mirror of
https://github.com/kubernetes-sigs/kustomize.git
synced 2026-05-18 07:05:00 +00:00
237 lines
5.3 KiB
YAML
237 lines
5.3 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
rules:
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
resources:
|
|
- certificatesigningrequests
|
|
verbs:
|
|
- create
|
|
- get
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: dev-base-cockroachdb
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: dev-base-cockroachdb
|
|
namespace: default
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: dev-base-cockroachdb
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: dev-base-cockroachdb
|
|
namespace: default
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
baz: qux
|
|
foo: bar
|
|
kind: ConfigMap
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: dev-base-test-config-map-b2g2dmd64b
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/path: _status/vars
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- name: grpc
|
|
port: 26257
|
|
targetPort: 26257
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
selector:
|
|
app: cockroachdb
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb-public
|
|
spec:
|
|
ports:
|
|
- name: grpc
|
|
port: 26257
|
|
targetPort: 26257
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
selector:
|
|
app: cockroachdb
|
|
---
|
|
apiVersion: apps/v1beta1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: dev-base-cockroachdb
|
|
spec:
|
|
replicas: 3
|
|
serviceName: dev-base-cockroachdb
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- cockroachdb
|
|
topologyKey: kubernetes.io/hostname
|
|
weight: 100
|
|
containers:
|
|
- command:
|
|
- /bin/bash
|
|
- -ecx
|
|
- exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs
|
|
--host $(hostname -f) --http-host 0.0.0.0 --join dev-base-cockroachdb-0.dev-base-cockroachdb,dev-base-cockroachdb-1.dev-base-cockroachdb,dev-base-cockroachdb-2.dev-base-cockroachdb
|
|
--cache 25% --max-sql-memory 25%
|
|
image: cockroachdb/cockroach:v1.1.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: cockroachdb
|
|
ports:
|
|
- containerPort: 26257
|
|
name: grpc
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- mountPath: /cockroach/cockroach-data
|
|
name: datadir
|
|
- mountPath: /cockroach/cockroach-certs
|
|
name: certs
|
|
initContainers:
|
|
- command:
|
|
- /bin/ash
|
|
- -ecx
|
|
- /request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=node
|
|
-addresses=localhost,127.0.0.1,${POD_IP},$(hostname -f),$(hostname -f|cut
|
|
-f 1-2 -d '.'),dev-base-cockroachdb-public -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
env:
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
image: cockroachdb/cockroach-k8s-request-cert:0.2
|
|
imagePullPolicy: IfNotPresent
|
|
name: init-certs
|
|
volumeMounts:
|
|
- mountPath: /cockroach-certs
|
|
name: certs
|
|
serviceAccountName: dev-base-cockroachdb
|
|
terminationGracePeriodSeconds: 60
|
|
volumes:
|
|
- name: datadir
|
|
persistentVolumeClaim:
|
|
claimName: datadir
|
|
- emptyDir: {}
|
|
name: certs
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: datadir
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: batch/v1beta1
|
|
kind: CronJob
|
|
metadata:
|
|
name: dev-base-cronjob-example
|
|
spec:
|
|
concurrencyPolicy: Forbid
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- echo
|
|
- dev-base-cockroachdb
|
|
- dev-base-test-config-map-b2g2dmd64b
|
|
env:
|
|
- name: CDB_PUBLIC_SVC
|
|
value: dev-base-cockroachdb-public
|
|
image: cockroachdb/cockroach:v1.1.5
|
|
name: cronjob-example
|
|
schedule: '*/1 * * * *'
|
|
---
|
|
apiVersion: policy/v1beta1
|
|
kind: PodDisruptionBudget
|
|
metadata:
|
|
labels:
|
|
app: cockroachdb
|
|
name: dev-base-cockroachdb-budget
|
|
spec:
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
app: cockroachdb
|