From 3569c8a6682a550d356f092e53f836a32ef26c75 Mon Sep 17 00:00:00 2001 From: hantmac Date: Mon, 14 Apr 2025 23:41:18 +0800 Subject: [PATCH 1/3] feat: add databend-operator helm chart --- charts/.helmignore | 21 + charts/Chart.yaml | 13 + charts/README.md | 0 charts/templates/databendlabs.io_tenants.yaml | 327 +++++++++++++++ .../templates/databendlabs.io_warehouses.yaml | 388 ++++++++++++++++++ charts/templates/manager.yaml | 56 +++ .../templates/rbac/leader_election_role.yaml | 40 ++ .../rbac/leader_election_role_binding.yaml | 14 + charts/templates/rbac/role.yaml | 82 ++++ charts/templates/rbac/role_binding.yaml | 14 + charts/templates/rbac/service_account.yaml | 7 + charts/values.yaml | 23 ++ 12 files changed, 985 insertions(+) create mode 100644 charts/.helmignore create mode 100644 charts/Chart.yaml create mode 100644 charts/README.md create mode 100644 charts/templates/databendlabs.io_tenants.yaml create mode 100644 charts/templates/databendlabs.io_warehouses.yaml create mode 100644 charts/templates/manager.yaml create mode 100644 charts/templates/rbac/leader_election_role.yaml create mode 100644 charts/templates/rbac/leader_election_role_binding.yaml create mode 100644 charts/templates/rbac/role.yaml create mode 100644 charts/templates/rbac/role_binding.yaml create mode 100644 charts/templates/rbac/service_account.yaml create mode 100644 charts/values.yaml diff --git a/charts/.helmignore b/charts/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/Chart.yaml b/charts/Chart.yaml new file mode 100644 index 0000000..a4cfec3 --- /dev/null +++ b/charts/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +name: databend-operator +description: Helm chart for databend-operator components +version: 0.1.0 +keywords: + - kubernetes + - databend + - databend-operator + - statefulset + - deployment +home: https://www.databend.com/ +sources: + - https://github.com/databendcloud/databend-operator diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..e69de29 diff --git a/charts/templates/databendlabs.io_tenants.yaml b/charts/templates/databendlabs.io_tenants.yaml new file mode 100644 index 0000000..4f9358a --- /dev/null +++ b/charts/templates/databendlabs.io_tenants.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: tenants.databendlabs.io +spec: + group: databendlabs.io + names: + kind: Tenant + listKind: TenantList + plural: tenants + singular: tenant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Tenant is the Schema for the tenants API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TenantSpec defines the desired state of Tenant. + properties: + meta: + description: Configurations to open connections to a Meta cluster. + properties: + autoSyncInterval: + default: 60 + description: Interval for warehouse to sync data from Meta cluster. + type: integer + endpoints: + description: Exposed endpoints of Meta cluster (must list all + pod endpoints in the Meta cluster). + items: + type: string + type: array + password: + description: Password of Meta cluster. + type: string + passwordSecretRef: + description: |- + Reference to the secret with User and Password to Meta cluster. + Secret can be created in any namespace. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + timeoutInSecond: + default: 3 + description: Timeout seconds of connections to Meta cluster. + type: integer + user: + description: User of Meta cluster. + type: string + type: object + s3: + description: Specification of S3 storage. + properties: + accessKey: + description: Access Key ID of S3 storage. + type: string + allowInsecure: + default: true + description: |- + Whether to allow insecure connections to S3 storage. + If set to true, users can establish HTTP connections to S3 storage. + Otherwise, only HTTPS connections are allowed. Default to true. + type: boolean + bucketName: + default: us-east-1 + description: Name of S3 bucket. + type: string + endpoint: + description: Endpoint of S3 storage. + type: string + region: + description: Region of S3 storage. + type: string + rootPath: + description: Root path of S3. + type: string + secretKey: + description: Secret Access Key of S3 storage. + type: string + secretRef: + description: |- + Reference to the secret with SerectKey and AccessKey to S3 storage. + Secret can be created in any namespace. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + users: + description: |- + Built-in users in the warehouse created by this tenant. + If not set, we'll create "admin" user with password "admin". + items: + properties: + authString: + description: Password encrypted with AuthType. + type: string + authStringSecretRef: + description: |- + Reference to the secret with AuthString of user. + Secret can be created in any namespace. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + authType: + default: no_password + description: |- + Authentication type of warehouse password. + Currently we support: sha256_password, no_password. + type: string + name: + description: Name of warehouse user. + type: string + type: object + type: array + type: object + status: + description: TenantStatus defines the observed state of Tenant. + properties: + conditions: + description: Conditions for the Tenant. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/templates/databendlabs.io_warehouses.yaml b/charts/templates/databendlabs.io_warehouses.yaml new file mode 100644 index 0000000..0ad19e9 --- /dev/null +++ b/charts/templates/databendlabs.io_warehouses.yaml @@ -0,0 +1,388 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: warehouses.databendlabs.io +spec: + group: databendlabs.io + names: + kind: Warehouse + listKind: WarehouseList + plural: warehouses + singular: warehouse + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.readyReplicas + name: Ready + type: number + - jsonPath: .spec.replicas + name: Replicas + type: number + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Warehouse is the Schema for the warehouses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: WarehouseSpec defines the desired state of Warehouse. + properties: + cache: + description: Configurations of cache in disk. + properties: + enabled: + description: Whether to enable cache in disk. + type: boolean + path: + description: |- + Path to cache directory in disk. + If not set, default to /var/lib/databend/cache. + type: string + pvc: + default: false + description: Whether to use PVC as the storage of disk cache. + type: boolean + size: + anyOf: + - type: integer + - type: string + description: Max size of cache in disk. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + description: |- + Provide storage class to allocate disk cache automatically. + If not set, default to use EmptyDir as disk cache rather than PVC. + type: string + type: object + ingress: + description: Ingress specifications for Query cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations for Ingress. + type: object + enableLoadBalance: + description: Whether to enable load balance for Ingress. + type: boolean + enabled: + description: Whether to enable Ingress for Query. + type: boolean + hostName: + description: Host name of ingress. + type: string + ingressClassName: + description: Name of IngressClass. + type: string + type: object + labels: + additionalProperties: + type: string + description: Additional labels added to Query pod. + type: object + log: + description: Configurations of logging. + properties: + file: + description: Specifications for logging in files. + properties: + dir: + description: Path to log directory. + type: string + enabled: + description: Whether to enable file logging. + type: boolean + format: + description: Log format. + type: string + level: + description: Log level. + type: string + type: object + profile: + description: Specifications for profile logging. + properties: + enabled: + description: Whether to enable OTLP logging. + type: boolean + endpoint: + description: Endpoint for OpenTelemetry Protocol + type: string + labels: + additionalProperties: + type: string + description: Labels for OpenTelemetry Protocol + type: object + protocol: + default: http + description: OpenTelemetry Protocol + type: string + type: object + query: + description: Specifications for query logging. + properties: + enabled: + description: Whether to enable OTLP logging. + type: boolean + endpoint: + description: Endpoint for OpenTelemetry Protocol + type: string + labels: + additionalProperties: + type: string + description: Labels for OpenTelemetry Protocol + type: object + protocol: + default: http + description: OpenTelemetry Protocol + type: string + type: object + stderr: + description: Specifications for stderr logging. + properties: + enabled: + description: Whether to enable stderr logging. + type: boolean + format: + description: Log format. + type: string + level: + description: Log level. + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector for Query pod. + type: object + queryImage: + description: Image for Query. + type: string + replicas: + description: Desired replicas of Query + minimum: 1 + type: integer + resourcesPerNode: + description: Resource required for each Query pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + settings: + additionalProperties: + type: string + description: Custom settings that will append to the config file of + Query. + type: object + tenant: + description: |- + Reference to the Tenant CR, which provides the configuration of storage and Meta cluster. + Warehouse must be created in the Tenant's namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + tolerations: + description: Taint tolerations for Query pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - queryImage + - replicas + - tenant + type: object + status: + description: WarehouseStatus defines the observed state of Warehouse. + properties: + conditions: + description: Conditions for the Tenant. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + readyReplicas: + description: Number of the ready Query. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/templates/manager.yaml b/charts/templates/manager.yaml new file mode 100644 index 0000000..bed3cf7 --- /dev/null +++ b/charts/templates/manager.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: manager + name: {{ .Values.installation.namespace }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: databend-operator + namespace: {{ .Values.installation.namespace }} + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/name: databend-operator +spec: + selector: + matchLabels: + app.kubernetes.io/component: manager + app.kubernetes.io/name: databend-operator + replicas: {{ .Values.manager.replicas }} + template: + resources: + requests: + cpu: {{ .Values.manager.resources.requests.cpu }} + memory: {{ .Values.manager.resources.requests.memory }} + limits: + cpu: {{ .Values.manager.resources.limits.cpu }} + memory: {{ .Values.manager.resources.limits.memory }} + metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/name: databend-operator + spec: + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: datafuselabs/databend-operator + name: manager + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + serviceAccountName: databend-operator + terminationGracePeriodSeconds: 10 diff --git a/charts/templates/rbac/leader_election_role.yaml b/charts/templates/rbac/leader_election_role.yaml new file mode 100644 index 0000000..fef6233 --- /dev/null +++ b/charts/templates/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: databend-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/charts/templates/rbac/leader_election_role_binding.yaml b/charts/templates/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..e6bbc39 --- /dev/null +++ b/charts/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: databend-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: databend-operator diff --git a/charts/templates/rbac/role.yaml b/charts/templates/rbac/role.yaml new file mode 100644 index 0000000..8bd0268 --- /dev/null +++ b/charts/templates/rbac/role.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: databend-operator-controller-manager +rules: +- apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - databendlabs.io + resources: + - tenants + - warehouses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - databendlabs.io + resources: + - tenants/finalizers + - warehouses/finalizers + verbs: + - update +- apiGroups: + - databendlabs.io + resources: + - tenants/status + - warehouses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/templates/rbac/role_binding.yaml b/charts/templates/rbac/role_binding.yaml new file mode 100644 index 0000000..0605e90 --- /dev/null +++ b/charts/templates/rbac/role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: databend-operator + app.kubernetes.io/managed-by: kustomize + name: databend-operator-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: databend-operator-controller-manager +subjects: +- kind: ServiceAccount + name: databend-operator diff --git a/charts/templates/rbac/service_account.yaml b/charts/templates/rbac/service_account.yaml new file mode 100644 index 0000000..00d2286 --- /dev/null +++ b/charts/templates/rbac/service_account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: databend-operator + app.kubernetes.io/managed-by: kustomize + name: databend-operator diff --git a/charts/values.yaml b/charts/values.yaml new file mode 100644 index 0000000..2720cb1 --- /dev/null +++ b/charts/values.yaml @@ -0,0 +1,23 @@ +installation: + namespace: databend-system + +manager: + replicas: 2 + image: + repository: datafuselabs/databend-operator + tag: v0.1.0 + healthProbe: + port: 8081 + + # resources of databend-operator-manager container + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + + nodeAffinity: {} + nodeSelector: {} + tolerations: [] \ No newline at end of file From d762b71503a7e4dfc5cd23bb72eb0d4f1a4554eb Mon Sep 17 00:00:00 2001 From: hantmac Date: Tue, 15 Apr 2025 09:38:53 +0800 Subject: [PATCH 2/3] fix --- charts/templates/rbac/role_binding.yaml | 1 + charts/templates/rbac/service_account.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/templates/rbac/role_binding.yaml b/charts/templates/rbac/role_binding.yaml index 0605e90..e656789 100644 --- a/charts/templates/rbac/role_binding.yaml +++ b/charts/templates/rbac/role_binding.yaml @@ -11,4 +11,5 @@ roleRef: name: databend-operator-controller-manager subjects: - kind: ServiceAccount + namespace: {{ .Values.namespace }} name: databend-operator diff --git a/charts/templates/rbac/service_account.yaml b/charts/templates/rbac/service_account.yaml index 00d2286..d643b8b 100644 --- a/charts/templates/rbac/service_account.yaml +++ b/charts/templates/rbac/service_account.yaml @@ -5,3 +5,4 @@ metadata: app.kubernetes.io/name: databend-operator app.kubernetes.io/managed-by: kustomize name: databend-operator + namespace: {{ .Values.namespace }} From 89c9c626282769bb7c05646c8f911990bb0994af Mon Sep 17 00:00:00 2001 From: hantmac Date: Tue, 15 Apr 2025 10:14:53 +0800 Subject: [PATCH 3/3] enlarge resource --- examples/get-started/warehouse.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/get-started/warehouse.yaml b/examples/get-started/warehouse.yaml index dc38bf6..a07b4a6 100644 --- a/examples/get-started/warehouse.yaml +++ b/examples/get-started/warehouse.yaml @@ -10,5 +10,5 @@ spec: name: test resourcesPerNode: limits: - cpu: 100m - memory: 100Mi + cpu: 500m + memory: 1Gi