Skip to content

Commit

Permalink
feat: support component definition of wesql and postgresql (#16)
Browse files Browse the repository at this point in the history
  • Loading branch information
Y-Rookie authored Nov 14, 2023
1 parent aa8a6fc commit 920901d
Show file tree
Hide file tree
Showing 12 changed files with 1,086 additions and 9 deletions.
2 changes: 1 addition & 1 deletion addons/apecloud-mysql/config/mysql8-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ relay_log_index=relay-bin.index
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysqld/mysqld.sock

{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
273 changes: 273 additions & 0 deletions addons/apecloud-mysql/templates/componentdefinition.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,273 @@
apiVersion: apps.kubeblocks.io/v1alpha1
kind: ComponentDefinition
metadata:
name: apecloud-mysql-0.7.0
labels:
{{- include "apecloud-mysql.labels" . | nindent 4 }}
spec:
provider: kubeblocks.io
description: ApeCloud MySQL is a database that is compatible with MySQL syntax and achieves high availability through the utilization of the RAFT consensus protocol.
serviceKind: mysql
serviceVersion: 8.0.30
runtime:
containers:
- name: mysql
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ default "IfNotPresent" .Values.image.pullPolicy }}
command: [ "/scripts/setup.sh" ]
env:
- name: SERVICE_PORT
value: "3306"
- name: MYSQL_ROOT_HOST
value: {{ .Values.auth.rootHost | default "%" | quote }}
- name: MYSQL_ROOT_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false
- name: MYSQL_DATABASE
value: {{- if .Values.auth.createDatabase }} {{ .Values.auth.database | quote }} {{- else }} "" {{- end }}
- name: MYSQL_USER
value: {{ .Values.auth.username | default "" | quote }}
- name: MYSQL_PASSWORD
value: {{ .Values.auth.password | default "" | quote }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterId | default "1" | quote }}
- name: CLUSTER_START_INDEX
value: {{ .Values.cluster.clusterStartIndex | default "1" | quote }}
- name: REPLICATION_USER
value: {{ .Values.auth.replicationUser | default "replicator" | quote }}
- name: REPLICATION_PASSWORD
value: {{ .Values.auth.replicationPassword | default "" | quote }}
- name: MYSQL_TEMPLATE_CONFIG
value: {{ if .Values.cluster.templateConfig }}{{ .Values.cluster.templateConfig }}{{ end }}
- name: MYSQL_CUSTOM_CONFIG
value: {{ if .Values.cluster.customConfig }}{{ .Values.cluster.customConfig }}{{ end }}
- name: MYSQL_DYNAMIC_CONFIG
value: {{ if .Values.cluster.dynamicConfig }}{{ .Values.cluster.dynamicConfig }}{{ end }}
- name: KB_EMBEDDED_WESQL
value: {{ .Values.cluster.kbWeSQLImage | default "1" | quote }}
volumeMounts:
- mountPath: {{ .Values.mysqlConfigs.dataMountPath }}
name: data
- mountPath: /opt/mysql
name: mysql-config
- name: scripts
mountPath: /scripts
- name: annotations
mountPath: /etc/annotations
ports:
- containerPort: 3306
name: mysql
- containerPort: 13306
name: paxos
lifecycle:
preStop:
exec:
command: [ "/scripts/pre-stop.sh" ]
- name: metrics
image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
command: [ "/scripts/agamotto.sh" ]
env:
- name: DB_TYPE
value: MySQL
- name: ENDPOINT
value: {{ printf "localhost:3306" }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false
volumeMounts:
- name: agamotto-configuration
mountPath: /opt/agamotto
- name: data
mountPath: {{ .Values.mysqlConfigs.dataMountPath }}
{{- if .Values.logCollector.enabled }}
- name: log-data
mountPath: /var/log/kubeblocks
readOnly: false
{{- end }}
- name: scripts
mountPath: /scripts
ports:
- name: http-metrics
containerPort: {{ .Values.metrics.service.port }}
securityContext:
runAsNonRoot: false
runAsUser: 0
volumes:
{{- if .Values.logCollector.enabled }}
- name: log-data
hostPath:
path: /var/log/kubeblocks
type: DirectoryOrCreate
{{- end }}
- name: annotations
downwardAPI:
items:
- path: "leader"
fieldRef:
fieldPath: metadata.annotations['cs.apps.kubeblocks.io/leader']
- path: "component-replicas"
fieldRef:
fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas']
volumes:
services:
- name: default
serviceName: mysql
spec:
ports:
- name: mysql
port: 3306
targetPort: mysql
roleSelector: leader
- name: readonly
serviceName: mysql-ro
spec:
ports:
- name: mysql
port: 3306
targetPort: mysql
roleSelector: follower
configs:
- name: mysql-consensusset-config
templateRef: mysql8.0-config-template
constraintRef: mysql8.0-config-constraints
volumeName: mysql-config
namespace: {{ .Release.Namespace }}
- name: agamotto-configuration
templateRef: apecloud-mysql8-agamotto-configuration
namespace: {{ .Release.Namespace }}
volumeName: agamotto-configuration
defaultMode: 0444 # for only read, mysql container switched user account.
- name: vttablet-config
templateRef: vttablet-config-template
constraintRef: mysql-scale-vttablet-config-constraints
volumeName: mysql-scale-config
namespace: {{ .Release.Namespace }}
logConfigs:
{{- range $name,$pattern := .Values.logConfigs }}
- name: {{ $name }}
filePathPattern: {{ $pattern }}
{{- end }}
monitor:
builtIn: false
exporterConfig:
scrapePath: /metrics
scrapePort: {{ .Values.metrics.service.port }}
scripts:
- name: apecloud-mysql-scripts
templateRef: apecloud-mysql-scripts
namespace: {{ .Release.Namespace }}
volumeName: scripts
defaultMode: 0555 # for read and execute, mysql container switched user account.
systemAccounts:
- name: root
initAccount: true
passwordGenerationPolicy:
length: 16
numDigits: 8
numSymbols: 8
letterCase: MixedCases
- name: kbadmin
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT ALL PRIVILEGES ON *.* TO $(USERNAME);
passwordGenerationPolicy: &defaultPasswordGenerationPolicy
length: 10
numDigits: 5
numSymbols: 0
letterCase: MixedCases
- name: kbdataprotection
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)';GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON *.* TO $(USERNAME); GRANT LOCK TABLES,RELOAD,PROCESS,REPLICATION CLIENT, SUPER,SELECT,EVENT,TRIGGER,SHOW VIEW ON *.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbprobe
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbmonitoring
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION CLIENT, PROCESS ON *.* TO $(USERNAME); GRANT SELECT ON performance_schema.* TO $(USERNAME);
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
- name: kbreplicator
statement: CREATE USER $(USERNAME) IDENTIFIED BY '$(PASSWORD)'; GRANT REPLICATION SLAVE ON *.* TO $(USERNAME) WITH GRANT OPTION;
passwordGenerationPolicy: *defaultPasswordGenerationPolicy
connectionCredentials:
- name: root
serviceName: default
accountName: root
- name: admin
serviceName: default
accountName: kbadmin
roles:
- name: leader
serviceable: true
writable: true
- name: follower
serviceable: true
writable: false
- name: learner
serviceable: false
writable: false
lifecycleActions:
roleProbe:
builtinHandler: wesql
failureThreshold: {{ .Values.roleProbe.failureThreshold }}
periodSeconds: {{ .Values.roleProbe.periodSeconds }}
timeoutSeconds: {{ .Values.roleProbe.timeoutSeconds }}
switchover:
withCandidate:
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
exec:
command:
- /scripts/switchover-with-candidate.sh
withoutCandidate:
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
exec:
command:
- /scripts/switchover-without-candidate.sh
scriptSpecSelectors:
- name: apecloud-mysql-scripts
memberJoin:
memberLeave:
readonly:
readwrite:
dataPopulate:
dataAssemble:
accountProvision:
customHandler:
image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
exec:
command:
- mysql
args:
- -u$(MYSQL_ROOT_USER)
- -p$(MYSQL_ROOT_PASSWORD)
- -h$(KB_ACCOUNT_ENDPOINT)
- -e
- $(KB_ACCOUNT_STATEMENT)
env:
- name: MYSQL_ROOT_USER
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: username
optional: false
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: $(CONN_CREDENTIAL_SECRET_NAME)
key: password
optional: false
2 changes: 1 addition & 1 deletion addons/apecloud-postgresql/config/pg12-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
# shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
2 changes: 1 addition & 1 deletion addons/kafka/scripts/kafka-exporter-setup.sh.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
{{ $servers = trimSuffix " \\\n" $servers}}
exec kafka_exporter --web.listen-address=:9308 \
{{- if hasKey $component "tls" }}
{{- if $component.tls }}
{{- if $component.tlsConfig }}
--tls.enabled \
{{- end }}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion addons/kafka/scripts/kafka-server-setup.sh.tpl
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

# TLS setting
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
# override TLS and auth settings
export KAFKA_TLS_TYPE="PEM"
echo "[tls]KAFKA_TLS_TYPE=$KAFKA_TLS_TYPE"
Expand Down
2 changes: 1 addition & 1 deletion addons/official-postgresql/config/pg12-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
# shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
2 changes: 1 addition & 1 deletion addons/official-postgresql/config/pg14-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
# shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
2 changes: 1 addition & 1 deletion addons/orioledb/config/orioledb-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
shared_preload_libraries = 'orioledb,pg_stat_statements,auto_explain'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
2 changes: 1 addition & 1 deletion addons/postgresql/config/pg12-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
# shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
2 changes: 1 addition & 1 deletion addons/postgresql/config/pg14-config.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ session_replication_role = 'origin'
sql_firewall.firewall = 'disable'
shared_buffers = '{{ printf "%d%s" $shared_buffers $buffer_unit }}'
# shared_preload_libraries = 'pg_stat_statements,auto_explain,bg_mon,pgextwlist,pg_auth_mon,set_user,pg_cron,pg_stat_kcache'
{{- if $.component.tls }}
{{- if $.component.tlsConfig }}
{{- $ca_file := getCAFile }}
{{- $cert_file := getCertFile }}
{{- $key_file := getKeyFile }}
Expand Down
Loading

0 comments on commit 920901d

Please sign in to comment.