forked from mariadb-operator/mariadb-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmariadb_v1alpha1_mariadb.yaml
129 lines (114 loc) · 2.7 KB
/
mariadb_v1alpha1_mariadb.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
apiVersion: mariadb.mmontes.io/v1alpha1
kind: MariaDB
metadata:
name: mariadb
spec:
rootPasswordSecretKeyRef:
name: mariadb
key: root-password
database: mariadb
username: mariadb
passwordSecretKeyRef:
name: mariadb
key: password
image:
repository: mariadb
tag: "10.11.3"
pullPolicy: IfNotPresent
port: 3306
volumeClaimTemplate:
resources:
requests:
storage: 100Mi
accessModes:
- ReadWriteOnce
volumes:
- name: mariadb-persistent-storage
persistentVolumeClaim:
claimName: mariadb-pv-claim
volumeMounts:
- name: mariadb-persistent-storage
mountPath: /
myCnf: |
[mysqld]
bind-address=0.0.0.0
default_storage_engine=InnoDB
binlog_format=row
innodb_autoinc_lock_mode=2
max_allowed_packet=256M
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
env:
- name: TZ
value: SYSTEM
envFrom:
- configMapRef:
name: mariadb
podSecurityContext:
runAsUser: 500
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
exec:
command:
- bash
- -c
- mysql -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
exec:
command:
- bash
- -c
- mysql -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
service:
type: LoadBalancer
annotations:
metallb.universe.tf/loadBalancerIPs: 172.18.0.20
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pv-claim
labels:
app: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "julian-service-account"
annotations:
# cluster name formatting should match this:
# https://gitlab.appian-stratus.com/appian/prod/clusters/-/blob/2b1616e193193338124fe5cb6414c15cf2f0778c/infrastructure/clusters/modules/sites_cluster_resources/sites_iam.tf#L372
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.cluster.accountId }}:role/TokenVendingMachineTest_{{ .Values.cluster.name | replace "-" "" }}
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: tvm-gitlab-runner-permissions
name: service-runner-permissions:tvm-r:gitlab-runner:privleged-psp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: eks:podsecuritypolicy:privileged
subjects:
- kind: ServiceAccount
name: "julian-service-account"