Skip to content

Commit

Permalink
component definition for apecloud-mysql
Browse files Browse the repository at this point in the history
  • Loading branch information
leon-inf committed Oct 24, 2023
1 parent 3754112 commit 16de5d1
Showing 1 changed file with 263 additions and 0 deletions.
263 changes: 263 additions & 0 deletions deploy/apecloud-mysql/templates/componentdefinition.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,263 @@
apiVersion: apps.kubeblocks.io/v1alpha1
kind: ComponentDefinition
metadata:
name: {{ .Chart.name }}-{{ .Chart.version }}
labels:
{{- include "apecloud-mysql.labels" . | nindent 4 }}
spec:
provider: kubeblocks.io
description: {{ .Chart.description }}
serviceKind: mysql
serviceVersion: {{ .Chart.appVersion }}
runtime:
containers:
- name: mysql
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ default "IfNotPresent" .Values.image.pullPolicy }}
command: [ "/scripts/setup.sh" ]
env:
- name: SERVICE_PORT
value: "3306"
- name: MYSQL_ROOT_HOST
value: {{ .Values.auth.rootHost | default "%" | quote }}
- name: MYSQL_ROOT_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false
- name: MYSQL_DATABASE
value: {{ - if .Values.auth.createDatabase }} {{ .Values.auth.database | quote }} {{ - else }} "" {{ - end }}
- name: MYSQL_USER
value: {{ .Values.auth.username | default "" | quote }}
- name: MYSQL_PASSWORD
value: {{ .Values.auth.password | default "" | quote }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterId | default "1" | quote }}
- name: CLUSTER_START_INDEX
value: {{ .Values.cluster.clusterStartIndex | default "1" | quote }}
- name: REPLICATION_USER
value: {{ .Values.auth.replicationUser | default "replicator" | quote }}
- name: REPLICATION_PASSWORD
value: {{ .Values.auth.replicationPassword | default "" | quote }}
- name: MYSQL_TEMPLATE_CONFIG
value: {{ if .Values.cluster.templateConfig }}{{ .Values.cluster.templateConfig }}{{ end }}
- name: MYSQL_CUSTOM_CONFIG
value: {{ if .Values.cluster.customConfig }}{{ .Values.cluster.customConfig }}{{ end }}
- name: MYSQL_DYNAMIC_CONFIG
value: {{ if .Values.cluster.dynamicConfig }}{{ .Values.cluster.dynamicConfig }}{{ end }}
- name: KB_EMBEDDED_WESQL
value: {{ .Values.cluster.kbWeSQLImage | default "1" | quote }}
volumeMounts:
- mountPath: {{ .Values.mysqlConfigs.dataMountPath }}
name: data
- mountPath: /opt/mysql
name: mysql-config
- name: scripts
mountPath: /scripts
- name: annotations
mountPath: /etc/annotations
ports:
- containerPort: 3306
name: mysql
- containerPort: 13306
name: paxos
lifecycle:
preStop:
exec:
command: [ "/scripts/pre-stop.sh" ]
- name: metrics
image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
command: [ "/scripts/agamotto.sh" ]
env:
- name: DB_TYPE
value: MySQL
- name: ENDPOINT
value: {{ printf "localhost:3306" }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false
volumeMounts:
- name: agamotto-configuration
mountPath: /opt/agamotto
- name: data
mountPath: {{ .Values.mysqlConfigs.dataMountPath }}
{{ - if .Values.logCollector.enabled }}
- name: log-data
mountPath: /var/log/kubeblocks
readOnly: false
{{ - end }}
- name: scripts
mountPath: /scripts
ports:
- name: http-metrics
containerPort: {{ .Values.metrics.service.port }}
securityContext:
runAsNonRoot: false
runAsUser: 0
volumes:
{{ - if .Values.logCollector.enabled }}
- name: log-data
hostPath:
path: /var/log/kubeblocks
type: DirectoryOrCreate
{{ - end }}
- name: annotations
downwardAPI:
items:
- path: "leader"
fieldRef:
fieldPath: metadata.annotations['cs.apps.kubeblocks.io/leader']
- path: "component-replicas"
fieldRef:
fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas']
volumes:
services:
- name: default
ports:
- name: mysql
port: 3306
targetPort: mysql
roleSelector:
- leader
- name: readonly
ports:
- name: mysql
port: 3306
targetPort: mysql
roleSelector:
- follower
configs:
- name: mysql-consensusset-config
templateRef: mysql8.0-config-template
constraintRef: mysql8.0-config-constraints
volumeName: mysql-config
namespace: {{ .Release.Namespace }}
- name: agamotto-configuration
templateRef: apecloud-mysql8-agamotto-configuration
namespace: {{ .Release.Namespace }}
volumeName: agamotto-configuration
defaultMode: 0444 # for only read, mysql container switched user account.
- name: vttablet-config
templateRef: vttablet-config-template
constraintRef: mysql-scale-vttablet-config-constraints
volumeName: mysql-scale-config
namespace: { { .Release.Namespace } }
logConfigs:
{{ - range $name,$pattern := .Values.logConfigs }}
- name: {{ $name }}
filePathPattern: {{ $pattern }}
{{ - end }}
monitor:
builtIn: false
exporterConfig:
scrapePath: /metrics
scrapePort: {{ .Values.metrics.service.port }}
scripts:
- name: apecloud-mysql-scripts
templateRef: apecloud-mysql-scripts
namespace: {{ .Release.Namespace }}
volumeName: scripts
defaultMode: 0555 # for read and execute, mysql container switched user account.
systemAccounts:
- name: root
isSystemInitAccount: true
passwordGenerationPolicy:
length: 16
numDigits: 8
numSymbols: 8
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT ALL PRIVILEGES ON *.* TO $(USERNAME);
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON *.* TO $(USERNAME); GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON *.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION SLAVE ON *.* TO $(USERNAME) WITH GRANT OPTION;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
connectionCredentials:
- name: root
serviceName: default
accountName: root
- name: admin
serviceName: default
accountName: kbadmin
roles:
- name: leader
serviceable: true
writable: true
- name: follower
serviceable: true
writable: false
- name: learner
serviceable: false
writable: false
lifecycleActions:
roleProbe:
failureThreshold: {{ .Values.roleProbe.failureThreshold }}
periodSeconds: {{ .Values.roleProbe.periodSeconds }}
timeoutSeconds: {{ .Values.roleProbe.timeoutSeconds }}
exec:
command:
switchover:
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
exec:
command:
- /scripts/switchover-without-candidate.sh
memberJoin:
memberLeave:
readonly:
readwrite:
dataPopulate:
dataAssemble:
accountProvision:
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
exec:
command:
- mysql
args:
- -u$(MYSQL_ROOT_USER)
- -p$(MYSQL_ROOT_PASSWORD)
- -h$(KB_ACCOUNT_ENDPOINT)
- -e
- $(KB_ACCOUNT_STATEMENT)
env:
- name: MYSQL_ROOT_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false

0 comments on commit 16de5d1

Please sign in to comment.