From 16de5d1cef4016171c8782ef67c2be99fb0172e6 Mon Sep 17 00:00:00 2001 From: Leon Date: Tue, 24 Oct 2023 18:06:41 +0800 Subject: [PATCH] component definition for apecloud-mysql --- .../templates/componentdefinition.yaml | 263 ++++++++++++++++++ 1 file changed, 263 insertions(+) create mode 100644 deploy/apecloud-mysql/templates/componentdefinition.yaml diff --git a/deploy/apecloud-mysql/templates/componentdefinition.yaml b/deploy/apecloud-mysql/templates/componentdefinition.yaml new file mode 100644 index 00000000000..2df2ba160ce --- /dev/null +++ b/deploy/apecloud-mysql/templates/componentdefinition.yaml @@ -0,0 +1,263 @@ +apiVersion: apps.kubeblocks.io/v1alpha1 +kind: ComponentDefinition +metadata: + name: {{ .Chart.name }}-{{ .Chart.version }} + labels: + {{- include "apecloud-mysql.labels" . | nindent 4 }} +spec: + provider: kubeblocks.io + description: {{ .Chart.description }} + serviceKind: mysql + serviceVersion: {{ .Chart.appVersion }} + runtime: + containers: + - name: mysql + image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ default "IfNotPresent" .Values.image.pullPolicy }} + command: [ "/scripts/setup.sh" ] + env: + - name: SERVICE_PORT + value: "3306" + - name: MYSQL_ROOT_HOST + value: {{ .Values.auth.rootHost | default "%" | quote }} + - name: MYSQL_ROOT_USER + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: username + optional: false + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: password + optional: false + - name: MYSQL_DATABASE + value: {{ - if .Values.auth.createDatabase }} {{ .Values.auth.database | quote }} {{ - else }} "" {{ - end }} + - name: MYSQL_USER + value: {{ .Values.auth.username | default "" | quote }} + - name: MYSQL_PASSWORD + value: {{ .Values.auth.password | default "" | quote }} + - name: CLUSTER_ID + value: {{ .Values.cluster.clusterId | default "1" | quote }} + - name: CLUSTER_START_INDEX + value: {{ .Values.cluster.clusterStartIndex | default "1" | quote }} + - name: REPLICATION_USER + value: {{ .Values.auth.replicationUser | default "replicator" | quote }} + - name: REPLICATION_PASSWORD + value: {{ .Values.auth.replicationPassword | default "" | quote }} + - name: MYSQL_TEMPLATE_CONFIG + value: {{ if .Values.cluster.templateConfig }}{{ .Values.cluster.templateConfig }}{{ end }} + - name: MYSQL_CUSTOM_CONFIG + value: {{ if .Values.cluster.customConfig }}{{ .Values.cluster.customConfig }}{{ end }} + - name: MYSQL_DYNAMIC_CONFIG + value: {{ if .Values.cluster.dynamicConfig }}{{ .Values.cluster.dynamicConfig }}{{ end }} + - name: KB_EMBEDDED_WESQL + value: {{ .Values.cluster.kbWeSQLImage | default "1" | quote }} + volumeMounts: + - mountPath: {{ .Values.mysqlConfigs.dataMountPath }} + name: data + - mountPath: /opt/mysql + name: mysql-config + - name: scripts + mountPath: /scripts + - name: annotations + mountPath: /etc/annotations + ports: + - containerPort: 3306 + name: mysql + - containerPort: 13306 + name: paxos + lifecycle: + preStop: + exec: + command: [ "/scripts/pre-stop.sh" ] + - name: metrics + image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + command: [ "/scripts/agamotto.sh" ] + env: + - name: DB_TYPE + value: MySQL + - name: ENDPOINT + value: {{ printf "localhost:3306" }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: username + optional: false + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: password + optional: false + volumeMounts: + - name: agamotto-configuration + mountPath: /opt/agamotto + - name: data + mountPath: {{ .Values.mysqlConfigs.dataMountPath }} + {{ - if .Values.logCollector.enabled }} + - name: log-data + mountPath: /var/log/kubeblocks + readOnly: false + {{ - end }} + - name: scripts + mountPath: /scripts + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.service.port }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + volumes: + {{ - if .Values.logCollector.enabled }} + - name: log-data + hostPath: + path: /var/log/kubeblocks + type: DirectoryOrCreate + {{ - end }} + - name: annotations + downwardAPI: + items: + - path: "leader" + fieldRef: + fieldPath: metadata.annotations['cs.apps.kubeblocks.io/leader'] + - path: "component-replicas" + fieldRef: + fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas'] + volumes: + services: + - name: default + ports: + - name: mysql + port: 3306 + targetPort: mysql + roleSelector: + - leader + - name: readonly + ports: + - name: mysql + port: 3306 + targetPort: mysql + roleSelector: + - follower + configs: + - name: mysql-consensusset-config + templateRef: mysql8.0-config-template + constraintRef: mysql8.0-config-constraints + volumeName: mysql-config + namespace: {{ .Release.Namespace }} + - name: agamotto-configuration + templateRef: apecloud-mysql8-agamotto-configuration + namespace: {{ .Release.Namespace }} + volumeName: agamotto-configuration + defaultMode: 0444 # for only read, mysql container switched user account. + - name: vttablet-config + templateRef: vttablet-config-template + constraintRef: mysql-scale-vttablet-config-constraints + volumeName: mysql-scale-config + namespace: { { .Release.Namespace } } + logConfigs: + {{ - range $name,$pattern := .Values.logConfigs }} + - name: {{ $name }} + filePathPattern: {{ $pattern }} + {{ - end }} + monitor: + builtIn: false + exporterConfig: + scrapePath: /metrics + scrapePort: {{ .Values.metrics.service.port }} + scripts: + - name: apecloud-mysql-scripts + templateRef: apecloud-mysql-scripts + namespace: {{ .Release.Namespace }} + volumeName: scripts + defaultMode: 0555 # for read and execute, mysql container switched user account. + systemAccounts: + - name: root + isSystemInitAccount: true + passwordGenerationPolicy: + length: 16 + numDigits: 8 + numSymbols: 8 + letterCase: MixedCases + - name: kbadmin + statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT ALL PRIVILEGES ON *.* TO $(USERNAME); + passwordGenerationPolicy: &defaultPasswordGenerationPolicy + length: 10 + numDigits: 5 + numSymbols: 0 + letterCase: MixedCases + - name: kbdataprotection + statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON *.* TO $(USERNAME); GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON *.* TO $(USERNAME); + passwordGenerationPolicy: *defaultPasswordGenerationPolicy + - name: kbprobe + statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME); + passwordGenerationPolicy: *defaultPasswordGenerationPolicy + - name: kbmonitoring + statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME); + passwordGenerationPolicy: *defaultPasswordGenerationPolicy + - name: kbreplicator + statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION SLAVE ON *.* TO $(USERNAME) WITH GRANT OPTION; + passwordGenerationPolicy: *defaultPasswordGenerationPolicy + connectionCredentials: + - name: root + serviceName: default + accountName: root + - name: admin + serviceName: default + accountName: kbadmin + roles: + - name: leader + serviceable: true + writable: true + - name: follower + serviceable: true + writable: false + - name: learner + serviceable: false + writable: false + lifecycleActions: + roleProbe: + failureThreshold: {{ .Values.roleProbe.failureThreshold }} + periodSeconds: {{ .Values.roleProbe.periodSeconds }} + timeoutSeconds: {{ .Values.roleProbe.timeoutSeconds }} + exec: + command: + switchover: + image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} + exec: + command: + - /scripts/switchover-without-candidate.sh + memberJoin: + memberLeave: + readonly: + readwrite: + dataPopulate: + dataAssemble: + accountProvision: + image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + exec: + command: + - mysql + args: + - -u$(MYSQL_ROOT_USER) + - -p$(MYSQL_ROOT_PASSWORD) + - -h$(KB_ACCOUNT_ENDPOINT) + - -e + - $(KB_ACCOUNT_STATEMENT) + env: + - name: MYSQL_ROOT_USER + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: username + optional: false + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: $(CONN_CREDENTIAL_SECRET_NAME) + key: password + optional: false \ No newline at end of file