diff --git a/mysql-operator/README.md b/mysql-operator/README.md deleted file mode 100644 index 1b96cba..0000000 --- a/mysql-operator/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Oracle MySQL operator - -We have switched to MariaDB operator and this is not actually deployed in the cluster anymore - -``` -helm template mysql-operator mysql-operator/mysql-operator --namespace mysql-operator --include-crds > application.yml -kubectl apply -n mysql-operator -f application.yml -f application-extras.yml -f networkpolicy-base.yml -``` diff --git a/mysql-operator/application-extras.yml b/mysql-operator/application-extras.yml deleted file mode 100644 index 14e515c..0000000 --- a/mysql-operator/application-extras.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: mysql-operator -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - # TODO: Not sure why mysql-operator needs to be able to connect - to: - - namespaceSelector: {} - ports: - - protocol: TCP - port: 33060 - - protocol: TCP - port: 3306 diff --git a/mysql-operator/application.yml b/mysql-operator/application.yml deleted file mode 100644 index 1f973e9..0000000 --- a/mysql-operator/application.yml +++ /dev/null @@ -1,608 +0,0 @@ ---- -# Source: crds/crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: innodbclusters.mysql.oracle.com -spec: - group: mysql.oracle.com - versions: - - name: v2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: ["spec"] - properties: - metadata: - type: object - properties: - name: - type: string - maxLength: 40 - spec: - type: object - required: ["secretName"] - properties: - secretName: - type: string - description: "Name of a generic type Secret containing root/default account password" - tlsCASecretName: - type: string - description: "Name of a generic type Secret containing CA (ca.pem) and optional CRL (crl.pem) for SSL" - tlsSecretName: - type: string - description: "Name of a TLS type Secret containing Server certificate and private key for SSL" - tlsUseSelfSigned: - type: boolean - default: false - description: "Enables use of self-signed TLS certificates, reducing or disabling TLS based security verifications" - version: - type: string - pattern: '^\d+\.\d+\.\d+(-.+)?' - description: "MySQL Server version" - edition: - type: string - pattern: "^(community|enterprise)$" - description: "MySQL Server Edition (community or enterprise)" - imageRepository: - type: string - description: "Repository from where images must be pulled from; defaults to mysql for community and container-registry.oracle.com/mysql for enterprise" - imagePullPolicy: - type: string - description: "Defaults to Always, but set to IfNotPresent in deploy-operator.yaml when deploying Operator" - imagePullSecrets: - type: array - items: - type: object - properties: - name: - type: string - serviceAccountName: - type: string - baseServerId: - type: integer - minimum: 0 - maximum: 4294967195 - default: 1000 - description: "Base value for MySQL server_id for instances in the cluster" - datadirVolumeClaimTemplate: - type: object - x-kubernetes-preserve-unknown-fields: true - description: "Template for a PersistentVolumeClaim, to be used as datadir" - mycnf: - type: string - description: "Custom configuration additions for my.cnf" - instances: - type: integer - minimum: 1 - maximum: 9 - default: 1 - description: "Number of MySQL replica instances for the cluster" - podSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - initDB: - type: object - properties: - clone: - type: object - required: ["donorUrl", "secretKeyRef"] - properties: - donorUrl: - type: string - description: "URL of the cluster to clone from" - rootUser: - type: string - default: "root" - description: "User name used for cloning" - secretKeyRef: - type: object - required: ["name"] - properties: - name: - type: string - description: "Secret name with key 'rootPassword' storing the password for the user specified in rootUser" - dump: - type: object - required: ["storage"] - properties: - name: - type: string - description: "Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator" - path: - type: string - description: "Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage." - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "prefix", "credentials"] - properties: - bucketName: - type: string - description: "Name of the bucket where the dump is stored" - prefix: - type: string - description: "Path in the bucket where the dump files are stored" - credentials: - type: string - description: "Secret name with data for accessing the bucket" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in the cloning pod." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - router: - type: object - description: "MySQL Router specification" - properties: - instances: - type: integer - minimum: 0 - default: 1 - description: "Number of MySQL Router instances to deploy" - tlsSecretName: - type: string - description: "Name of a TLS type Secret containing MySQL Router certificate and private key used for SSL" - version: - type: string - pattern: '^\d+\.\d+\.\d+(-.+)?' - description: "Override MySQL Router version" - podSpec: - type: object - x-kubernetes-preserve-unknown-fields: true - backupProfiles: - type: array - description: "Backup profile specifications for the cluster, which can be referenced from backup schedules and one-off backup jobs" - items: - type: object - required: ["name"] - properties: - name: - type: string - description: "Embedded backup profile, referenced as backupProfileName elsewhere" - dumpInstance: - type: object - properties: - dumpOptions: - type: object - description: "A dictionary of key-value pairs passed directly to MySQL Shell's DumpInstance()" - x-kubernetes-preserve-unknown-fields: true - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "prefix", "credentials"] - properties: - bucketName: - type: string - description: "Bucket name where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Secret name with data for accessing the bucket" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - snapshot: - type: object - properties: - storage: - type: object - properties: - ociObjectStorage: - type: object - required: ["bucketName", "prefix", "credentials"] - properties: - bucketName: - type: string - description: "Bucket name where backup is stored" - prefix: - type: string - description: "Path in bucket where backup is stored" - credentials: - type: string - description: "Secret name with data for accessing the bucket" - persistentVolumeClaim: - type: object - description : "Specification of the PVC to be used. Used 'as is' in pod executing the backup." - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-preserve-unknown-fields: true - backupSchedules: - type: array - description: "Schedules for periodically executed backups" - items: - type: object - required: ["name", "schedule"] - x-kubernetes-preserve-unknown-fields: true - properties: - name: - type: string - description: "Name of the backup schedule" - schedule: - type: string - description: "The schedule of the job, syntax as a cron expression" - backupProfileName: - type: string - description: "Name of the backupProfile to be used" - backupProfile: - type: object - description: "backupProfile specification if backupProfileName is not specified" - x-kubernetes-preserve-unknown-fields: true - deleteBackupData: - type: boolean - default: false - description: "Whether to delete the backup data in case the MySQLBackup object created by the job is deleted" - enabled: - type: boolean - default: true - description: "Whether the schedule is enabled or not" - status: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} - additionalPrinterColumns: - - name: Status - type: string - description: Status of the InnoDB Cluster - jsonPath: .status.cluster.status - - name: Online - type: integer - description: Number of ONLINE InnoDB Cluster instances - jsonPath: .status.cluster.onlineInstances - - name: Instances - type: integer - description: Number of InnoDB Cluster instances configured - jsonPath: .spec.instances - - name: Routers - type: integer - description: Number of Router instances configured for the InnoDB Cluster - jsonPath: .spec.router.instances - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - scope: Namespaced - names: - kind: InnoDBCluster - listKind: InnoDBClusterList - singular: innodbcluster - plural: innodbclusters - shortNames: - - ic - - ics ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: mysqlbackups.mysql.oracle.com -spec: - group: mysql.oracle.com - scope: Namespaced - names: - kind: MySQLBackup - listKind: MySQLBackupList - singular: mysqlbackup - plural: mysqlbackups - shortNames: - - mbk - versions: - - name: v2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - required: ["clusterName"] - properties: - clusterName: - type: string - backupProfileName: - type: string - backupProfile: - type: object - x-kubernetes-preserve-unknown-fields: true - addTimestampToBackupDirectory: - type: boolean - default: true - deleteBackupData: - type: boolean - default: false - status: - type: object - properties: - status: - type: string - startTime: - type: string - completionTime: - type: string - elapsedTime: - type: string - output: - type: string - method: - type: string - source: - type: string - bucket: - type: string - ociTenancy: - type: string - spaceAvailable: - type: string - size: - type: string - subresources: - status: {} - additionalPrinterColumns: - - name: Cluster - type: string - description: Name of the target cluster - jsonPath: .spec.clusterName - - name: Status - type: string - description: Status of the Backup - jsonPath: .status.status - - name: Output - type: string - description: Name of the produced file/directory - jsonPath: .status.output - - name: Age - type: date - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterkopfpeerings.zalando.org -spec: - scope: Cluster - group: zalando.org - names: - kind: ClusterKopfPeering - plural: clusterkopfpeerings - singular: clusterkopfpeering - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - x-kubernetes-preserve-unknown-fields: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kopfpeerings.zalando.org -spec: - scope: Namespaced - group: zalando.org - names: - kind: KopfPeering - plural: kopfpeerings - singular: kopfpeering - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - x-kubernetes-preserve-unknown-fields: true - ---- -# Source: mysql-operator/templates/service_account_operator.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mysql-operator-sa - namespace: mysql-operator ---- -# Source: mysql-operator/templates/cluster_role_operator.yaml -# The main role for the operator -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: mysql-operator -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["pods/status"] - verbs: ["get", "patch", "update", "watch"] - # Kopf needs patch on secrets or the sidecar will throw - # The operator needs this verb to be able to pass it to the sidecar - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch", "update"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["rolebindings"] - verbs: ["get", "create"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["get", "create"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create"] - - apiGroups: ["batch"] - resources: ["cronjobs"] - verbs: ["create", "update", "delete"] - - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "create", "patch", "watch", "delete"] - - apiGroups: ["mysql.oracle.com"] - resources: ["*"] - verbs: ["*"] - - apiGroups: ["zalando.org"] - resources: ["*"] - verbs: ["get", "patch", "list", "watch"] - # Kopf: runtime observation of namespaces & CRDs (addition/deletion). - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [list, watch] - - apiGroups: [""] - resources: [namespaces] - verbs: [list, watch] ---- -# Source: mysql-operator/templates/cluster_role_sidecar.yaml -# role for the server sidecar -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: mysql-sidecar -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["pods/status"] - verbs: ["get", "patch", "update", "watch"] - # Kopf needs patch on secrets or the sidecar will throw - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "list", "watch", "patch"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get", "create"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch", "update"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "patch"] - - apiGroups: ["mysql.oracle.com"] - resources: ["innodbclusters"] - verbs: ["get", "watch", "list"] - - apiGroups: ["mysql.oracle.com"] - resources: ["mysqlbackups"] - verbs: ["create", "get", "list", "patch", "update", "watch", "delete"] - - apiGroups: ["mysql.oracle.com"] - resources: ["mysqlbackups/status"] - verbs: ["get", "patch", "update", "watch"] ---- -# Source: mysql-operator/templates/cluster_role_binding_operator.yaml -# Give access to the operator -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: mysql-operator-rolebinding -subjects: - - kind: ServiceAccount - name: mysql-operator-sa - namespace: mysql-operator - # TODO The following entry is for dev purposes only and must be deleted - #- kind: Group - # name: system:serviceaccounts - # apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: mysql-operator - apiGroup: rbac.authorization.k8s.io ---- -# Source: mysql-operator/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: mysql-operator - namespace: mysql-operator - labels: - name: mysql-operator -spec: - type: ClusterIP - ports: - - port: 9443 - protocol: TCP - selector: - name: mysql-operator ---- -# Source: mysql-operator/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mysql-operator - namespace: mysql-operator - labels: - version: "8.0.30-2.0.6" - app.kubernetes.io/name: mysql-operator - app.kubernetes.io/instance: mysql-operator - app.kubernetes.io/version: "8.0.30-2.0.6" - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: helm - app.kubernetes.io/created-by: helm -spec: - replicas: 1 - selector: - matchLabels: - name: mysql-operator - template: - metadata: - labels: - name: mysql-operator - spec: - containers: - - name: mysql-operator - image: mysql/mysql-operator:8.0.30-2.0.6 - imagePullPolicy: IfNotPresent - args: ["mysqlsh", "--log-level=@INFO", "--pym", "mysqloperator", "operator"] - env: - - name: MYSQLSH_USER_CONFIG_HOME - value: /mysqlsh - - - - name: MYSQL_OPERATOR_IMAGE_PULL_POLICY - value: IfNotPresent - - volumeMounts: - - name: mysqlsh-home - mountPath: /mysqlsh - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - volumes: - - name: mysqlsh-home - emptyDir: {} - serviceAccountName: mysql-operator-sa ---- -# Source: mysql-operator/templates/cluster_kopf_keepering.yaml -apiVersion: zalando.org/v1 -kind: ClusterKopfPeering -metadata: - name: mysql-operator diff --git a/mysql-operator/networkpolicy-base.yml b/mysql-operator/networkpolicy-base.yml deleted file mode 120000 index e84a698..0000000 --- a/mysql-operator/networkpolicy-base.yml +++ /dev/null @@ -1 +0,0 @@ -../shared/networkpolicy-base.yml \ No newline at end of file