https://github.com/percona/percona-helm-charts/tree/main/charts/pxc-operator
GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.
Collection of Helm charts for Percona Kubernetes Operators. - GitHub - percona/percona-helm-charts: Collection of Helm charts for Percona Kubernetes Operators.
github.com
pxc-operator helm Chart 분석
values.yaml
# Default values for pxc-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
operatorImageRepository: percona/percona-xtradb-cluster-operator
imagePullPolicy: IfNotPresent
image: ""
# set if you want to specify a namespace to watch
# defaults to `.Release.namespace` if left blank
# watchNamespace:
# set if operator should be deployed in cluster wide mode. defaults to false
watchAllNamespaces: false
# set if you want to use a different operator name
# defaults to `percona-xtradb-cluster-operator`
# operatorName:
# set to false if you don't want the helm chart to
# automatically create the CRD.
createCRD: true
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you don't want to specify resources, comment the following
# lines and add the curly braces after 'resources:'.
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 100m
memory: 20Mi
nodeSelector: {}
tolerations: []
affinity: {}
templates/role.yaml
values.yaml 에서 "watchNamespace" 나 "watchAllNamespaces" 값이 정의될경우
Role 은 Cluster Role 로 설치가되며, admissionregistration 의 validatingwebhookconfigurations 값이 추가가 된다.
{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
kind: ClusterRole
{{- else }}
kind: Role
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "pxc-operator.fullname" . }}
labels:
{{ include "pxc-operator.labels" . | indent 4 }}
rules:
- apiGroups:
- pxc.percona.com
resources:
- perconaxtradbclusters
- perconaxtradbclusters/status
- perconaxtradbclusterbackups
- perconaxtradbclusterbackups/status
- perconaxtradbclusterrestores
- perconaxtradbclusterrestores/status
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
{{- end }}
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
- configmaps
- services
- persistentvolumeclaims
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- certmanager.k8s.io
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
templates/role-binding.yaml
### values.yaml 에서 "watchNamespace" 나 "watchAllNamespaces" 값이 정의될경우 rolebinding 이 ClusterRolebinding 로 바인딩되며, 없을경우 Rolebinding 로 바인딩된다.
### values.yaml 에서 "watchNamespace" 값이 정의될경우 metadata 에 namespace 값이 추가된다.
### values.yaml 에서 "watchNamespace" 나 "watchAllNamespaces" 값이 정의될경우 ServiceAccount annotation 의 Label 에 namespace: 값 추가
### values.yaml 에서 "watchNamespace" 나 "watchAllNamespaces" 값이 정의될경우roleRef 값이 ClusterRole 로 정의되며, 없을경우 Role 로 정의된다.
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "pxc-operator.fullname" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: percona-xtradb-cluster-operator
---
{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
kind: ClusterRoleBinding
{{- else }}
kind: RoleBinding
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "pxc-operator.fullname" . }}
{{- if .Values.watchNamespace }}
namespace: {{ .Values.watchNamespace }}
{{- end }}
labels:
{{ include "pxc-operator.labels" . | indent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "pxc-operator.fullname" . }}
{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
namespace: {{ .Release.Namespace }}
{{- end }}
roleRef:
{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
kind: ClusterRole
{{- else }}
kind: Role
{{- end }}
name: {{ include "pxc-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
templates/namespace.yaml
### watchNamespace 값이 있을경우, 해당 namespace 가 없으면 namespace 생성한다.
{{ if .Values.watchNamespace }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.watchNamespace }}
{{ end }}
templates/deployment.yaml
### replicaCount 값에 따라서 replicas 갯수 반영, Default 값이 정의가 안되어 있어서 필수로 정의해서 사용해야함
### imagePullSecrets 왼쪽에 8칸 공백을 넣고나서 imagePullSecrets 값 입력
### Values.imagePullPolicy 값이 정의되어 있을경우 정책 적용
### Values.watchAllNamespaces 값이 있을경우 ENV 의 WATCH_NAMESPACE 에 Values.watchAllNamespaces 값 정의, 없을시 default .Release.Namespace .Values.watchNamespace 으로 정의
### Values.nodeSelector 값이 있을경우 nodeSelector 정의
### Values.affinity 값 이 있을경우 affinity 정의
### Values.tolerations 값이 있을경우 tolerations 값 정의
### Values.watchAllNamespaces 가 정의가되면, Pod 의 9443 Port 를 Service 443 으로 노출시키는 Service 추가 생성
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "pxc-operator.fullname" . }}
labels:
{{ include "pxc-operator.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: operator
app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ include "pxc-operator.name" . }}
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: operator
app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ include "pxc-operator.name" . }}
spec:
serviceAccountName: {{ include "pxc-operator.fullname" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 600
containers:
- name: {{ .Chart.Name }}
image: {{ include "pxc-operator.image" . }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
ports:
- containerPort: 8080
name: metrics
protocol: TCP
command:
- percona-xtradb-cluster-operator
env:
- name: WATCH_NAMESPACE
{{- if .Values.watchAllNamespaces }}
value: ""
{{- else }}
value: "{{ default .Release.Namespace .Values.watchNamespace }}"
{{- end }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{ include "pxc-operator.fullname" . }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: metrics
scheme: HTTP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.watchAllNamespaces }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "pxc-operator.name" . }}
labels:
name: {{ include "pxc-operator.name" . }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
{{- end }}