-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
81,939 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,375 @@ | ||
| --- | ||
| # Source: tidb-operator/templates/controller-manager-rbac.yaml | ||
| kind: ServiceAccount | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: tidb-controller-manager | ||
| namespace: acto-namespace | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-rbac.yaml | ||
| kind: ServiceAccount | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: tidb-scheduler | ||
| namespace: acto-namespace | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-config-configmap.yaml | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: tidb-scheduler-config | ||
| namespace: acto-namespace | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| data: | ||
| scheduler-config.yaml: |- | ||
| apiVersion: kubescheduler.config.k8s.io/v1 | ||
| kind: KubeSchedulerConfiguration | ||
| leaderElection: | ||
| leaderElect: true | ||
| resourceNamespace: acto-namespace | ||
| resourceName: tidb-scheduler | ||
| profiles: | ||
| - schedulerName: tidb-scheduler | ||
| extenders: | ||
| - urlPrefix: http://127.0.0.1:10262/scheduler | ||
| filterVerb: filter | ||
| preemptVerb: preempt | ||
| weight: 1 | ||
| enableHTTPS: false | ||
| httpTimeout: 30s | ||
| --- | ||
| # Source: tidb-operator/templates/controller-manager-rbac.yaml | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:tidb-controller-manager | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: | ||
| - services | ||
| - events | ||
| verbs: ["*"] | ||
| - apiGroups: [""] | ||
| resources: ["endpoints","configmaps"] | ||
| verbs: ["create", "get", "list", "watch", "update","delete"] | ||
| - apiGroups: [""] | ||
| resources: ["serviceaccounts"] | ||
| verbs: ["create","get","update","delete"] | ||
| - apiGroups: ["batch"] | ||
| resources: ["jobs"] | ||
| verbs: ["get", "list", "watch", "create", "update", "delete"] | ||
| - apiGroups: [""] | ||
| resources: ["secrets"] | ||
| verbs: ["create", "update", "get", "list", "watch","delete"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumeclaims"] | ||
| verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] | ||
| - apiGroups: [""] | ||
| resources: ["pods"] | ||
| verbs: ["get", "list", "watch","update", "delete"] | ||
| - apiGroups: ["apps"] | ||
| resources: ["statefulsets","deployments", "controllerrevisions"] | ||
| verbs: ["*"] | ||
| - apiGroups: ["extensions"] | ||
| resources: ["ingresses"] | ||
| verbs: ["*"] | ||
| - apiGroups: ["networking.k8s.io"] | ||
| resources: ["ingresses"] | ||
| verbs: ["*"] | ||
| - apiGroups: ["apps.pingcap.com"] | ||
| resources: ["statefulsets", "statefulsets/status"] | ||
| verbs: ["*"] | ||
| - apiGroups: ["pingcap.com"] | ||
| resources: ["*"] | ||
| verbs: ["*"] | ||
| - nonResourceURLs: ["/metrics"] | ||
| verbs: ["get"] | ||
| - apiGroups: [""] | ||
| resources: ["nodes"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumes"] | ||
| verbs: ["get", "list", "watch", "patch", "update", "create"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["storageclasses"] | ||
| verbs: ["get", "list", "watch"] | ||
|
|
||
| - apiGroups: ["rbac.authorization.k8s.io"] | ||
| resources: [clusterroles,roles] | ||
| verbs: ["escalate","create","get","update", "delete"] | ||
| - apiGroups: ["rbac.authorization.k8s.io"] | ||
| resources: ["rolebindings","clusterrolebindings"] | ||
| verbs: ["create","get","update", "delete"] | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-rbac.yaml | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:tidb-scheduler | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| rules: | ||
| # ConfigMap permission for --policy-configmap | ||
| - apiGroups: [""] | ||
| resources: ["configmaps"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["pods"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["nodes"] | ||
| verbs: ["get", "list"] | ||
| - apiGroups: ["pingcap.com"] | ||
| resources: ["tidbclusters"] | ||
| verbs: ["get"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumeclaims"] | ||
| verbs: ["get", "list", "update"] | ||
| # Extra permissions for endpoints other than kube-scheduler | ||
| - apiGroups: [""] | ||
| resources: ["endpoints"] | ||
| verbs: ["delete", "get", "patch", "update"] | ||
| - apiGroups: ["coordination.k8s.io"] | ||
| resources: ["leases"] | ||
| verbs: ["create"] | ||
| - apiGroups: ["coordination.k8s.io"] | ||
| resources: ["leases"] | ||
| resourceNames: ["tidb-scheduler"] | ||
| verbs: ["get", "update"] | ||
| --- | ||
| # Source: tidb-operator/templates/controller-manager-rbac.yaml | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:tidb-controller-manager | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: tidb-controller-manager | ||
| namespace: acto-namespace | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: tidb-operator:tidb-controller-manager | ||
| apiGroup: rbac.authorization.k8s.io | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-rbac.yaml | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:tidb-scheduler | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: tidb-scheduler | ||
| namespace: acto-namespace | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: tidb-operator:tidb-scheduler | ||
| apiGroup: rbac.authorization.k8s.io | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-rbac.yaml | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:kube-scheduler | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: tidb-scheduler | ||
| namespace: acto-namespace | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: system:kube-scheduler | ||
| apiGroup: rbac.authorization.k8s.io | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-rbac.yaml | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: tidb-operator:volume-scheduler | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: tidb-scheduler | ||
| namespace: acto-namespace | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: system:volume-scheduler | ||
| apiGroup: rbac.authorization.k8s.io | ||
| --- | ||
| # Source: tidb-operator/templates/controller-manager-deployment.yaml | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: tidb-controller-manager | ||
| namespace: acto-namespace | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: controller-manager | ||
| spec: | ||
| serviceAccount: tidb-controller-manager | ||
| containers: | ||
| - name: tidb-operator | ||
| image: pingcap/tidb-operator:v1.5.2 | ||
| imagePullPolicy: IfNotPresent | ||
| resources: | ||
| requests: | ||
| cpu: 80m | ||
| memory: 50Mi | ||
| livenessProbe: | ||
| tcpSocket: | ||
| port: 6060 | ||
| initialDelaySeconds: 30 | ||
| periodSeconds: 10 | ||
| failureThreshold: 10 | ||
| command: | ||
| - /usr/local/bin/tidb-controller-manager | ||
| - -tidb-backup-manager-image=pingcap/tidb-backup-manager:v1.5.2 | ||
| - -tidb-discovery-image=pingcap/tidb-operator:v1.5.2 | ||
| - -cluster-scoped=true | ||
| - -cluster-permission-node=true | ||
| - -cluster-permission-pv=true | ||
| - -cluster-permission-sc=true | ||
| - -auto-failover=true | ||
| - -pd-failover-period=5m | ||
| - -tikv-failover-period=5m | ||
| - -tiflash-failover-period=5m | ||
| - -tidb-failover-period=5m | ||
| - -dm-master-failover-period=5m | ||
| - -dm-worker-failover-period=5m | ||
| - -v=2 | ||
| env: | ||
| - name: NAMESPACE | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: metadata.namespace | ||
| - name: TZ | ||
| value: UTC | ||
| --- | ||
| # Source: tidb-operator/templates/scheduler-deployment.yaml | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: tidb-scheduler | ||
| namespace: acto-namespace | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/managed-by: Helm | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| helm.sh/chart: tidb-operator-v1.5.2 | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/name: tidb-operator | ||
| app.kubernetes.io/instance: tidb-operator | ||
| app.kubernetes.io/component: scheduler | ||
| spec: | ||
| serviceAccount: tidb-scheduler | ||
| containers: | ||
| - name: tidb-scheduler | ||
| image: pingcap/tidb-operator:v1.5.2 | ||
| imagePullPolicy: IfNotPresent | ||
| resources: | ||
| limits: | ||
| cpu: 250m | ||
| memory: 150Mi | ||
| requests: | ||
| cpu: 80m | ||
| memory: 50Mi | ||
| command: | ||
| - /usr/local/bin/tidb-scheduler | ||
| - -v=2 | ||
| - -port=10262 | ||
| - name: kube-scheduler | ||
| image: registry.k8s.io/kube-scheduler:v1.29.0 | ||
| imagePullPolicy: IfNotPresent | ||
| resources: | ||
| limits: | ||
| cpu: 250m | ||
| memory: 150Mi | ||
| requests: | ||
| cpu: 80m | ||
| memory: 50Mi | ||
| command: | ||
| - kube-scheduler | ||
| - --v=2 | ||
| - --config=/etc/kubernetes/scheduler-config.yaml | ||
| volumeMounts: | ||
| - name: scheduler-config | ||
| mountPath: /etc/kubernetes | ||
| volumes: | ||
| - name: scheduler-config | ||
| configMap: | ||
| name: tidb-scheduler-config |
Oops, something went wrong.