diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..05aa1f138 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,27 @@ +name: release helm chart + +on: + push: + branches: + - 'master' + - '*release' + - 'helm-chart' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/Makefile b/Makefile index 8ac1c38d7..9c3762545 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ include make/* VERSION ?= 2.0.0 # Image URL to use all building/pushing image targets -IMG ?= oceanbasedev/ob-operator:${VERSION} +IMG ?= oceanbase/ob-operator:${VERSION} # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.26.1 diff --git a/README.md b/README.md index c4107277c..c3bfd65e6 100644 --- a/README.md +++ b/README.md @@ -1,94 +1,67 @@ -# ob-operator-generate -// TODO(user): Add simple overview of use/purpose +# What is ob-operator +The ob-operator is a Kubernetes operator that simplifies the deployment and management of OceanBase cluster and related resources on Kubernetes. -## Description -// TODO(user): An in-depth paragraph about your project and overview of use +# Quick Start +## Requirement +In order to run ob-operator properly, [cert-manager](https://cert-manager.io/docs) needs to be deployed as its dependency, for more details about how to install it, please refer to the [installation](https://cert-manager.io/docs/installation/) document. -## Getting Started -You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster. -**Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows). +## Deploy ob-operator +### Using helm +[Helm](https://github.com/helm/helm) is a package management tool for Kubernetes, please refer to the helm documentation to install the helm client. -### Running on the cluster -1. Install Instances of Custom Resources: - -```sh -kubectl apply -f config/samples/ ``` - -2. Build and push your image to the location specified by `IMG`: - -```sh -make docker-build docker-push IMG=/ob-operator-generate:tag +helm repo add ob-operator https://oceanbase.github.io/ob-operator/ +helm install ob-operator ob-operator/ob-operator --namespace=oceanbase-system --create-namespace --version=2.0.0 ``` -3. Deploy the controller to the cluster with the image specified by `IMG`: - -```sh -make deploy IMG=/ob-operator-generate:tag +### Using configuration file +The configuration files are located under deploy directory, using the following commands to deploy ob-operator. ``` - -### Uninstall CRDs -To delete the CRDs from the cluster: - -```sh -make uninstall +# Deploy ob-operator +kubectl apply -f deploy/operator.yaml ``` -### Undeploy controller -UnDeploy the controller from the cluster: +## Deploy OceanBase cluster +### Customize configuration file +`deploy/obcluster.yaml` defines an OceanBase cluster, including deployment topology, resources, storages etc. You can configure your own OceanBase based on this file. -```sh -make undeploy +### Deploy OceanBase +Create namespace if needed, namespace should match the one in configuration file `deploy/obcluster.yaml` ``` - -## Contributing -// TODO(user): Add detailed information on how you would like others to contribute to this project - -### How it works -This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/). - -It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/), -which provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster. - -### Test It Out -1. Install the CRDs into the cluster: - -```sh -make install +kubectl create namespace oceanbase ``` - -2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running): - -```sh -make run +Create secret for users, secret name must be the same as these configed in deploy/obcluster.yaml under spec.userSecrets ``` +# create secret to hold password for user root +kubectl create secret -n oceanbase generic test-user-root --from-literal=password='******' -**NOTE:** You can also run this in one step by running: `make install run` +# create secret to hold password for user proxyro, proxyro is a readonly user for obproxy to query meta info +kubectl create secret -n oceanbase generic test-user-proxyro --from-literal=password='******' -### Modifying the API definitions -If you are editing the API definitions, generate the manifests such as CRs or CRDs using: +# create secret to hold password for user monitor, monitor is a readonly user for obagent to query metric data +kubectl create secret -n oceanbase generic test-user-monitor --from-literal=password='******' -```sh -make manifests +# create secret to hold password for user operator, operator is the admin user for obproxy to maintain obcluster +kubectl create secret -n oceanbase generic test-user-operator --from-literal=password='******' ``` +Using the following command to deploy OceanBase Cluster +``` +kubectl apply -f deploy/obcluster.yaml +``` +It may take a while to complete the whole process to deploy OceanBase cluster, you can use the following command to check whether it's finished +``` +kubectl get obclusters test -n oceanbase -o yaml +``` +wait until the status of obclster resource turns into running. -**NOTE:** Run `make --help` for more information on all potential `make` targets - -More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) - -## License - -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 +### Connect to OceanBase Cluster +After successfully deployed OceanBase cluster, you can connect to OceanBase cluster via any observer pod's ip. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +# Contributing +Contributions are warmly welcomed and greatly appreciated. Here are a few ways you can contribute: +- Raise us an [Issue](https://github.com/oceanbase/ob-operator/issues). +- Create a [Pull Request](https://github.com/oceanbase/ob-operator/pulls). +# License +Ob-operator is licensed under the [MulanPSL - 2.0](http://license.coscl.org.cn/MulanPSL2) license. You can copy and use the source code freely. When you modify or distribute the source code, please follow the MulanPSL - 2.0 license. diff --git a/api/v1alpha1/monitor_template.go b/api/v1alpha1/monitor_template.go index 3f860ec34..e9d2a1588 100644 --- a/api/v1alpha1/monitor_template.go +++ b/api/v1alpha1/monitor_template.go @@ -13,7 +13,6 @@ See the Mulan PSL v2 for more details. package v1alpha1 type MonitorTemplate struct { - Image string `json:"image"` - Resource *ResourceSpec `json:"resource,omitempty"` - Storage *ObagentStorageSpec `json:"storage"` + Image string `json:"image"` + Resource *ResourceSpec `json:"resource,omitempty"` } diff --git a/api/v1alpha1/obclusterbackup_types.go b/api/v1alpha1/obclusterbackup_types.go deleted file mode 100644 index 9264b0069..000000000 --- a/api/v1alpha1/obclusterbackup_types.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// OBClusterBackupSpec defines the desired state of OBClusterBackup -type OBClusterBackupSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // Foo is an example field of OBClusterBackup. Edit obclusterbackup_types.go to remove/update - Foo string `json:"foo,omitempty"` -} - -// OBClusterBackupStatus defines the observed state of OBClusterBackup -type OBClusterBackupStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file -} - -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status - -// OBClusterBackup is the Schema for the obclusterbackups API -type OBClusterBackup struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec OBClusterBackupSpec `json:"spec,omitempty"` - Status OBClusterBackupStatus `json:"status,omitempty"` -} - -//+kubebuilder:object:root=true - -// OBClusterBackupList contains a list of OBClusterBackup -type OBClusterBackupList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []OBClusterBackup `json:"items"` -} - -func init() { - SchemeBuilder.Register(&OBClusterBackup{}, &OBClusterBackupList{}) -} diff --git a/api/v1alpha1/obclusterrestore_types.go b/api/v1alpha1/obclusterrestore_types.go deleted file mode 100644 index 402d37b6f..000000000 --- a/api/v1alpha1/obclusterrestore_types.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// OBClusterRestoreSpec defines the desired state of OBClusterRestore -type OBClusterRestoreSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // Foo is an example field of OBClusterRestore. Edit obclusterrestore_types.go to remove/update - Foo string `json:"foo,omitempty"` -} - -// OBClusterRestoreStatus defines the observed state of OBClusterRestore -type OBClusterRestoreStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file -} - -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status - -// OBClusterRestore is the Schema for the obclusterrestores API -type OBClusterRestore struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec OBClusterRestoreSpec `json:"spec,omitempty"` - Status OBClusterRestoreStatus `json:"status,omitempty"` -} - -//+kubebuilder:object:root=true - -// OBClusterRestoreList contains a list of OBClusterRestore -type OBClusterRestoreList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []OBClusterRestore `json:"items"` -} - -func init() { - SchemeBuilder.Register(&OBClusterRestore{}, &OBClusterRestoreList{}) -} diff --git a/api/v1alpha1/obtenantbackup_types.go b/api/v1alpha1/obtenantbackup_types.go index 2e955c8a5..5a551af05 100644 --- a/api/v1alpha1/obtenantbackup_types.go +++ b/api/v1alpha1/obtenantbackup_types.go @@ -29,13 +29,13 @@ type OBTenantBackupSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster // Important: Run "make" to regenerate code after modifying this file - Type apitypes.BackupJobType `json:"type"` - TenantName string `json:"tenantName"` - TenantSecret string `json:"tenantSecret"` - ObClusterName string `json:"obClusterName"` - Path string `json:"path,omitempty"` + Type apitypes.BackupJobType `json:"type"` // Type of backup job + TenantName string `json:"tenantName"` // Name of tenant in database + TenantSecret string `json:"tenantSecret"` // Secret that stores root password of tenant + ObClusterName string `json:"obClusterName"` // Name of obcluster resource + Path string `json:"path,omitempty"` // Path to store backup files - EncryptionSecret string `json:"encryptionSecret,omitempty"` + EncryptionSecret string `json:"encryptionSecret,omitempty"` // Secret that stores backup encryption key } // +kubebuilder:object:generate=false @@ -44,7 +44,7 @@ type OBTenantBackupStatus struct { // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster // Important: Run "make" to regenerate code after modifying this file Status apitypes.BackupJobStatus `json:"status"` - Progress string `json:"progress,omitempty"` + Progress string `json:"progress,omitempty"` // Not support yet OperationContext *OperationContext `json:"operationContext,omitempty"` StartedAt string `json:"startedAt,omitempty"` EndedAt string `json:"endedAt,omitempty"` diff --git a/api/v1alpha1/obtenantbackuppolicy_types.go b/api/v1alpha1/obtenantbackuppolicy_types.go index cc490dded..0917b9d0a 100644 --- a/api/v1alpha1/obtenantbackuppolicy_types.go +++ b/api/v1alpha1/obtenantbackuppolicy_types.go @@ -30,8 +30,9 @@ type OBTenantBackupPolicySpec struct { // Important: Run "make" to regenerate code after modifying this file ObClusterName string `json:"obClusterName"` - TenantName string `json:"tenantName"` // Name of obtenant resource - TenantSecret string `json:"tenantSecret,omitempty"` // Deprecated + TenantName string `json:"tenantName,omitempty"` // Name of tenant in database + TenantSecret string `json:"tenantSecret,omitempty"` // Recommend to use 'credentials' of OBTenant instead + TenantCRName string `json:"tenantCRName,omitempty"` // Name of obtenant resource JobKeepWindow string `json:"jobKeepWindow,omitempty"` Suspend bool `json:"suspend,omitempty"` LogArchive LogArchiveConfig `json:"logArchive"` diff --git a/api/v1alpha1/obtenantbackuppolicy_webhook.go b/api/v1alpha1/obtenantbackuppolicy_webhook.go index 1b5b3f991..17342d9e2 100644 --- a/api/v1alpha1/obtenantbackuppolicy_webhook.go +++ b/api/v1alpha1/obtenantbackuppolicy_webhook.go @@ -75,40 +75,41 @@ func (r *OBTenantBackupPolicy) Default() { // only "default" is permitted r.Spec.DataClean.Name = "default" - tenant := &OBTenant{} - err := bakCtl.Get(context.Background(), types.NamespacedName{ - Namespace: r.GetNamespace(), - Name: r.Spec.TenantName, - }, tenant) - // throw error in validator webhook - if err != nil { - return - } - if tenant.Status.Status != tenantstatus.Running { - return - } - if r.Spec.DataBackup.Destination.Type == constants.BackupDestTypeOSS { r.Spec.DataBackup.Destination.Path = strings.ReplaceAll(r.Spec.DataBackup.Destination.Path, "/?", "?") } if r.Spec.LogArchive.Destination.Type == constants.BackupDestTypeOSS { r.Spec.LogArchive.Destination.Path = strings.ReplaceAll(r.Spec.LogArchive.Destination.Path, "/?", "?") } + if r.Spec.TenantCRName != "" { + tenant := &OBTenant{} + err := bakCtl.Get(context.Background(), types.NamespacedName{ + Namespace: r.GetNamespace(), + Name: r.Spec.TenantCRName, + }, tenant) + // throw error in validator webhook + if err != nil { + return + } + if tenant.Status.Status != tenantstatus.Running { + return + } - blockOwnerDeletion := true - r.SetOwnerReferences([]metav1.OwnerReference{{ - APIVersion: tenant.APIVersion, - Kind: tenant.Kind, - Name: tenant.GetObjectMeta().GetName(), - UID: tenant.GetObjectMeta().GetUID(), - BlockOwnerDeletion: &blockOwnerDeletion, - }}) - - r.SetLabels(map[string]string{ - oceanbaseconst.LabelTenantName: r.Spec.TenantName, - oceanbaseconst.LabelRefOBCluster: r.Spec.ObClusterName, - oceanbaseconst.LabelRefUID: string(tenant.GetObjectMeta().GetUID()), - }) + blockOwnerDeletion := true + r.SetOwnerReferences([]metav1.OwnerReference{{ + APIVersion: tenant.APIVersion, + Kind: tenant.Kind, + Name: tenant.GetObjectMeta().GetName(), + UID: tenant.GetObjectMeta().GetUID(), + BlockOwnerDeletion: &blockOwnerDeletion, + }}) + + r.SetLabels(map[string]string{ + oceanbaseconst.LabelTenantName: r.Spec.TenantName, + oceanbaseconst.LabelRefOBCluster: r.Spec.ObClusterName, + oceanbaseconst.LabelRefUID: string(tenant.GetObjectMeta().GetUID()), + }) + } } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. @@ -123,30 +124,31 @@ func (r *OBTenantBackupPolicy) ValidateCreate() (admission.Warnings, error) { return nil, err } ctx := context.TODO() - tenant := &OBTenant{} - err = bakCtl.Get(ctx, types.NamespacedName{ - Namespace: r.GetNamespace(), - Name: r.Spec.TenantName, - }, tenant) - if err != nil { - return nil, apierrors.NewNotFound(schema.GroupResource{Group: "oceanbase.oceanbase.com", Resource: "obtenants"}, r.Spec.TenantName) - } - - if tenant.Status.Status != tenantstatus.Running { - return nil, errors.New("tenant is not running") - } + if r.Spec.TenantCRName != "" { + tenant := &OBTenant{} + err = bakCtl.Get(ctx, types.NamespacedName{ + Namespace: r.GetNamespace(), + Name: r.Spec.TenantCRName, + }, tenant) + if err != nil { + return nil, apierrors.NewNotFound(schema.GroupResource{Group: "oceanbase.oceanbase.com", Resource: "obtenants"}, r.Spec.TenantName) + } - policyList := &OBTenantBackupPolicyList{} - err = bakCtl.List(ctx, policyList, client.MatchingLabels{ - oceanbaseconst.LabelTenantName: r.Spec.TenantName, - oceanbaseconst.LabelRefOBCluster: r.Spec.ObClusterName, - oceanbaseconst.LabelRefUID: string(tenant.GetObjectMeta().GetUID()), - }) - if err != nil { - return nil, apierrors.NewInternalError(err) - } - if len(policyList.Items) > 0 { - return nil, apierrors.NewAlreadyExists(schema.GroupResource{Group: "oceanbase.oceanbase.com", Resource: "obtenantbackuppolicies"}, policyList.Items[0].GetObjectMeta().GetName()) + if tenant.Status.Status != tenantstatus.Running { + return nil, errors.New("tenant is not running") + } + policyList := &OBTenantBackupPolicyList{} + err = bakCtl.List(ctx, policyList, client.MatchingLabels{ + oceanbaseconst.LabelTenantName: r.Spec.TenantCRName, + oceanbaseconst.LabelRefOBCluster: r.Spec.ObClusterName, + oceanbaseconst.LabelRefUID: string(tenant.GetUID()), + }) + if err != nil { + return nil, apierrors.NewInternalError(err) + } + if len(policyList.Items) > 0 { + return nil, apierrors.NewAlreadyExists(schema.GroupResource{Group: "oceanbase.oceanbase.com", Resource: "obtenantbackuppolicies"}, policyList.Items[0].GetObjectMeta().GetName()) + } } return nil, nil @@ -154,7 +156,16 @@ func (r *OBTenantBackupPolicy) ValidateCreate() (admission.Warnings, error) { // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type func (r *OBTenantBackupPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - _ = old + currentResource := old.(*OBTenantBackupPolicy) + if currentResource.Status.Status == constants.BackupPolicyStatusRunning { + if r.Spec.DataBackup.EncryptionSecret != currentResource.Spec.DataBackup.EncryptionSecret { + return nil, field.Invalid( + field.NewPath("spec").Child("dataBackup").Child("encryptionSecret"), + r.Spec.DataBackup.EncryptionSecret, + "encryptionSecret can not be changed when backup policy is running, please pause the backup policy first", + ) + } + } return nil, r.validateBackupPolicy() } @@ -174,8 +185,11 @@ func (r *OBTenantBackupPolicy) validateBackupPolicy() error { if r.Spec.ObClusterName == "" { return errors.New("obClusterName is required") } - if r.Spec.TenantName == "" { - return errors.New("tenantName is required") + if r.Spec.TenantName == "" && r.Spec.TenantCRName == "" { + return field.Invalid(field.NewPath("spec").Child("[tenantName | tenantCRName]"), r.Spec.TenantName, "tenantName and tenantCRName are both empty") + } + if r.Spec.TenantCRName == "" && r.Spec.TenantSecret == "" { + return field.Invalid(field.NewPath("spec").Child("tenantSecret"), r.Spec.TenantSecret, "tenantSecret is required when using tenantName") } ossPathPattern := regexp.MustCompile("^oss://[^/]+/[^/].*\\?host=.+$") @@ -192,18 +206,12 @@ func (r *OBTenantBackupPolicy) validateBackupPolicy() error { return field.Invalid(field.NewPath("spec").Child("dataBackup").Child("encryptionSecret"), r.Spec.DataBackup.EncryptionSecret, "'password' field not found in encryptionSecret") } } - if r.Spec.DataBackup.Destination.Type == constants.BackupDestTypeOSS { + + if r.Spec.DataBackup.Destination.Type == constants.BackupDestTypeOSS && r.Spec.DataBackup.Destination.OSSAccessSecret != "" { if !ossPathPattern.MatchString(r.Spec.DataBackup.Destination.Path) { return field.Invalid(field.NewPath("spec").Child("dataBackup").Child("destination").Child("path"), r.Spec.DataBackup.Destination.Path, "invalid path, pattern: ^oss://[^/]+/[^/].*\\?host=.+$") } - if r.Spec.DataBackup.Destination.OSSAccessSecret == "" { - return field.Invalid( - field.NewPath("spec").Child("dataBackup").Child("destination").Child("ossAccessSecret"), - r.Spec.DataBackup.Destination.OSSAccessSecret, - "Backup tenant log to OSS type destination must have a OSSAccessSecret", - ) - } secret := &v1.Secret{} err := bakCtl.Get(context.Background(), types.NamespacedName{ Namespace: r.GetNamespace(), @@ -236,18 +244,11 @@ func (r *OBTenantBackupPolicy) validateBackupPolicy() error { } } - if r.Spec.LogArchive.Destination.Type == constants.BackupDestTypeOSS { + if r.Spec.LogArchive.Destination.Type == constants.BackupDestTypeOSS && r.Spec.LogArchive.Destination.OSSAccessSecret != "" { if !ossPathPattern.MatchString(r.Spec.LogArchive.Destination.Path) { return field.Invalid(field.NewPath("spec").Child("logArchive").Child("destination").Child("path"), r.Spec.LogArchive.Destination.Path, "invalid path, pattern: ^oss://[^/]+/[^/].*\\?host=.+$") } - if r.Spec.LogArchive.Destination.OSSAccessSecret == "" { - return field.Invalid( - field.NewPath("spec").Child("logArchive").Child("destination").Child("ossAccessSecret"), - r.Spec.LogArchive.Destination.OSSAccessSecret, - "Backup tenant log to OSS type destination must have a OSSAccessSecret", - ) - } secret := &v1.Secret{} err := bakCtl.Get(context.Background(), types.NamespacedName{ Namespace: r.GetNamespace(), diff --git a/api/v1alpha1/obtenantrestore_types.go b/api/v1alpha1/obtenantrestore_types.go index 245d06dc9..24f7b2cd0 100644 --- a/api/v1alpha1/obtenantrestore_types.go +++ b/api/v1alpha1/obtenantrestore_types.go @@ -41,9 +41,10 @@ type RestoreSourceSpec struct { BakDataSource *apitypes.BackupDestination `json:"bakDataSource,omitempty"` BakEncryptionSecret string `json:"bakEncryptionSecret,omitempty"` - SourceUri string `json:"sourceUri,omitempty"` // Deprecated + SourceUri string `json:"sourceUri,omitempty"` // Deprecated, use ArchiveSource and BakDataSource instead Until RestoreUntilConfig `json:"until"` Description *string `json:"description,omitempty"` + ReplayEnabled bool `json:"replayEnabled,omitempty"` ReplayLogUntil *RestoreUntilConfig `json:"replayLogUntil,omitempty"` Cancel bool `json:"cancel,omitempty"` } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index df9cd388a..251ad77f2 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -131,11 +131,6 @@ func (in *MonitorTemplate) DeepCopyInto(out *MonitorTemplate) { *out = new(ResourceSpec) (*in).DeepCopyInto(*out) } - if in.Storage != nil { - in, out := &in.Storage, &out.Storage - *out = new(ObagentStorageSpec) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitorTemplate. @@ -175,95 +170,6 @@ func (in *OBCluster) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterBackup) DeepCopyInto(out *OBClusterBackup) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterBackup. -func (in *OBClusterBackup) DeepCopy() *OBClusterBackup { - if in == nil { - return nil - } - out := new(OBClusterBackup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OBClusterBackup) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterBackupList) DeepCopyInto(out *OBClusterBackupList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]OBClusterBackup, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterBackupList. -func (in *OBClusterBackupList) DeepCopy() *OBClusterBackupList { - if in == nil { - return nil - } - out := new(OBClusterBackupList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OBClusterBackupList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterBackupSpec) DeepCopyInto(out *OBClusterBackupSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterBackupSpec. -func (in *OBClusterBackupSpec) DeepCopy() *OBClusterBackupSpec { - if in == nil { - return nil - } - out := new(OBClusterBackupSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterBackupStatus) DeepCopyInto(out *OBClusterBackupStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterBackupStatus. -func (in *OBClusterBackupStatus) DeepCopy() *OBClusterBackupStatus { - if in == nil { - return nil - } - out := new(OBClusterBackupStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OBClusterList) DeepCopyInto(out *OBClusterList) { *out = *in @@ -296,95 +202,6 @@ func (in *OBClusterList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterRestore) DeepCopyInto(out *OBClusterRestore) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterRestore. -func (in *OBClusterRestore) DeepCopy() *OBClusterRestore { - if in == nil { - return nil - } - out := new(OBClusterRestore) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OBClusterRestore) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterRestoreList) DeepCopyInto(out *OBClusterRestoreList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]OBClusterRestore, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterRestoreList. -func (in *OBClusterRestoreList) DeepCopy() *OBClusterRestoreList { - if in == nil { - return nil - } - out := new(OBClusterRestoreList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OBClusterRestoreList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterRestoreSpec) DeepCopyInto(out *OBClusterRestoreSpec) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterRestoreSpec. -func (in *OBClusterRestoreSpec) DeepCopy() *OBClusterRestoreSpec { - if in == nil { - return nil - } - out := new(OBClusterRestoreSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OBClusterRestoreStatus) DeepCopyInto(out *OBClusterRestoreStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OBClusterRestoreStatus. -func (in *OBClusterRestoreStatus) DeepCopy() *OBClusterRestoreStatus { - if in == nil { - return nil - } - out := new(OBClusterRestoreStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OBClusterSpec) DeepCopyInto(out *OBClusterSpec) { *out = *in diff --git a/charts/ob-operator/.helmignore b/charts/ob-operator/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/ob-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ob-operator/Chart.yaml b/charts/ob-operator/Chart.yaml new file mode 100644 index 000000000..453000279 --- /dev/null +++ b/charts/ob-operator/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v1alpha1 +appVersion: 2.0.0 +description: A Helm chart for OB-Operator +name: ob-operator +type: application +version: 2.0.0 diff --git a/charts/ob-operator/templates/_helpers.tpl b/charts/ob-operator/templates/_helpers.tpl new file mode 100644 index 000000000..6cf299894 --- /dev/null +++ b/charts/ob-operator/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ob-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ob-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ob-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ob-operator.labels" -}} +helm.sh/chart: {{ include "ob-operator.chart" . }} +{{ include "ob-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ob-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ob-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ob-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ob-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/ob-operator/templates/operator.yaml b/charts/ob-operator/templates/operator.yaml new file mode 100644 index 000000000..6cb09ed5e --- /dev/null +++ b/charts/ob-operator/templates/operator.yaml @@ -0,0 +1,8061 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obclusterbackups.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBClusterBackup + listKind: OBClusterBackupList + plural: obclusterbackups + singular: obclusterbackup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBClusterBackup is the Schema for the obclusterbackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBClusterBackupSpec defines the desired state of OBClusterBackup + properties: + foo: + description: Foo is an example field of OBClusterBackup. Edit obclusterbackup_types.go + to remove/update + type: string + type: object + status: + description: OBClusterBackupStatus defines the observed state of OBClusterBackup + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obclusterrestores.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBClusterRestore + listKind: OBClusterRestoreList + plural: obclusterrestores + singular: obclusterrestore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBClusterRestore is the Schema for the obclusterrestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBClusterRestoreSpec defines the desired state of OBClusterRestore + properties: + foo: + description: Foo is an example field of OBClusterRestore. Edit obclusterrestore_types.go + to remove/update + type: string + type: object + status: + description: OBClusterRestoreStatus defines the observed state of OBClusterRestore + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obclusters.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBCluster + listKind: OBClusterList + plural: obclusters + singular: obcluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBCluster is the Schema for the obclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBClusterSpec defines the desired state of OBCluster + properties: + backupVolume: + properties: + volume: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user + name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is the + key and content is the value. If specified, the listed + keys will be projected into the specified paths, and + unlisted keys will not be present. If a key is specified + which is not present in the ConfigMap, the volume setup + will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which + means to use the node''s default medium. Must be an + empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum usage + on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of + memory limits of all containers in a pod. The default + is nil which means that the limit is undefined. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot + or capacity tracking are needed, c) the storage driver is + specified through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on the connection + between this volume type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. \n Use CSI for light-weight local + ephemeral volumes if the CSI driver is meant to be used + that way - see the documentation of the driver for more + information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of + the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid using + an unrelated volume by mistake. Starting the pod is + then blocked until the unrelated PVC is removed. If + such a pre-created PVC is meant to be used by the pod, + the PVC has to updated with an owner reference to the + pod once the pod exists. Normally this should not be + necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no + changes will be made by Kubernetes to the PVC after + it has been created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No + other fields are allowed and will be rejected during + validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The same + fields as in a PersistentVolumeClaim are also valid + here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default filesystem + depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if + no secret object is specified. If the secret object + contains more than one secret, all secrets are passed + to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, + the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that + uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The + Portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and + unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this + setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. + YAML accepts both octal and decimal + values, JSON requires decimal values + for mode bits. If not specified, the + volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is + no group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is + rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is + admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair + in the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in + the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + required: + - volume + type: object + clusterId: + format: int64 + type: integer + clusterName: + type: string + monitor: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + required: + - image + type: object + observer: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + storage: + properties: + dataStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + logStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + redoLogStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + required: + - dataStorage + - logStorage + - redoLogStorage + type: object + required: + - image + - resource + - storage + type: object + parameters: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + topology: + items: + properties: + nodeSelector: + additionalProperties: + type: string + type: object + replica: + type: integer + zone: + type: string + required: + - replica + - zone + type: object + type: array + userSecrets: + properties: + monitor: + type: string + operator: + type: string + proxyro: + type: string + root: + type: string + required: + - monitor + - proxyro + - root + type: object + required: + - clusterName + - observer + - topology + - userSecrets + type: object + status: + description: OBClusterStatus defines the observed state of OBCluster + properties: + image: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + obzones: + items: + properties: + status: + type: string + zone: + type: string + required: + - status + - zone + type: object + type: array + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + parameters: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + status: + type: string + required: + - image + - obzones + - parameters + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obparameters.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBParameter + listKind: OBParameterList + plural: obparameters + singular: obparameter + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBParameter is the Schema for the obparameters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBParameterSpec defines the desired state of OBParameter + properties: + clusterId: + format: int64 + type: integer + clusterName: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + parameter: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + required: + - clusterName + - parameter + type: object + status: + description: OBParameterStatus defines the observed state of OBParameter + properties: + operationContext: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + parameter: + items: + properties: + name: + type: string + server: + type: string + value: + type: string + zone: + type: string + required: + - name + - server + - value + - zone + type: object + type: array + status: + type: string + required: + - parameter + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: observers.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBServer + listKind: OBServerList + plural: observers + singular: observer + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBServer is the Schema for the observers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBServerSpec defines the desired state of OBServer + properties: + backupVolume: + properties: + volume: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user + name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is the + key and content is the value. If specified, the listed + keys will be projected into the specified paths, and + unlisted keys will not be present. If a key is specified + which is not present in the ConfigMap, the volume setup + will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which + means to use the node''s default medium. Must be an + empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum usage + on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of + memory limits of all containers in a pod. The default + is nil which means that the limit is undefined. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot + or capacity tracking are needed, c) the storage driver is + specified through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on the connection + between this volume type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. \n Use CSI for light-weight local + ephemeral volumes if the CSI driver is meant to be used + that way - see the documentation of the driver for more + information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of + the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid using + an unrelated volume by mistake. Starting the pod is + then blocked until the unrelated PVC is removed. If + such a pre-created PVC is meant to be used by the pod, + the PVC has to updated with an owner reference to the + pod once the pod exists. Normally this should not be + necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no + changes will be made by Kubernetes to the PVC after + it has been created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No + other fields are allowed and will be rejected during + validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The same + fields as in a PersistentVolumeClaim are also valid + here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default filesystem + depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if + no secret object is specified. If the secret object + contains more than one secret, all secrets are passed + to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, + the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that + uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The + Portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and + unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this + setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. + YAML accepts both octal and decimal + values, JSON requires decimal values + for mode bits. If not specified, the + volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is + no group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is + rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is + admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair + in the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in + the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + required: + - volume + type: object + clusterId: + format: int64 + type: integer + clusterName: + type: string + monitorTemplate: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + required: + - image + type: object + nodeSelector: + additionalProperties: + type: string + type: object + observerTemplate: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + storage: + properties: + dataStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + logStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + redoLogStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + required: + - dataStorage + - logStorage + - redoLogStorage + type: object + required: + - image + - resource + - storage + type: object + zone: + type: string + required: + - clusterName + - observerTemplate + - zone + type: object + status: + description: OBServerStatus defines the observed state of OBServer + properties: + cni: + type: string + image: + type: string + nodeIp: + type: string + obStatus: + type: string + operationContext: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + podIp: + type: string + podPhase: + description: PodPhase is a label for the condition of a pod at the + current time. + type: string + ready: + type: boolean + startServiceTime: + format: int64 + type: integer + status: + type: string + required: + - image + - nodeIp + - podIp + - podPhase + - ready + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obtenantbackuppolicies.oceanbase.oceanbase.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: oceanbase-webhook-service + namespace: {{ .Release.Namespace }} + path: /convert + conversionReviewVersions: + - v1 + group: oceanbase.oceanbase.com + names: + kind: OBTenantBackupPolicy + listKind: OBTenantBackupPolicyList + plural: obtenantbackuppolicies + singular: obtenantbackuppolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .spec.tenantName + name: TenantName + type: string + - jsonPath: .status.nextFull + name: NextFull + type: string + - jsonPath: .status.nextIncremental + name: NextIncremental + type: string + - jsonPath: .spec.dataBackup.fullCrontab + name: FullCrontab + type: string + - jsonPath: .spec.dataBackup.incrementalCrontab + name: IncrementalCrontab + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OBTenantBackupPolicy is the Schema for the obtenantbackuppolicies + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBTenantBackupPolicySpec defines the desired state of OBTenantBackupPolicy + properties: + dataBackup: + description: DataBackupConfig contains the configuration for data + backup progress + properties: + destination: + properties: + path: + type: string + type: + type: string + type: object + fullCrontab: + type: string + incrementalCrontab: + type: string + required: + - destination + type: object + dataClean: + properties: + disabled: + type: string + name: + type: string + recoveryWindow: + type: string + type: object + jobKeepWindow: + type: string + logArchive: + description: LogArchiveConfig contains the configuration for log archive + progress + properties: + binding: + type: string + concurrency: + type: integer + destDisabled: + type: boolean + destination: + properties: + path: + type: string + type: + type: string + type: object + switchPieceInterval: + type: string + required: + - destination + - switchPieceInterval + type: object + obClusterName: + type: string + suspend: + type: boolean + tenantName: + type: string + tenantSecret: + type: string + required: + - dataBackup + - logArchive + - obClusterName + - tenantName + - tenantSecret + type: object + status: + description: OBTenantBackupPolicyStatus defines the observed state of + OBTenantBackupPolicy + properties: + latestArchiveLogJob: + description: OBArchiveLogJob is equal to OBArchiveLogSummary, but + match view DBA_OB_ARCHIVELOG_JOBS + properties: + base_piece_id: + format: int64 + type: integer + checkpoint_scn: + format: int64 + type: integer + checkpoint_scn_display: + type: string + comment: + type: string + compatible: + type: string + compression_ratio: + type: string + deleted_input_bytes: + format: int64 + type: integer + deleted_input_bytes_display: + type: string + deleted_output_bytes: + format: int64 + type: integer + deleted_output_bytes_display: + type: string + dest_id: + format: int64 + type: integer + dest_no: + format: int64 + type: integer + input_bytes: + format: int64 + type: integer + input_bytes_display: + type: string + output_bytes: + format: int64 + type: integer + output_bytes_display: + type: string + path: + type: string + piece_switch_interval: + type: string + round_id: + format: int64 + type: integer + start_scn: + format: int64 + type: integer + start_scn_display: + type: string + status: + type: string + tenant_id: + format: int64 + type: integer + used_piece_id: + format: int64 + type: integer + required: + - base_piece_id + - checkpoint_scn + - checkpoint_scn_display + - comment + - compatible + - compression_ratio + - deleted_input_bytes + - deleted_input_bytes_display + - deleted_output_bytes + - deleted_output_bytes_display + - dest_id + - dest_no + - input_bytes + - input_bytes_display + - output_bytes + - output_bytes_display + - path + - piece_switch_interval + - round_id + - start_scn + - start_scn_display + - status + - tenant_id + - used_piece_id + type: object + latestBackupCleanJob: + description: OBBackupCleanJob matches view DBA_OB_BACKUP_DELETE_JOBS + & DBA_OB_BACKUP_DELETE_JOB_HISTORY + properties: + comment: + type: string + end_timestamp: + type: string + executor_tenant_id: + format: int64 + type: integer + job_id: + format: int64 + type: integer + job_level: + type: string + parameter: + type: string + result: + type: string + start_timestamp: + type: string + status: + type: string + success_task_count: + format: int64 + type: integer + task_count: + format: int64 + type: integer + tenant_id: + format: int64 + type: integer + type: + type: string + required: + - comment + - executor_tenant_id + - job_id + - job_level + - parameter + - result + - start_timestamp + - status + - success_task_count + - task_count + - tenant_id + - type + type: object + latestFullBackupJob: + description: OBBackupJob matches view DBA_OB_BACKUP_JOBS & DBA_OB_BACKUP_JOB_HISTORY + properties: + backup_set_id: + format: int64 + type: integer + backup_type: + type: string + comment: + type: string + encryption_mode: + type: string + end_timestamp: + type: string + executor_tenant_id: + format: int64 + type: integer + job_id: + format: int64 + type: integer + job_level: + type: string + passwd: + type: string + plus_archivelog: + type: string + result: + type: string + start_timestamp: + type: string + status: + type: string + tenant_id: + format: int64 + type: integer + required: + - backup_set_id + - backup_type + - comment + - encryption_mode + - executor_tenant_id + - job_id + - job_level + - passwd + - plus_archivelog + - result + - start_timestamp + - status + - tenant_id + type: object + latestIncrementalJob: + description: OBBackupJob matches view DBA_OB_BACKUP_JOBS & DBA_OB_BACKUP_JOB_HISTORY + properties: + backup_set_id: + format: int64 + type: integer + backup_type: + type: string + comment: + type: string + encryption_mode: + type: string + end_timestamp: + type: string + executor_tenant_id: + format: int64 + type: integer + job_id: + format: int64 + type: integer + job_level: + type: string + passwd: + type: string + plus_archivelog: + type: string + result: + type: string + start_timestamp: + type: string + status: + type: string + tenant_id: + format: int64 + type: integer + required: + - backup_set_id + - backup_type + - comment + - encryption_mode + - executor_tenant_id + - job_id + - job_level + - passwd + - plus_archivelog + - result + - start_timestamp + - status + - tenant_id + type: object + nextFull: + type: string + nextIncremental: + type: string + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + status: + type: string + tenantInfo: + description: OBTenant is the tenant model of OB system + properties: + arbitration_service_status: + type: string + compatibility_mode: + type: string + create_time: + type: string + in_recyclebin: + type: string + locality: + type: string + locked: + type: string + log_mode: + type: string + modify_time: + type: string + previous_locality: + type: string + primary_zone: + type: string + readable_scn: + format: int64 + type: integer + recovery_until_scn: + format: int64 + type: integer + replayable_scn: + format: int64 + type: integer + status: + type: string + sync_scn: + format: int64 + type: integer + tenant_id: + format: int64 + type: integer + tenant_name: + type: string + tenant_role: + type: string + tenant_type: + type: string + required: + - arbitration_service_status + - compatibility_mode + - create_time + - in_recyclebin + - locality + - locked + - log_mode + - modify_time + - previous_locality + - primary_zone + - readable_scn + - recovery_until_scn + - replayable_scn + - status + - sync_scn + - tenant_id + - tenant_name + - tenant_role + - tenant_type + type: object + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obtenantbackups.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBTenantBackup + listKind: OBTenantBackupList + plural: obtenantbackups + singular: obtenantbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .spec.tenantName + name: TenantName + type: string + - jsonPath: .spec.path + name: Path + priority: 100 + type: string + - jsonPath: .status.startedAt + name: StartedAt + type: string + - description: In ArchiveLogJob, EndedAt is CheckpointScnDisplay field, in other + jobs, EndedAt is EndTimestamp field + jsonPath: .status.endedAt + name: EndedAt + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OBTenantBackup is the Schema for the obtenantbackups API. An + instance of OBTenantBackup stands for a tenant backup job + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBTenantBackupSpec defines the desired state of OBTenantBackup + properties: + obClusterName: + type: string + path: + type: string + tenantName: + type: string + tenantSecret: + type: string + type: + description: Foo is an example field of OBTenantBackup. Edit obtenantbackup_types.go + to remove/update + type: string + required: + - obClusterName + - tenantName + - tenantSecret + - type + type: object + status: + description: OBTenantBackupStatus defines the observed state of OBTenantBackup + properties: + archiveLogJob: + description: OBArchiveLogJob is equal to OBArchiveLogSummary, but + match view DBA_OB_ARCHIVELOG_JOBS + properties: + base_piece_id: + format: int64 + type: integer + checkpoint_scn: + format: int64 + type: integer + checkpoint_scn_display: + type: string + comment: + type: string + compatible: + type: string + compression_ratio: + type: string + deleted_input_bytes: + format: int64 + type: integer + deleted_input_bytes_display: + type: string + deleted_output_bytes: + format: int64 + type: integer + deleted_output_bytes_display: + type: string + dest_id: + format: int64 + type: integer + dest_no: + format: int64 + type: integer + input_bytes: + format: int64 + type: integer + input_bytes_display: + type: string + output_bytes: + format: int64 + type: integer + output_bytes_display: + type: string + path: + type: string + piece_switch_interval: + type: string + round_id: + format: int64 + type: integer + start_scn: + format: int64 + type: integer + start_scn_display: + type: string + status: + type: string + tenant_id: + format: int64 + type: integer + used_piece_id: + format: int64 + type: integer + required: + - base_piece_id + - checkpoint_scn + - checkpoint_scn_display + - comment + - compatible + - compression_ratio + - deleted_input_bytes + - deleted_input_bytes_display + - deleted_output_bytes + - deleted_output_bytes_display + - dest_id + - dest_no + - input_bytes + - input_bytes_display + - output_bytes + - output_bytes_display + - path + - piece_switch_interval + - round_id + - start_scn + - start_scn_display + - status + - tenant_id + - used_piece_id + type: object + backupJob: + description: OBBackupJob matches view DBA_OB_BACKUP_JOBS & DBA_OB_BACKUP_JOB_HISTORY + properties: + backup_set_id: + format: int64 + type: integer + backup_type: + type: string + comment: + type: string + encryption_mode: + type: string + end_timestamp: + type: string + executor_tenant_id: + format: int64 + type: integer + job_id: + format: int64 + type: integer + job_level: + type: string + passwd: + type: string + plus_archivelog: + type: string + result: + type: string + start_timestamp: + type: string + status: + type: string + tenant_id: + format: int64 + type: integer + required: + - backup_set_id + - backup_type + - comment + - encryption_mode + - executor_tenant_id + - job_id + - job_level + - passwd + - plus_archivelog + - result + - start_timestamp + - status + - tenant_id + type: object + dataCleanJob: + description: OBBackupCleanJob matches view DBA_OB_BACKUP_DELETE_JOBS + & DBA_OB_BACKUP_DELETE_JOB_HISTORY + properties: + comment: + type: string + end_timestamp: + type: string + executor_tenant_id: + format: int64 + type: integer + job_id: + format: int64 + type: integer + job_level: + type: string + parameter: + type: string + result: + type: string + start_timestamp: + type: string + status: + type: string + success_task_count: + format: int64 + type: integer + task_count: + format: int64 + type: integer + tenant_id: + format: int64 + type: integer + type: + type: string + required: + - comment + - executor_tenant_id + - job_id + - job_level + - parameter + - result + - start_timestamp + - status + - success_task_count + - task_count + - tenant_id + - type + type: object + endedAt: + type: string + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + progress: + type: string + startedAt: + type: string + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obtenantrestores.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBTenantRestore + listKind: OBTenantRestoreList + plural: obtenantrestores + singular: obtenantrestore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBTenantRestore is the Schema for the obtenantrestores API An + instance of OBTenantRestore stands for a tenant restore job + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBTenantRestoreSpec defines the desired state of OBTenantRestore + properties: + obClusterName: + type: string + restoreTenantName: + type: string + sourceUri: + type: string + type: + type: string + until: + type: string + required: + - obClusterName + - restoreTenantName + - sourceUri + - type + type: object + status: + description: OBTenantRestoreStatus defines the observed state of OBTenantRestore + properties: + jobStatus: + description: JobStatus represents the current state of a Job. + properties: + active: + description: The number of pending and running pods. + format: int32 + type: integer + completedIndexes: + description: completedIndexes holds the completed indexes when + .spec.completionMode = "Indexed" in a text format. The indexes + are represented as decimal integers separated by commas. The + numbers are listed in increasing order. Three or more consecutive + numbers are compressed and represented by the first and last + element of the series, separated by a hyphen. For example, if + the completed indexes are 1, 3, 4, 5 and 7, they are represented + as "1,3-5,7". + type: string + completionTime: + description: Represents time when the job was completed. It is + not guaranteed to be set in happens-before order across separate + operations. It is represented in RFC3339 form and is in UTC. + The completion time is only set when the job finishes successfully. + format: date-time + type: string + conditions: + description: 'The latest available observations of an object''s + current state. When a Job fails, one of the conditions will + have type "Failed" and status true. When a Job is suspended, + one of the conditions will have type "Suspended" and status + true; when the Job is resumed, the status of this condition + will become false. When a Job is completed, one of the conditions + will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + items: + description: JobCondition describes current state of a job. + properties: + lastProbeTime: + description: Last time the condition was checked. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transit from one status + to another. + format: date-time + type: string + message: + description: Human readable message indicating details about + last transition. + type: string + reason: + description: (brief) reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of job condition, Complete or Failed. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + ready: + description: "The number of pods which have a Ready condition. + \n This field is beta-level. The job controller populates the + field when the feature gate JobReadyPods is enabled (enabled + by default)." + format: int32 + type: integer + startTime: + description: Represents time when the job controller started processing + a job. When a Job is created in the suspended state, this field + is not set until the first time it is resumed. This field is + reset every time a Job is resumed from suspension. It is represented + in RFC3339 form and is in UTC. + format: date-time + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + uncountedTerminatedPods: + description: "uncountedTerminatedPods holds the UIDs of Pods that + have terminated but the job controller hasn't yet accounted + for in the status counters. \n The job controller creates pods + with a finalizer. When a pod terminates (succeeded or failed), + the controller does three steps to account for it in the job + status: \n 1. Add the pod UID to the arrays in this field. 2. + Remove the pod finalizer. 3. Remove the pod UID from the arrays + while increasing the corresponding counter. \n Old jobs might + not be tracked using this field, in which case the field remains + null." + properties: + failed: + description: failed holds UIDs of failed Pods. + items: + description: UID is a type that holds unique ID values, + including UUIDs. Because we don't ONLY use UUIDs, this + is an alias to string. Being a type captures intent and + helps make sure that UIDs and names do not get conflated. + type: string + type: array + x-kubernetes-list-type: set + succeeded: + description: succeeded holds UIDs of succeeded Pods. + items: + description: UID is a type that holds unique ID values, + including UUIDs. Because we don't ONLY use UUIDs, this + is an alias to string. Being a type captures intent and + helps make sure that UIDs and names do not get conflated. + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + progress: + type: string + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + required: + - jobStatus + - progress + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obtenants.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBTenant + listKind: OBTenantList + plural: obtenants + singular: obtenant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: status + type: string + - jsonPath: .spec.clusterName + name: clusterName + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.tenantRecordInfo.locality + name: locality + priority: 1 + type: string + - jsonPath: .status.tenantRecordInfo.primaryZone + name: primaryZone + priority: 1 + type: string + - jsonPath: .status.tenantRecordInfo.poolList + name: poolList + priority: 1 + type: string + - jsonPath: .status.tenantRecordInfo.charset + name: charset + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OBTenant is the Schema for the obtenants API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBTenantSpec defines the desired state of OBTenant + properties: + charset: + default: utf8mb4 + type: string + collate: + type: string + connectWhiteList: + default: '%' + type: string + forceDelete: + default: false + type: boolean + obcluster: + type: string + pools: + items: + properties: + priority: + default: 1 + type: integer + resource: + description: TODO Split UnitConfig struct to SpecUnitConfig + and StatusUnitConfig + properties: + iopsWeight: + type: integer + logDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxCPU: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxIops: + type: integer + memorySize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minCPU: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minIops: + type: integer + required: + - maxCPU + - memorySize + type: object + type: + description: TODO Split LocalityType struct to SpecLocalityType + and StatusLocalityType + properties: + isActive: + description: TODO move isActive to ResourcePoolSpec And + ResourcePoolStatus + type: boolean + name: + type: string + replica: + type: integer + required: + - isActive + - name + - replica + type: object + zone: + type: string + required: + - resource + - zone + type: object + type: array + tenantName: + type: string + unitNum: + type: integer + required: + - obcluster + - pools + - tenantName + - unitNum + type: object + status: + description: OBTenantStatus defines the observed state of OBTenant + properties: + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + resourcePool: + items: + properties: + priority: + type: integer + type: + description: TODO Split LocalityType struct to SpecLocalityType + and StatusLocalityType + properties: + isActive: + description: TODO move isActive to ResourcePoolSpec And + ResourcePoolStatus + type: boolean + name: + type: string + replica: + type: integer + required: + - isActive + - name + - replica + type: object + unitConfig: + description: TODO Split UnitConfig struct to SpecUnitConfig + and StatusUnitConfig + properties: + iopsWeight: + type: integer + logDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxCPU: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxIops: + type: integer + memorySize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minCPU: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minIops: + type: integer + required: + - maxCPU + - memorySize + type: object + unitNum: + type: integer + units: + items: + properties: + migrate: + properties: + serverIP: + type: string + serverPort: + type: integer + required: + - serverIP + - serverPort + type: object + serverIP: + type: string + serverPort: + type: integer + status: + type: string + unitId: + type: integer + required: + - migrate + - serverIP + - serverPort + - status + - unitId + type: object + type: array + zoneList: + type: string + required: + - type + - unitConfig + - unitNum + - units + - zoneList + type: object + type: array + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + tenantRecordInfo: + properties: + charset: + type: string + collate: + type: string + connectWhiteList: + type: string + locality: + type: string + poolList: + type: string + primaryZone: + type: string + tenantID: + type: integer + unitNum: + type: integer + zoneList: + type: string + required: + - locality + - poolList + - primaryZone + - tenantID + type: object + required: + - resourcePool + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obunits.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBUnit + listKind: OBUnitList + plural: obunits + singular: obunit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBUnit is the Schema for the obunits API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBUnitSpec defines the desired state of OBUnit + properties: + foo: + description: Foo is an example field of OBUnit. Edit obunit_types.go + to remove/update + type: string + type: object + status: + description: OBUnitStatus defines the observed state of OBUnit + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: obzones.oceanbase.oceanbase.com +spec: + group: oceanbase.oceanbase.com + names: + kind: OBZone + listKind: OBZoneList + plural: obzones + singular: obzone + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OBZone is the Schema for the obzones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OBZoneSpec defines the desired state of OBZone + properties: + backupVolume: + properties: + volume: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user + name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is the + key and content is the value. If specified, the listed + keys will be projected into the specified paths, and + unlisted keys will not be present. If a key is specified + which is not present in the ConfigMap, the volume setup + will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which + means to use the node''s default medium. Must be an + empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum usage + on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of + memory limits of all containers in a pod. The default + is nil which means that the limit is undefined. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot + or capacity tracking are needed, c) the storage driver is + specified through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on the connection + between this volume type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. \n Use CSI for light-weight local + ephemeral volumes if the CSI driver is meant to be used + that way - see the documentation of the driver for more + information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of + the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid using + an unrelated volume by mistake. Starting the pod is + then blocked until the unrelated PVC is removed. If + such a pre-created PVC is meant to be used by the pod, + the PVC has to updated with an owner reference to the + pod once the pod exists. Normally this should not be + necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no + changes will be made by Kubernetes to the PVC after + it has been created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No + other fields are allowed and will be rejected during + validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The same + fields as in a PersistentVolumeClaim are also valid + here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default filesystem + depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if + no secret object is specified. If the secret object + contains more than one secret, all secrets are passed + to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, + the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that + uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The + Portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and + unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this + setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. + YAML accepts both octal and decimal + values, JSON requires decimal values + for mode bits. If not specified, the + volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is + no group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to + serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is + rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is + admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair + in the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in + the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + required: + - volume + type: object + clusterId: + format: int64 + type: integer + clusterName: + type: string + monitorTemplate: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + required: + - image + type: object + observerTemplate: + properties: + image: + type: string + resource: + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - cpu + - memory + type: object + storage: + properties: + dataStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + logStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + redoLogStorage: + properties: + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - size + - storageClass + type: object + required: + - dataStorage + - logStorage + - redoLogStorage + type: object + required: + - image + - resource + - storage + type: object + topology: + properties: + nodeSelector: + additionalProperties: + type: string + type: object + replica: + type: integer + zone: + type: string + required: + - replica + - zone + type: object + required: + - clusterName + - observerTemplate + - topology + type: object + status: + description: OBZoneStatus defines the observed state of OBZone + properties: + image: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + observers: + items: + properties: + server: + type: string + status: + type: string + required: + - server + - status + type: object + type: array + operationContext: + properties: + failureRule: + properties: + failureStatus: + type: string + failureStrategy: + type: string + required: + - failureStatus + - failureStrategy + type: object + idx: + type: integer + name: + type: string + targetStatus: + type: string + task: + type: string + taskId: + type: string + taskStatus: + type: string + tasks: + items: + type: string + type: array + required: + - idx + - name + - targetStatus + - task + - taskId + - taskStatus + - tasks + type: object + status: + type: string + required: + - image + - observers + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-controller-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-leader-election-role + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: oceanbase-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs/finalizers + verbs: + - update +- apiGroups: + - batch + resources: + - jobs/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterbackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterbackups/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterbackups/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterrestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterrestores/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusterrestores/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusters/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obparameters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obparameters/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obparameters/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - observers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - observers/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - observers/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackup + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackup/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackuppolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackuppolicies/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackuppolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackups/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantbackups/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantrestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantrestores/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenantrestores/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenants + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenants/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obtenants/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obunits + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obunits/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obunits/status + verbs: + - get + - patch + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obzones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obzones/finalizers + verbs: + - update +- apiGroups: + - oceanbase.oceanbase.com + resources: + - obzones/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: proxy-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-leader-election-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: oceanbase-leader-election-role +subjects: +- kind: ServiceAccount + name: oceanbase-controller-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: oceanbase-manager-role +subjects: +- kind: ServiceAccount + name: oceanbase-controller-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: proxy-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: oceanbase-proxy-role +subjects: +- kind: ServiceAccount + name: oceanbase-controller-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: ob-operator-generate + control-plane: controller-manager + name: oceanbase-controller-manager-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-webhook-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: ob-operator-generate + control-plane: controller-manager + name: oceanbase-controller-manager + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --manager-namespace={{ .Release.Namespace }} + command: + - /manager + image: oceanbase/ob-operator:2.0.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: oceanbase-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-serving-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - oceanbase-webhook-service.{{ .Release.Namespace }}.svc + - oceanbase-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: oceanbase-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-selfsigned-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: mutating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mutatingwebhookconfiguration + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: oceanbase-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-oceanbase-oceanbase-com-v1alpha1-obtenantbackuppolicy + failurePolicy: Fail + name: mobtenantbackuppolicy.kb.io + rules: + - apiGroups: + - oceanbase.oceanbase.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - obtenantbackuppolicies + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/oceanbase-serving-cert + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: ob-operator-generate + app.kubernetes.io/instance: validating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: validatingwebhookconfiguration + app.kubernetes.io/part-of: ob-operator-generate + name: oceanbase-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: oceanbase-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-oceanbase-oceanbase-com-v1alpha1-obtenantbackuppolicy + failurePolicy: Fail + name: vobtenantbackuppolicy.kb.io + rules: + - apiGroups: + - oceanbase.oceanbase.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - obtenantbackuppolicies + sideEffects: None diff --git a/charts/ob-operator/values.yaml b/charts/ob-operator/values.yaml new file mode 100644 index 000000000..1cb6aa267 --- /dev/null +++ b/charts/ob-operator/values.yaml @@ -0,0 +1,4 @@ +# Default values for ob-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + diff --git a/cmd/main.go b/cmd/main.go index d8bdc5049..9d8e14bfa 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -144,14 +144,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "OBUnit") os.Exit(1) } - if err = (&controller.OBClusterBackupReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor(config.OBClusterBackupControllerName), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "OBClusterBackup") - os.Exit(1) - } if err = (&controller.OBTenantBackupReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(), @@ -160,14 +152,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "OBTenantBackup") os.Exit(1) } - if err = (&controller.OBClusterRestoreReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor(config.OBClusterRestoreControllerName), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "OBClusterRestore") - os.Exit(1) - } if err = (&controller.OBTenantRestoreReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(), diff --git a/config/crd/bases/oceanbase.oceanbase.com_obclusters.yaml b/config/crd/bases/oceanbase.oceanbase.com_obclusters.yaml index a922bc1c7..f0920e321 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obclusters.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obclusters.yaml @@ -1658,28 +1658,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observer: properties: diff --git a/config/crd/bases/oceanbase.oceanbase.com_observers.yaml b/config/crd/bases/oceanbase.oceanbase.com_observers.yaml index 20b0c1bea..c4d498934 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_observers.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_observers.yaml @@ -1664,28 +1664,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object nodeSelector: additionalProperties: diff --git a/config/crd/bases/oceanbase.oceanbase.com_obtenantbackuppolicies.yaml b/config/crd/bases/oceanbase.oceanbase.com_obtenantbackuppolicies.yaml index 67cf04c3f..b7a7c0deb 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obtenantbackuppolicies.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obtenantbackuppolicies.yaml @@ -125,6 +125,8 @@ spec: type: string suspend: type: boolean + tenantCRName: + type: string tenantName: type: string tenantSecret: @@ -133,7 +135,6 @@ spec: - dataBackup - logArchive - obClusterName - - tenantName type: object status: description: OBTenantBackupPolicyStatus defines the observed state of @@ -561,6 +562,8 @@ spec: type: boolean description: type: string + replayEnabled: + type: boolean replayLogUntil: properties: scn: @@ -939,7 +942,7 @@ spec: type: string create_time: type: string - gmt_create_time: + gmt_create: type: string in_recyclebin: type: string @@ -990,7 +993,6 @@ spec: - arbitration_service_status - compatibility_mode - create_time - - gmt_create_time - in_recyclebin - locality - locked @@ -1002,14 +1004,11 @@ spec: - recovery_until_scn - replayable_scn - status - - switchover_epoch - - switchover_status - sync_scn - tenant_id - tenant_name - tenant_role - tenant_type - - unit_num type: object required: - status diff --git a/config/crd/bases/oceanbase.oceanbase.com_obtenantoperations.yaml b/config/crd/bases/oceanbase.oceanbase.com_obtenantoperations.yaml index 8930584e6..1ed7b83c9 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obtenantoperations.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obtenantoperations.yaml @@ -267,6 +267,8 @@ spec: type: boolean description: type: string + replayEnabled: + type: boolean replayLogUntil: properties: scn: @@ -777,6 +779,8 @@ spec: type: boolean description: type: string + replayEnabled: + type: boolean replayLogUntil: properties: scn: diff --git a/config/crd/bases/oceanbase.oceanbase.com_obtenantrestores.yaml b/config/crd/bases/oceanbase.oceanbase.com_obtenantrestores.yaml index d3ca330cb..d7ce1554b 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obtenantrestores.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obtenantrestores.yaml @@ -90,6 +90,8 @@ spec: type: boolean description: type: string + replayEnabled: + type: boolean replayLogUntil: properties: scn: diff --git a/config/crd/bases/oceanbase.oceanbase.com_obtenants.yaml b/config/crd/bases/oceanbase.oceanbase.com_obtenants.yaml index 67e83bab3..9999190a8 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obtenants.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obtenants.yaml @@ -187,6 +187,8 @@ spec: type: boolean description: type: string + replayEnabled: + type: boolean replayLogUntil: properties: scn: diff --git a/config/crd/bases/oceanbase.oceanbase.com_obzones.yaml b/config/crd/bases/oceanbase.oceanbase.com_obzones.yaml index dcba02be3..fedc43216 100644 --- a/config/crd/bases/oceanbase.oceanbase.com_obzones.yaml +++ b/config/crd/bases/oceanbase.oceanbase.com_obzones.yaml @@ -1651,28 +1651,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observerTemplate: properties: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 7d3d6f7d7..04b5185ee 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: oceanbasedev/ob-operator + newName: oceanbase/ob-operator newTag: 2.0.0 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 182b1a83e..6c1454a2b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -155,58 +155,6 @@ rules: - get - patch - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups/finalizers - verbs: - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups/status - verbs: - - get - - patch - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores/finalizers - verbs: - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores/status - verbs: - - get - - patch - - update - apiGroups: - oceanbase.oceanbase.com resources: diff --git a/deploy/backup_policy.yaml b/deploy/backup_policy.yaml index 0205536c4..5b421e4f4 100644 --- a/deploy/backup_policy.yaml +++ b/deploy/backup_policy.yaml @@ -20,7 +20,7 @@ spec: logArchive: destination: type: "NFS" - path: "t1/log_archive_custom" + path: "t1/log_archive_custom_1019" switchPieceInterval: "1d" dataBackup: destination: diff --git a/deploy/crd.yaml b/deploy/crd.yaml index 7180747aa..80e6f8bf9 100644 --- a/deploy/crd.yaml +++ b/deploy/crd.yaml @@ -1755,28 +1755,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observer: properties: @@ -3780,28 +3760,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object nodeSelector: additionalProperties: @@ -4051,7 +4011,11 @@ spec: type: string type: type: string + required: + - path type: object + encryptionSecret: + type: string fullCrontab: type: string incrementalCrontab: @@ -4088,6 +4052,8 @@ spec: type: string type: type: string + required: + - path type: object switchPieceInterval: type: string @@ -4099,6 +4065,8 @@ spec: type: string suspend: type: boolean + tenantCRName: + type: string tenantName: type: string tenantSecret: @@ -4107,7 +4075,6 @@ spec: - dataBackup - logArchive - obClusterName - - tenantName type: object status: description: OBTenantBackupPolicyStatus defines the observed state of @@ -4515,6 +4482,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -4524,7 +4493,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -4958,7 +4931,6 @@ spec: - arbitration_service_status - compatibility_mode - create_time - - gmt_create_time - in_recyclebin - locality - locked @@ -4970,14 +4942,11 @@ spec: - recovery_until_scn - replayable_scn - status - - switchover_epoch - - switchover_status - sync_scn - tenant_id - tenant_name - tenant_role - tenant_type - - unit_num type: object required: - status @@ -5046,6 +5015,8 @@ spec: spec: description: OBTenantBackupSpec defines the desired state of OBTenantBackup properties: + encryptionSecret: + type: string obClusterName: type: string path: @@ -5055,8 +5026,6 @@ spec: tenantSecret: type: string type: - description: Foo is an example field of OBTenantBackup. Edit obtenantbackup_types.go - to remove/update type: string required: - obClusterName @@ -5571,6 +5540,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -5580,7 +5551,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6075,6 +6050,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6084,7 +6061,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6543,6 +6524,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6552,7 +6535,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6914,6 +6901,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6923,7 +6912,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -9003,28 +8996,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observerTemplate: properties: diff --git a/deploy/obcluster.yaml b/deploy/obcluster.yaml index 2250d79d0..a5034e0d9 100644 --- a/deploy/obcluster.yaml +++ b/deploy/obcluster.yaml @@ -19,7 +19,7 @@ spec: - zone: zone3 replica: 1 observer: - image: oceanbasedev/oceanbase-cn:4.2.0.0-test + image: oceanbase/oceanbase-cloud-native:4.2.0.0-101000032023091319 resource: cpu: 2 memory: 10Gi @@ -34,21 +34,17 @@ spec: storageClass: local-path size: 20Gi monitor: - image: oceanbasedev/obagent:1.2.1-snapshot + image: oceanbase/obagent:4.2.0-100000062023080210 resource: cpu: 1 memory: 1Gi - storage: - configStorage: - storageClass: local-path - size: 1Gi parameters: - name: system_memory value: 2G - backupVolume: - volume: - name: backup - nfs: - server: 11.124.9.57 - path: /opt/nfs - readOnly: false + # backupVolume: + # volume: + # name: backup + # nfs: + # server: 1.1.1.1 + # path: /opt/nfs + # readOnly: false diff --git a/deploy/operator.yaml b/deploy/operator.yaml index ba2443484..09b62a45b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1771,28 +1771,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observer: properties: @@ -3798,28 +3778,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object nodeSelector: additionalProperties: @@ -4069,7 +4029,11 @@ spec: type: string type: type: string + required: + - path type: object + encryptionSecret: + type: string fullCrontab: type: string incrementalCrontab: @@ -4106,6 +4070,8 @@ spec: type: string type: type: string + required: + - path type: object switchPieceInterval: type: string @@ -4117,6 +4083,8 @@ spec: type: string suspend: type: boolean + tenantCRName: + type: string tenantName: type: string tenantSecret: @@ -4125,7 +4093,6 @@ spec: - dataBackup - logArchive - obClusterName - - tenantName type: object status: description: OBTenantBackupPolicyStatus defines the observed state of @@ -4533,6 +4500,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -4542,7 +4511,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -4976,7 +4949,6 @@ spec: - arbitration_service_status - compatibility_mode - create_time - - gmt_create_time - in_recyclebin - locality - locked @@ -4988,14 +4960,11 @@ spec: - recovery_until_scn - replayable_scn - status - - switchover_epoch - - switchover_status - sync_scn - tenant_id - tenant_name - tenant_role - tenant_type - - unit_num type: object required: - status @@ -5065,6 +5034,8 @@ spec: spec: description: OBTenantBackupSpec defines the desired state of OBTenantBackup properties: + encryptionSecret: + type: string obClusterName: type: string path: @@ -5074,8 +5045,6 @@ spec: tenantSecret: type: string type: - description: Foo is an example field of OBTenantBackup. Edit obtenantbackup_types.go - to remove/update type: string required: - obClusterName @@ -5590,6 +5559,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -5599,7 +5570,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6094,6 +6069,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6103,7 +6080,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6563,6 +6544,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6572,7 +6555,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -6934,6 +6921,8 @@ spec: type: string type: type: string + required: + - path type: object bakDataSource: properties: @@ -6943,7 +6932,11 @@ spec: type: string type: type: string + required: + - path type: object + bakEncryptionSecret: + type: string cancel: type: boolean description: @@ -9025,28 +9018,8 @@ spec: - cpu - memory type: object - storage: - properties: - configStorage: - properties: - size: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - type: string - required: - - size - - storageClass - type: object - required: - - configStorage - type: object required: - image - - storage type: object observerTemplate: properties: @@ -9427,58 +9400,6 @@ rules: - get - patch - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups/finalizers - verbs: - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterbackups/status - verbs: - - get - - patch - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores/finalizers - verbs: - - update -- apiGroups: - - oceanbase.oceanbase.com - resources: - - obclusterrestores/status - verbs: - - get - - patch - - update - apiGroups: - oceanbase.oceanbase.com resources: @@ -9994,7 +9915,7 @@ spec: - --manager-namespace=oceanbase-system command: - /manager - image: oceanbasedev/ob-operator:2.0.0 + image: oceanbase/ob-operator:2.0.0 livenessProbe: httpGet: path: /healthz diff --git a/deploy/tenant.yaml b/deploy/tenant.yaml index 3e8e5aa1e..d7f89fac8 100644 --- a/deploy/tenant.yaml +++ b/deploy/tenant.yaml @@ -25,8 +25,8 @@ spec: minCPU: 1 maxIops: 1024 minIops: 1024 - iopsWeight: - logDiskSize: + iopsWeight: 2 + logDiskSize: 4Gi - zone: zone2 type: name: Full diff --git a/deploy/tenant_op_activate.yaml b/deploy/tenant_op_activate.yaml index 5c3596450..5926c8e58 100644 --- a/deploy/tenant_op_activate.yaml +++ b/deploy/tenant_op_activate.yaml @@ -13,22 +13,4 @@ metadata: spec: type: "FAILOVER" failover: - standbyTenant: "t1s" -# --- -# apiVersion: oceanbase.oceanbase.com/v1alpha1 -# kind: OBTenantOperation -# metadata: -# labels: -# ref-obcluster: test -# app.kubernetes.io/name: obtenantoperation -# app.kubernetes.io/instance: op-chg-pwd-1 -# app.kubernetes.io/part-of: ob-operator -# app.kubernetes.io/managed-by: kustomize -# app.kubernetes.io/created-by: ob-operator -# name: op-chg-pwd-1 -# namespace: oceanbase -# spec: -# type: "CHANGE_PASSWORD" -# changePwd: -# tenant: "test" -# secretRef: "t1-credential-new" \ No newline at end of file + standbyTenant: "t1s" \ No newline at end of file diff --git a/deploy/tenant_op_switchover.yaml b/deploy/tenant_op_switchover.yaml index 05b37f241..851aed092 100644 --- a/deploy/tenant_op_switchover.yaml +++ b/deploy/tenant_op_switchover.yaml @@ -14,22 +14,4 @@ spec: type: "SWITCHOVER" switchover: primaryTenant: "t1" - standbyTenant: "t1ss" -# --- -# apiVersion: oceanbase.oceanbase.com/v1alpha1 -# kind: OBTenantOperation -# metadata: -# labels: -# ref-obcluster: test -# app.kubernetes.io/name: obtenantoperation -# app.kubernetes.io/instance: op-chg-pwd-1 -# app.kubernetes.io/part-of: ob-operator -# app.kubernetes.io/managed-by: kustomize -# app.kubernetes.io/created-by: ob-operator -# name: op-chg-pwd-1 -# namespace: oceanbase -# spec: -# type: "CHANGE_PASSWORD" -# changePwd: -# tenant: "test" -# secretRef: "t1-credential-new" \ No newline at end of file + standbyTenant: "t1ss" \ No newline at end of file diff --git a/deploy/tenant_op_switchover_back.yaml b/deploy/tenant_op_switchover_back.yaml deleted file mode 100644 index a1e8989a4..000000000 --- a/deploy/tenant_op_switchover_back.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: oceanbase.oceanbase.com/v1alpha1 -kind: OBTenantOperation -metadata: - labels: - ref-obcluster: test - app.kubernetes.io/name: obtenantoperation - app.kubernetes.io/instance: op-switchover-back - app.kubernetes.io/part-of: ob-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: ob-operator - name: op-switchover-back - namespace: oceanbase -spec: - type: "SWITCHOVER" - switchover: - primaryTenant: "t1ss" - standbyTenant: "t1" -# --- -# apiVersion: oceanbase.oceanbase.com/v1alpha1 -# kind: OBTenantOperation -# metadata: -# labels: -# ref-obcluster: test -# app.kubernetes.io/name: obtenantoperation -# app.kubernetes.io/instance: op-chg-pwd-1 -# app.kubernetes.io/part-of: ob-operator -# app.kubernetes.io/managed-by: kustomize -# app.kubernetes.io/created-by: ob-operator -# name: op-chg-pwd-1 -# namespace: oceanbase -# spec: -# type: "CHANGE_PASSWORD" -# changePwd: -# tenant: "test" -# secretRef: "t1-credential-new" \ No newline at end of file diff --git a/deploy/tenant_restore_wrong.yaml b/deploy/tenant_restore_wrong.yaml deleted file mode 100644 index 00c76d9f8..000000000 --- a/deploy/tenant_restore_wrong.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: oceanbase.oceanbase.com/v1alpha1 -kind: OBTenant -metadata: - name: t1s-wrong - namespace: oceanbase -spec: - obcluster: test - tenantName: t1s_wrong - unitNum: 1 - charset: utf8mb4 - connectWhiteList: '%' - forceDelete: true - tenantRole: STANDBY - credentials: - root: t1s-root - standbyRo: t1s-ro - source: - restore: - # sourceUri: "file:///ob-backup/t1/data_backup_custom1,file:///ob-backup/t1/log_archive_custom1" - archiveSource: - type: NFS - path: "t1/log_archive_custom" - bakDataSource: - type: NFS - path: "t1/data_backup_custom_enc" - until: - unlimited: true - replayLogUntil: - unlimited: true - tenant: t1 - pools: - - zone: zone1 - type: - name: Full - replica: 1 - isActive: true - resource: - maxCPU: 1000m - memorySize: 2Gi - minCPU: 1 - maxIops: 1024 - minIops: 1024 - logDiskSize: - - zone: zone2 - type: - name: Full - replica: 1 - isActive: true - resource: - maxCPU: 1000m - memorySize: 2Gi - minCPU: 1 - maxIops: 1024 - minIops: 1024 - iopsWeight: 2 - logDiskSize: 4Gi - - zone: zone3 - type: - name: Full - replica: 1 - isActive: true - priority: 3 - resource: - maxCPU: 1000m - memorySize: 2Gi - minCPU: 1 - maxIops: 1024 - minIops: 1024 - iopsWeight: 2 - logDiskSize: 4Gi diff --git a/distribution/obagent/Dockerfile b/distribution/obagent/Dockerfile new file mode 100644 index 000000000..e2ca8e39d --- /dev/null +++ b/distribution/obagent/Dockerfile @@ -0,0 +1,8 @@ +FROM openanolis/anolisos:8.4-x86_64 +ARG VERSION +WORKDIR /home/admin/obagent +RUN yum install -y http://mirrors.aliyun.com/oceanbase/community/stable/el/8/x86_64/obagent-${VERSION}.el8.x86_64.rpm +ADD replace_properties.sh /home/admin/obagent +RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime + +ENTRYPOINT [ "bash", "-c", "./replace_properties.sh && bin/ob_monagent -c conf/monagent.yaml" ] diff --git a/distribution/obagent/build.sh b/distribution/obagent/build.sh new file mode 100755 index 000000000..b2d8d61eb --- /dev/null +++ b/distribution/obagent/build.sh @@ -0,0 +1,2 @@ +#!/bin/bash + docker build -t $1:$2 --build-arg VERSION=$2 . diff --git a/distribution/obagent/replace_properties.sh b/distribution/obagent/replace_properties.sh new file mode 100755 index 000000000..a4d3d4191 --- /dev/null +++ b/distribution/obagent/replace_properties.sh @@ -0,0 +1,13 @@ +/home/admin/obagent/bin/ob_agentctl config -u \ +agent.http.basic.auth.metricAuthEnabled=false,\ +monagent.ob.monitor.user=${MONITOR_USER},\ +monagent.ob.monitor.password=${MONITOR_PASSWORD},\ +monagent.host.ip=`hostname -i`,\ +monagent.cluster.id=${CLUSTER_ID},\ +monagent.ob.cluster.name=${CLUSTER_NAME},\ +monagent.ob.cluster.id=${CLUSTER_ID},\ +monagent.ob.zone.name=${ZONE_NAME},\ +monagent.pipeline.ob.status=active,\ +monagent.pipeline.node.status=inactive,\ +monagent.second.metric.cache.update.interval=5s,\ +ocp.agent.monitor.http.port=8088 diff --git a/pkg/const/obagent/obagent.go b/pkg/const/obagent/obagent.go index 33844e5b1..a46f88973 100644 --- a/pkg/const/obagent/obagent.go +++ b/pkg/const/obagent/obagent.go @@ -28,18 +28,17 @@ const ( ) const ( - ContainerName = "obagent" - InstallPath = "/home/admin/obagent" - ConfigPath = "/home/admin/obagent/conf" - StatUrl = "/metrics/stat" - MonitorUser = "monitor" - ConfigVolumeSuffix = "monitor-conf" + ContainerName = "obagent" + InstallPath = "/home/admin/obagent" + ConfigPath = "/home/admin/obagent/conf" + StatUrl = "/metrics/stat" + MonitorUser = "monitor" ) const ( EnvClusterName = "CLUSTER_NAME" EnvClusterId = "CLUSTER_ID" - EnvZoneName = "Zone_NAME" + EnvZoneName = "ZONE_NAME" EnvMonitorUser = "MONITOR_USER" EnvMonitorPASSWORD = "MONITOR_PASSWORD" EnvOBMonitorStatus = "OB_MONITOR_STATUS" diff --git a/pkg/controller/obclusterbackup_controller.go b/pkg/controller/obclusterbackup_controller.go deleted file mode 100644 index 39a653d5e..000000000 --- a/pkg/controller/obclusterbackup_controller.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/record" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" - - v1alpha1 "github.com/oceanbase/ob-operator/api/v1alpha1" -) - -// OBClusterBackupReconciler reconciles a OBClusterBackup object -type OBClusterBackupReconciler struct { - client.Client - Scheme *runtime.Scheme - Recorder record.EventRecorder -} - -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterbackups,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterbackups/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterbackups/finalizers,verbs=update - -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obtenantbackuppolicies,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obtenantbackuppolicies/status,verbs=get;update;patch - -// Reconcile is part of the main kubernetes reconciliation loop which aims to -// move the current state of the cluster closer to the desired state. -// TODO(user): Modify the Reconcile function to compare the state specified by -// the OBClusterBackup object against the actual cluster state, and then -// perform operations to make the cluster state reflect the state specified by -// the user. -// -// For more details, check Reconcile and its Result here: -// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.4/pkg/reconcile -func (r *OBClusterBackupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - _ = req - _ = log.FromContext(ctx) - - // TODO(user): your logic here - - return ctrl.Result{}, nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *OBClusterBackupReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - For(&v1alpha1.OBClusterBackup{}). - Complete(r) -} diff --git a/pkg/controller/obclusterrestore_controller.go b/pkg/controller/obclusterrestore_controller.go deleted file mode 100644 index 432df30d5..000000000 --- a/pkg/controller/obclusterrestore_controller.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/record" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" - - v1alpha1 "github.com/oceanbase/ob-operator/api/v1alpha1" -) - -// OBClusterRestoreReconciler reconciles a OBClusterRestore object -type OBClusterRestoreReconciler struct { - client.Client - Scheme *runtime.Scheme - Recorder record.EventRecorder -} - -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterrestores,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterrestores/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=oceanbase.oceanbase.com,resources=obclusterrestores/finalizers,verbs=update - -// Reconcile is part of the main kubernetes reconciliation loop which aims to -// move the current state of the cluster closer to the desired state. -// TODO(user): Modify the Reconcile function to compare the state specified by -// the OBClusterRestore object against the actual cluster state, and then -// perform operations to make the cluster state reflect the state specified by -// the user. -// -// For more details, check Reconcile and its Result here: -// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.4/pkg/reconcile -func (r *OBClusterRestoreReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - _ = req - _ = log.FromContext(ctx) - - // TODO(user): your logic here - - return ctrl.Result{}, nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *OBClusterRestoreReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - For(&v1alpha1.OBClusterRestore{}). - Complete(r) -} diff --git a/pkg/controller/obtenantbackup_controller.go b/pkg/controller/obtenantbackup_controller.go index e4ad8f289..2162746f7 100644 --- a/pkg/controller/obtenantbackup_controller.go +++ b/pkg/controller/obtenantbackup_controller.go @@ -262,17 +262,7 @@ func (r *OBTenantBackupReconciler) getObOperationClient(ctx context.Context, job if r.con != nil { return r.con, nil } - - obtenant := &v1alpha1.OBTenant{} - err := r.Get(ctx, types.NamespacedName{ - Namespace: job.Namespace, - Name: job.Spec.TenantName, - }, obtenant) - - if err != nil { - return nil, err - } - + var err error logger := log.FromContext(ctx) obcluster := &v1alpha1.OBCluster{} err = r.Client.Get(ctx, types.NamespacedName{ @@ -282,7 +272,7 @@ func (r *OBTenantBackupReconciler) getObOperationClient(ctx context.Context, job if err != nil { return nil, errors.Wrap(err, "get obcluster") } - con, err := resource.GetTenantRootOperationClient(r.Client, &logger, obcluster, obtenant.Spec.TenantName, obtenant.Status.Credentials.Root) + con, err := resource.GetTenantRootOperationClient(r.Client, &logger, obcluster, job.Spec.TenantName, job.Spec.TenantSecret) if err != nil { return nil, errors.Wrap(err, "get oceanbase operation manager") } diff --git a/pkg/controller/suite_test.go b/pkg/controller/suite_test.go index 4acff34dd..49a27bcc6 100644 --- a/pkg/controller/suite_test.go +++ b/pkg/controller/suite_test.go @@ -131,13 +131,6 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&OBClusterBackupReconciler{ - Client: k8sManager.GetClient(), - Scheme: k8sManager.GetScheme(), - Recorder: k8sManager.GetEventRecorderFor(config.OBClusterBackupControllerName), - }).SetupWithManager(k8sManager) - Expect(err).NotTo(HaveOccurred()) - err = (&OBTenantBackupReconciler{ Client: k8sManager.GetClient(), Scheme: k8sManager.GetScheme(), @@ -145,13 +138,6 @@ var _ = BeforeSuite(func() { }).SetupWithManager(k8sManager) Expect(err).NotTo(HaveOccurred()) - err = (&OBClusterRestoreReconciler{ - Client: k8sManager.GetClient(), - Scheme: k8sManager.GetScheme(), - Recorder: k8sManager.GetEventRecorderFor(config.OBClusterRestoreControllerName), - }).SetupWithManager(k8sManager) - Expect(err).NotTo(HaveOccurred()) - err = (&OBTenantRestoreReconciler{ Client: k8sManager.GetClient(), Scheme: k8sManager.GetScheme(), diff --git a/pkg/oceanbase/model/system.go b/pkg/oceanbase/model/system.go index 6b373070c..2880475b1 100644 --- a/pkg/oceanbase/model/system.go +++ b/pkg/oceanbase/model/system.go @@ -33,10 +33,10 @@ type OBTenant struct { RecoveryUntilScn int64 `json:"recovery_until_scn" db:"recovery_until_scn"` LogMode string `json:"log_mode" db:"log_mode"` ArbitrationServiceStatus string `json:"arbitration_service_status" db:"arbitration_service_status"` - GmtCreateTime string `json:"gmt_create_time" db:"gmt_create"` - SwitchoverStatus string `json:"switchover_status" db:"switchover_status"` - SwitchoverEpoch int64 `json:"switchover_epoch" db:"switchover_epoch"` - UnitNum int64 `json:"unit_num" db:"unit_num"` + GmtCreate string `json:"gmt_create,omitempty" db:"gmt_create"` + SwitchoverStatus string `json:"switchover_status,omitempty" db:"switchover_status"` + SwitchoverEpoch int64 `json:"switchover_epoch,omitempty" db:"switchover_epoch"` + UnitNum int64 `json:"unit_num,omitempty" db:"unit_num"` } // OBUnit is the unit model of OB system diff --git a/pkg/oceanbase/model/tenant.go b/pkg/oceanbase/model/tenant.go index 4ccc97fb3..bc3e32271 100644 --- a/pkg/oceanbase/model/tenant.go +++ b/pkg/oceanbase/model/tenant.go @@ -21,7 +21,7 @@ type Tenant struct { Locality string `json:"locality" db:"locality"` PreviousLocality string `json:"previous_locality" db:"previous_locality"` Status string `json:"status" db:"status"` - GmtCreateTime string `json:"gmt_create_time" db:"gmt_create"` + GmtCreate string `json:"gmt_create" db:"gmt_create"` } type Replica struct { diff --git a/pkg/resource/coordinator.go b/pkg/resource/coordinator.go index 16956f4e2..4c264f54d 100644 --- a/pkg/resource/coordinator.go +++ b/pkg/resource/coordinator.go @@ -129,6 +129,7 @@ func (c *Coordinator) executeTaskFlow(f *task.TaskFlow) { c.Logger.Info("Task failed, back to initial status") c.Manager.HandleFailure() } + _ = c.cleanTaskResultMap(f) // Coordinate finished } diff --git a/pkg/resource/observer_task.go b/pkg/resource/observer_task.go index 94332e7d7..61241993e 100644 --- a/pkg/resource/observer_task.go +++ b/pkg/resource/observer_task.go @@ -209,22 +209,6 @@ func (m *OBServerManager) CreateOBPVC() error { return errors.Wrap(err, "Create pvc of log") } - if m.OBServer.Spec.MonitorTemplate != nil { - objectMeta = metav1.ObjectMeta{ - Name: fmt.Sprintf("%s-%s", m.OBServer.Name, obagentconst.ConfigVolumeSuffix), - Namespace: m.OBServer.Namespace, - OwnerReferences: ownerReferenceList, - Labels: m.OBServer.Labels, - } - pvc = &corev1.PersistentVolumeClaim{ - ObjectMeta: objectMeta, - Spec: m.generatePVCSpec(fmt.Sprintf("%s-%s", m.OBServer.Name, obagentconst.ConfigVolumeSuffix), m.OBServer.Spec.MonitorTemplate.Storage.ConfigStorage), - } - err = m.Client.Create(m.Ctx, pvc) - if err != nil { - return errors.Wrap(err, "Create pvc of monitor log") - } - } return nil } @@ -267,14 +251,6 @@ func (m *OBServerManager) createOBPodSpec(obcluster *v1alpha1.OBCluster) corev1. if m.OBServer.Spec.MonitorTemplate != nil { monitorContainer := m.createMonitorContainer(obcluster) containers = append(containers, monitorContainer) - - volumeMonitorConf := corev1.Volume{} - volumeMonitorConf.Name = fmt.Sprintf("%s-%s", m.OBServer.Name, obagentconst.ConfigVolumeSuffix) - volumeMonitorConfSource := &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: fmt.Sprintf("%s-%s", m.OBServer.Name, obagentconst.ConfigVolumeSuffix), - } - volumeMonitorConf.VolumeSource.PersistentVolumeClaim = volumeMonitorConfSource - volumes = append(volumes, volumeMonitorConf) } podSpec := corev1.PodSpec{ @@ -307,13 +283,6 @@ func (m *OBServerManager) createMonitorContainer(obcluster *v1alpha1.OBCluster) Limits: monagentResource, } - // volume mounts - volumeMountMonitorConf := corev1.VolumeMount{} - volumeMountMonitorConf.Name = fmt.Sprintf("%s-%s", m.OBServer.Name, obagentconst.ConfigVolumeSuffix) - volumeMountMonitorConf.MountPath = obagentconst.ConfigPath - volumeMounts := make([]corev1.VolumeMount, 0) - volumeMounts = append(volumeMounts, volumeMountMonitorConf) - readinessProbeHTTP := corev1.HTTPGetAction{} readinessProbeHTTP.Port = intstr.FromInt(obagentconst.HttpPort) readinessProbeHTTP.Path = obagentconst.StatUrl @@ -367,7 +336,6 @@ func (m *OBServerManager) createMonitorContainer(obcluster *v1alpha1.OBCluster) ImagePullPolicy: "IfNotPresent", Ports: ports, Resources: resources, - VolumeMounts: volumeMounts, ReadinessProbe: &readinessProbe, WorkingDir: obagentconst.InstallPath, Env: env, @@ -428,6 +396,7 @@ func (m *OBServerManager) createOBServerContainer() corev1.Container { readinessProbe.ProbeHandler.TCPSocket = &readinessProbeTCP readinessProbe.PeriodSeconds = oceanbaseconst.ProbeCheckPeriodSeconds readinessProbe.InitialDelaySeconds = oceanbaseconst.ProbeCheckDelaySeconds + readinessProbe.FailureThreshold = 10 startOBServerCmd := "/home/admin/oceanbase/bin/oceanbase-helper start" diff --git a/pkg/resource/obtenantbackuppolicy_manager.go b/pkg/resource/obtenantbackuppolicy_manager.go index 21795b9d0..9ef4e7b22 100644 --- a/pkg/resource/obtenantbackuppolicy_manager.go +++ b/pkg/resource/obtenantbackuppolicy_manager.go @@ -21,6 +21,7 @@ import ( "github.com/robfig/cron/v3" corev1 "k8s.io/api/core/v1" kubeerrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/retry" @@ -77,7 +78,7 @@ func (m *ObTenantBackupPolicyManager) CheckAndUpdateFinalizers() error { } if !finalizerFinished { - tenant, err := m.getOBTenant() + tenant, err := m.getOBTenantCR() if err != nil { // the tenant is deleted, no need to wait finalizer if kubeerrors.IsNotFound(err) { @@ -351,8 +352,15 @@ func (m *ObTenantBackupPolicyManager) getOBCluster() (*v1alpha1.OBCluster, error return obcluster, nil } -func (m *ObTenantBackupPolicyManager) getOBTenant() (*v1alpha1.OBTenant, error) { - tenantName := m.BackupPolicy.Spec.TenantName +func (m *ObTenantBackupPolicyManager) getOBTenantCR() (*v1alpha1.OBTenant, error) { + // Guard that tenantCRName is not empty + if m.BackupPolicy.Spec.TenantCRName == "" { + return nil, kubeerrors.NewNotFound(schema.GroupResource{ + Group: "oceanbase.oceanbase.com", + Resource: "obtenantbackuppolicies", + }, m.BackupPolicy.Spec.TenantCRName) + } + tenantName := m.BackupPolicy.Spec.TenantCRName tenant := &v1alpha1.OBTenant{} err := m.Client.Get(m.Ctx, types.NamespacedName{ Namespace: m.BackupPolicy.Namespace, diff --git a/pkg/resource/obtenantbackuppolicy_task.go b/pkg/resource/obtenantbackuppolicy_task.go index 7681817a6..d11efc976 100644 --- a/pkg/resource/obtenantbackuppolicy_task.go +++ b/pkg/resource/obtenantbackuppolicy_task.go @@ -322,7 +322,6 @@ func (m *ObTenantBackupPolicyManager) CleanOldBackupJobs() error { err = m.Client.List(m.Ctx, &jobs, client.MatchingLabels{ oceanbaseconst.LabelRefBackupPolicy: m.BackupPolicy.Name, - oceanbaseconst.LabelTenantName: m.BackupPolicy.Spec.TenantName, }, client.MatchingLabelsSelector{ Selector: labelSelector, @@ -382,7 +381,7 @@ func (m *ObTenantBackupPolicyManager) PauseBackup() error { if err != nil { return err } - + m.Recorder.Event(m.BackupPolicy, v1.EventTypeNormal, "PauseBackup", "Pause backup policy") return nil } @@ -410,7 +409,8 @@ func (m *ObTenantBackupPolicyManager) ResumeBackup() error { archiveRunning = true } } - return nil + m.Recorder.Event(m.BackupPolicy, v1.EventTypeNormal, "ResumeBackup", "Resume backup policy") + return m.createBackupJobIfNotExists(constants.BackupJobTypeFull) } func (m *ObTenantBackupPolicyManager) syncLatestJobs() error { @@ -452,17 +452,8 @@ func (m *ObTenantBackupPolicyManager) getOperationManager() (*operation.Oceanbas if m.con != nil { return m.con, nil } + var con *operation.OceanbaseOperationManager var err error - tenantCR := &v1alpha1.OBTenant{} - err = m.Client.Get(m.Ctx, types.NamespacedName{ - Namespace: m.BackupPolicy.Namespace, - Name: m.BackupPolicy.Spec.TenantName, - }, tenantCR) - - if err != nil { - return nil, err - } - obcluster := &v1alpha1.OBCluster{} err = m.Client.Get(m.Ctx, types.NamespacedName{ Namespace: m.BackupPolicy.Namespace, @@ -471,30 +462,47 @@ func (m *ObTenantBackupPolicyManager) getOperationManager() (*operation.Oceanbas if err != nil { return nil, errors.Wrap(err, "get obcluster") } - con, err := GetTenantRootOperationClient(m.Client, m.Logger, obcluster, tenantCR.Spec.TenantName, tenantCR.Status.Credentials.Root) - if err != nil { - return nil, errors.Wrap(err, "get oceanbase operation manager") + if m.BackupPolicy.Spec.TenantName != "" && m.BackupPolicy.Spec.TenantSecret != "" { + con, err = GetTenantRootOperationClient(m.Client, m.Logger, obcluster, m.BackupPolicy.Spec.TenantName, m.BackupPolicy.Spec.TenantSecret) + if err != nil { + return nil, errors.Wrap(err, "get oceanbase operation manager") + } + } else if m.BackupPolicy.Spec.TenantCRName != "" { + tenantCR := &v1alpha1.OBTenant{} + err = m.Client.Get(m.Ctx, types.NamespacedName{ + Namespace: m.BackupPolicy.Namespace, + Name: m.BackupPolicy.Spec.TenantName, + }, tenantCR) + if err != nil { + return nil, err + } + + con, err = GetTenantRootOperationClient(m.Client, m.Logger, obcluster, tenantCR.Spec.TenantName, tenantCR.Status.Credentials.Root) + if err != nil { + return nil, errors.Wrap(err, "get oceanbase operation manager") + } } m.con = con return con, nil } func (m *ObTenantBackupPolicyManager) getArchiveDestPath() string { - archiveSpec := m.BackupPolicy.Spec.LogArchive - targetDest := archiveSpec.Destination + targetDest := m.BackupPolicy.Spec.LogArchive.Destination if targetDest.Type == constants.BackupDestTypeNFS || isZero(targetDest.Type) { return "file://" + path.Join(backupVolumePath, targetDest.Path) + } else if targetDest.Type == constants.BackupDestTypeOSS && targetDest.OSSAccessSecret != "" { + secret := &v1.Secret{} + err := m.Client.Get(m.Ctx, types.NamespacedName{ + Namespace: m.BackupPolicy.GetNamespace(), + Name: targetDest.OSSAccessSecret, + }, secret) + if err != nil { + m.PrintErrEvent(err) + return "" + } + return strings.Join([]string{targetDest.Path, "access_id=" + string(secret.Data["accessId"]), "access_key=" + string(secret.Data["accessKey"])}, "&") } - secret := &v1.Secret{} - err := m.Client.Get(m.Ctx, types.NamespacedName{ - Namespace: m.BackupPolicy.GetNamespace(), - Name: targetDest.OSSAccessSecret, - }, secret) - if err != nil { - m.PrintErrEvent(err) - return "" - } - return strings.Join([]string{targetDest.Path, "access_id=" + string(secret.Data["accessId"]), "access_key=" + string(secret.Data["accessKey"])}, "&") + return targetDest.Path } func (m *ObTenantBackupPolicyManager) getArchiveDestSettingValue() string { @@ -513,17 +521,19 @@ func (m *ObTenantBackupPolicyManager) getBackupDestPath() string { targetDest := m.BackupPolicy.Spec.DataBackup.Destination if targetDest.Type == constants.BackupDestTypeNFS || isZero(targetDest.Type) { return "file://" + path.Join(backupVolumePath, targetDest.Path) + } else if targetDest.Type == constants.BackupDestTypeOSS && targetDest.OSSAccessSecret != "" { + secret := &v1.Secret{} + err := m.Client.Get(m.Ctx, types.NamespacedName{ + Namespace: m.BackupPolicy.GetNamespace(), + Name: targetDest.OSSAccessSecret, + }, secret) + if err != nil { + m.PrintErrEvent(err) + return "" + } + return strings.Join([]string{targetDest.Path, "access_id=" + string(secret.Data["accessId"]), "access_key=" + string(secret.Data["accessKey"])}, "&") } - secret := &v1.Secret{} - err := m.Client.Get(m.Ctx, types.NamespacedName{ - Namespace: m.BackupPolicy.GetNamespace(), - Name: targetDest.OSSAccessSecret, - }, secret) - if err != nil { - m.PrintErrEvent(err) - return "" - } - return strings.Join([]string{targetDest.Path, "access_id=" + string(secret.Data["accessId"]), "access_key=" + string(secret.Data["accessKey"])}, "&") + return targetDest.Path } func (m *ObTenantBackupPolicyManager) createBackupJob(jobType apitypes.BackupJobType) error { @@ -539,6 +549,20 @@ func (m *ObTenantBackupPolicyManager) createBackupJob(jobType apitypes.BackupJob case constants.BackupJobTypeArchive: path = m.getArchiveDestPath() } + var tenantRecordName string + var tenantSecret string + if m.BackupPolicy.Spec.TenantName != "" { + tenantRecordName = m.BackupPolicy.Spec.TenantName + tenantSecret = m.BackupPolicy.Spec.TenantSecret + } else { + tenant, err := m.getOBTenantCR() + if err != nil { + return err + } + tenantRecordName = tenant.Spec.TenantName + tenantSecret = tenant.Status.Credentials.Root + } + backupJob := &v1alpha1.OBTenantBackup{ ObjectMeta: metav1.ObjectMeta{ Name: m.BackupPolicy.Name + "-" + strings.ToLower(string(jobType)) + "-" + time.Now().Format("20060102150405"), @@ -554,16 +578,15 @@ func (m *ObTenantBackupPolicyManager) createBackupJob(jobType apitypes.BackupJob oceanbaseconst.LabelRefOBCluster: m.BackupPolicy.Labels[oceanbaseconst.LabelRefOBCluster], oceanbaseconst.LabelRefBackupPolicy: m.BackupPolicy.Name, oceanbaseconst.LabelRefUID: string(m.BackupPolicy.GetUID()), - oceanbaseconst.LabelTenantName: m.BackupPolicy.Spec.TenantName, oceanbaseconst.LabelBackupType: string(jobType), }, }, Spec: v1alpha1.OBTenantBackupSpec{ Path: path, Type: jobType, - TenantName: m.BackupPolicy.Spec.TenantName, + TenantName: tenantRecordName, + TenantSecret: tenantSecret, ObClusterName: m.BackupPolicy.Spec.ObClusterName, - TenantSecret: m.BackupPolicy.Spec.TenantSecret, EncryptionSecret: m.BackupPolicy.Spec.DataBackup.EncryptionSecret, }, } @@ -587,7 +610,6 @@ func (m *ObTenantBackupPolicyManager) noRunningJobs(jobType apitypes.BackupJobTy err := m.Client.List(m.Ctx, &runningJobs, client.MatchingLabels{ oceanbaseconst.LabelRefBackupPolicy: m.BackupPolicy.Name, - oceanbaseconst.LabelTenantName: m.BackupPolicy.Spec.TenantName, oceanbaseconst.LabelBackupType: string(jobType), }, client.InNamespace(m.BackupPolicy.Namespace)) @@ -618,9 +640,14 @@ func (m *ObTenantBackupPolicyManager) getTenantRecord(useCache bool) (*model.OBT if err != nil { return nil, err } - tenantRecordName, err := m.getTenantRecordName() - if err != nil { - return nil, err + var tenantRecordName string + if m.BackupPolicy.Spec.TenantName != "" { + tenantRecordName = m.BackupPolicy.Spec.TenantName + } else { + tenantRecordName, err = m.getTenantRecordName() + if err != nil { + return nil, err + } } tenants, err := con.ListTenantWithName(tenantRecordName) if err != nil { @@ -673,7 +700,7 @@ func (m *ObTenantBackupPolicyManager) getTenantRecordName() (string, error) { tenant := &v1alpha1.OBTenant{} err := m.Client.Get(m.Ctx, types.NamespacedName{ Namespace: m.BackupPolicy.Namespace, - Name: m.BackupPolicy.Spec.TenantName, + Name: m.BackupPolicy.Spec.TenantCRName, }, tenant) if err != nil { return "", err diff --git a/pkg/resource/obtenantrestore_manager.go b/pkg/resource/obtenantrestore_manager.go index b06018c28..d294042a4 100644 --- a/pkg/resource/obtenantrestore_manager.go +++ b/pkg/resource/obtenantrestore_manager.go @@ -127,7 +127,12 @@ func (m *ObTenantRestoreManager) checkRestoreProgress() error { if restoreHistory != nil && restoreHistory.Status == "SUCCESS" { m.Recorder.Event(m.Resource, corev1.EventTypeNormal, "Restore job finished", "Restore job finished") if m.Resource.Spec.RestoreRole == constants.TenantRoleStandby { - m.Resource.Status.Status = constants.RestoreJobStatusReplaying + if m.Resource.Spec.Source.ReplayEnabled && !m.Resource.Spec.Source.Until.Unlimited { + // Only if replay is enabled and restore until is not unlimited, start log replay + m.Resource.Status.Status = constants.RestoreJobStatusReplaying + } else { + m.Resource.Status.Status = constants.RestoreJobSuccessful + } } else { m.Resource.Status.Status = constants.RestoreJobStatusActivating }