports:
- containerPort: 8080
protocol: TCP
name: metrics
envFrom:
- configMapRef:
name: mariadb-operator-env
env:
- name: CLUSTER_NAME
value: cluster.local
- name: MARIADB_OPERATOR_NAME
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: MARIADB_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MARIADB_OPERATOR_SA_PATH
value: /var/run/secrets/kubernetes.io/serviceaccount/token

16
clusters/cl01tl/manifests/mariadb-operator/PodDisruptionBudget-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: mariadb-operator
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator

24
clusters/cl01tl/manifests/mariadb-operator/Role-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mariadb-operator-cert-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

36
clusters/cl01tl/manifests/mariadb-operator/Role-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mariadb-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

12
clusters/cl01tl/manifests/mariadb-operator/RoleBinding-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mariadb-operator-cert-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mariadb-operator-cert-controller
subjects:
- kind: ServiceAccount
name: mariadb-operator-cert-controller-cert-controller
namespace: mariadb-operator

12
clusters/cl01tl/manifests/mariadb-operator/RoleBinding-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mariadb-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mariadb-operator
subjects:
- kind: ServiceAccount
name: mariadb-operator
namespace: mariadb-operator

18
clusters/cl01tl/manifests/mariadb-operator/Service-mariadb-operator-cert-controller-metrics.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb-operator-cert-controller-metrics
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
ports:
- port: 8080
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator

18
clusters/cl01tl/manifests/mariadb-operator/Service-mariadb-operator-metrics.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb-operator-metrics
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
ports:
- port: 8080
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator

18
clusters/cl01tl/manifests/mariadb-operator/Service-mariadb-operator-webhook-metrics.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb-operator-webhook-metrics
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
ports:
- port: 8080
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator

18
clusters/cl01tl/manifests/mariadb-operator/Service-mariadb-operator-webhook.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb-operator-webhook
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator

10
clusters/cl01tl/manifests/mariadb-operator/ServiceAccount-mariadb-operator-cert-controller-cert-controller.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: mariadb-operator-cert-controller-cert-controller
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm

10
clusters/cl01tl/manifests/mariadb-operator/ServiceAccount-mariadb-operator-webhook.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: mariadb-operator-webhook
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm

10
clusters/cl01tl/manifests/mariadb-operator/ServiceAccount-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: mariadb-operator
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm

22
clusters/cl01tl/manifests/mariadb-operator/ServiceMonitor-mariadb-operator-cert-controller.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: mariadb-operator-cert-controller
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator-cert-controller
app.kubernetes.io/instance: mariadb-operator
namespaceSelector:
matchNames:
- "mariadb-operator"
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 25s

22
clusters/cl01tl/manifests/mariadb-operator/ServiceMonitor-mariadb-operator-webhook.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: mariadb-operator-webhook
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
namespaceSelector:
matchNames:
- "mariadb-operator"
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 25s

22
clusters/cl01tl/manifests/mariadb-operator/ServiceMonitor-mariadb-operator.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: mariadb-operator
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: mariadb-operator
app.kubernetes.io/instance: mariadb-operator
namespaceSelector:
matchNames:
- "mariadb-operator"
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 25s

233
clusters/cl01tl/manifests/mariadb-operator/ValidatingWebhookConfiguration-mariadb-operator-webhook.yaml Normal file
View File

@@ -0,0 +1,233 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: mariadb-operator-webhook
labels:
helm.sh/chart: mariadb-operator-26.3.0
app.kubernetes.io/name: mariadb-operator-webhook
app.kubernetes.io/instance: mariadb-operator
app.kubernetes.io/version: "26.3.0"
app.kubernetes.io/managed-by: Helm
annotations:
k8s.mariadb.com/webhook: ""
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-backup
failurePolicy: Fail
name: vbackup-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-physicalbackup
failurePolicy: Fail
name: vphysicalbackup-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- physicalbackups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-pointintimerecovery
failurePolicy: Fail
name: vpointintimerecovery-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- pointintimerecoveries
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-connection
failurePolicy: Fail
name: vconnection-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- connections
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-database
failurePolicy: Fail
name: vdatabase-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- databases
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-grant
failurePolicy: Fail
name: vgrant-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- grants
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-mariadb
failurePolicy: Fail
name: vmariadb-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- mariadbs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-maxscale
failurePolicy: Fail
name: vmaxscale-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- maxscales
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-restore
failurePolicy: Fail
name: vrestore-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- restores
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-sqljob
failurePolicy: Fail
name: vsqljob-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- sqljobs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: mariadb-operator-webhook
namespace: mariadb-operator
path: /validate-k8s-mariadb-com-v1alpha1-user
failurePolicy: Fail
name: vuser-v1alpha1.kb.io
rules:
- apiGroups:
- k8s.mariadb.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- users
sideEffects: None