├── playbooks ├── .placeholder └── keydb.yml ├── inventory.yml ├── OWNERS ├── config ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── network-policy │ ├── kustomization.yaml │ └── allow-metrics-traffic.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml │ └── kustomization.yaml ├── rbac │ ├── metrics_reader_role.yaml │ ├── service_account.yaml │ ├── metrics_auth_role_binding.yaml │ ├── metrics_auth_role.yaml │ ├── keydb_viewer_role.yaml │ ├── role_binding.yaml │ ├── leader_election_role_binding.yaml │ ├── keydb_editor_role.yaml │ ├── leader_election_role.yaml │ ├── kustomization.yaml │ └── role.yaml ├── samples │ ├── kustomization.yaml │ ├── keydb_v1alpha1_keydb.yaml.j2 │ ├── keydb_v1alpha1_keydb_multimaster.yaml.j2 │ ├── keydb_v1alpha1_keydb_multimaster.yaml │ └── keydb_v1alpha1_keydb.yaml ├── manager │ ├── kustomization.yaml │ ├── enable_turbo_patch.yaml │ ├── profile_tasks_patch.yaml │ └── manager.yaml ├── testing │ ├── manager_image.yaml │ ├── pull_policy │ │ ├── Always.yaml │ │ ├── Never.yaml │ │ └── IfNotPresent.yaml │ ├── debug_logs_patch.yaml │ ├── watch_namespace_patch.yaml │ └── kustomization.yaml ├── manifests │ ├── kustomization.yaml │ └── bases │ │ └── keydb-operator.clusterserviceversion.yaml ├── crd │ ├── kustomization.yaml │ └── bases │ │ └── keydb.krestomat.io_keydbs.yaml ├── default │ ├── metrics_service.yaml │ ├── manager_metrics_patch.yaml │ └── kustomization.yaml └── templates │ └── docs │ └── README.md.j2 ├── .ansible-lint ├── CHANGELOG.md ├── OWNERS_ALIASES ├── .gitmodules ├── Makefile ├── requirements.yml ├── .gitignore ├── bundle ├── manifests │ ├── keydb-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml │ ├── keydb-operator-keydb-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml │ ├── keydb-operator-keydb-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml │ ├── keydb-operator-controller-manager-metrics-service_v1_service.yaml │ ├── keydb.krestomat.io_keydbs.yaml │ └── keydb-operator.clusterserviceversion.yaml ├── metadata │ └── annotations.yaml └── tests │ └── scorecard │ └── config.yaml ├── PROJECT ├── README.md ├── .github ├── workflows │ └── test_on_label.yml ├── ISSUE_TEMPLATE │ ├── enhancement_request.md │ ├── feature_request.md │ ├── support-and-qa.md │ └── bug_report.md └── PULL_REQUEST_TEMPLATE.md ├── watches.yaml ├── .lighthouse └── jenkins-x │ ├── triggers.yaml │ ├── lint.yaml │ ├── image.yaml │ ├── release.yaml │ └── k8s.yaml ├── bundle.Dockerfile ├── Dockerfile ├── docs └── README.md ├── Makefile-dist.mk └── LICENSE /playbooks/.placeholder: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /inventory.yml: -------------------------------------------------------------------------------- 1 | plugin: krestomatio.k8s.inventory 2 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - jobcespedes 3 | reviewers: 4 | - jobcespedes 5 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/network-policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - allow-metrics-traffic.yaml 3 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | warn_list: 2 | - fqcn[keyword] 3 | - fqcn[action-core] 4 | - name[casing] 5 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## Changes 2 | 3 | ### Chores 4 | 5 | * update: bump collection krestomatio.k8s 0.4.39 (krestomatio-cibot) 6 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | aliases: 2 | - krestomatio-cibot 3 | best-approvers: 4 | - krestomatio-cibot 5 | best-reviewers: 6 | - krestomatio-cibot 7 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/rbac/metrics_reader_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "molecule"] 2 | path = molecule 3 | url = https://github.com/krestomatio/operator-sdk-molecule.git 4 | [submodule "hack/mk"] 5 | path = hack/mk 6 | url = https://github.com/krestomatio/operator-sdk-makefiles.git 7 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | PROJECT_SHORTNAME ?= keydb 2 | VERSION ?= 0.3.28 3 | COLLECTION_VERSION ?= 0.4.39 4 | OPERATOR_TYPE ?= ansible 5 | PROJECT_TYPE ?= $(OPERATOR_TYPE)-operator 6 | COMMUNITY_OPERATOR_NAME ?= keydb-operator 7 | 8 | include hack/mk/main.mk 9 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - keydb_v1alpha1_keydb.yaml 4 | - keydb_v1alpha1_keydb_multimaster.yaml 5 | # +kubebuilder:scaffold:manifestskustomizesamples 6 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: keydb-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: controller-manager 8 | namespace: system 9 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | images: 5 | - name: controller 6 | newName: quay.io/krestomatio/keydb-operator 7 | newTag: 0.3.28 8 | apiVersion: kustomize.config.k8s.io/v1beta1 9 | kind: Kustomization 10 | -------------------------------------------------------------------------------- /config/samples/keydb_v1alpha1_keydb.yaml.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% include 'keydb_v1alpha1_keydb.yaml' %} 3 | 4 | {% if keydb_sample_extra_spec is defined and keydb_sample_extra_spec %} 5 | {{ keydb_sample_extra_spec | indent(width=2) }} 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: operator_sdk.util 4 | version: "0.5.0" 5 | - name: kubernetes.core 6 | version: "3.2.0" 7 | - name: cloud.common 8 | version: "3.0.0" 9 | - name: community.docker 10 | version: "3.12.1" 11 | -------------------------------------------------------------------------------- /config/testing/manager_image.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | image: testing 13 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/keydb-operator.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | -------------------------------------------------------------------------------- /config/testing/pull_policy/Always.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: Always 13 | -------------------------------------------------------------------------------- /config/testing/pull_policy/Never.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: Never 13 | -------------------------------------------------------------------------------- /config/testing/pull_policy/IfNotPresent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: IfNotPresent 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | bin 8 | 9 | # editor and IDE paraphernalia 10 | .idea 11 | *.swp 12 | *.swo 13 | *~ 14 | 15 | # ansible 16 | *.retry 17 | *.log 18 | __pycache__/ 19 | .cache 20 | 21 | # Galaxy artifacts. 22 | *.tar.gz 23 | -------------------------------------------------------------------------------- /playbooks/keydb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: keydb k8s resources 3 | hosts: localhost 4 | gather_facts: false 5 | collections: 6 | - kubernetes.core 7 | - operator_sdk.util 8 | tasks: 9 | - name: import keydb role 10 | import_role: 11 | name: krestomatio.k8s.v1alpha1.database.keydb 12 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.39.1 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /bundle/manifests/keydb-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: keydb-operator-metrics-reader 6 | rules: 7 | - nonResourceURLs: 8 | - /metrics 9 | verbs: 10 | - get 11 | -------------------------------------------------------------------------------- /config/samples/keydb_v1alpha1_keydb_multimaster.yaml.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% include 'keydb_v1alpha1_keydb_multimaster.yaml' %} 3 | 4 | {% if keydb_multimaster_sample_extra_spec is defined and keydb_multimaster_sample_extra_spec %} 5 | {{ keydb_multimaster_sample_extra_spec | indent(width=2) }} 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/keydb.krestomat.io_keydbs.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | -------------------------------------------------------------------------------- /config/testing/debug_logs_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | env: 13 | - name: ANSIBLE_DEBUG_LOGS 14 | value: "TRUE" 15 | -------------------------------------------------------------------------------- /config/manager/enable_turbo_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | env: 13 | - name: ENABLE_TURBO_MODE 14 | value: "true" 15 | -------------------------------------------------------------------------------- /config/manager/profile_tasks_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | env: 13 | - name: ANSIBLE_CALLBACK_WHITELIST 14 | value: profile_tasks 15 | -------------------------------------------------------------------------------- /config/rbac/metrics_auth_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: metrics-auth-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: metrics-auth-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/metrics_auth_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-auth-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: krestomat.io 2 | layout: 3 | - ansible.sdk.operatorframework.io/v1 4 | plugins: 5 | manifests.sdk.operatorframework.io/v2: {} 6 | scorecard.sdk.operatorframework.io/v2: {} 7 | projectName: keydb-operator 8 | resources: 9 | - api: 10 | crdVersion: v1 11 | namespaced: true 12 | domain: krestomat.io 13 | group: keydb 14 | kind: Keydb 15 | version: v1alpha1 16 | version: "3" 17 | -------------------------------------------------------------------------------- /config/testing/watch_namespace_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | env: 13 | - name: WATCH_NAMESPACE 14 | valueFrom: 15 | fieldRef: 16 | fieldPath: metadata.namespace 17 | -------------------------------------------------------------------------------- /config/rbac/keydb_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view keydbs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: keydb-viewer-role 6 | rules: 7 | - apiGroups: 8 | - keydb.krestomat.io 9 | resources: 10 | - keydbs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - keydb.krestomat.io 17 | resources: 18 | - keydbs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: keydb-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: manager-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: manager-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /config/default/metrics_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: keydb-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: controller-manager-metrics-service 9 | namespace: system 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | control-plane: controller-manager 18 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: keydb-operator 6 | app.kubernetes.io/managed-by: kustomize 7 | name: leader-election-rolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: leader-election-role 12 | subjects: 13 | - kind: ServiceAccount 14 | name: controller-manager 15 | namespace: system 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Keydb Operator 2 | 3 | This operator simplifies Keydb deployments in Kubernetes by leveraging the Ansible Operator SDK for automation. 4 | 5 | **Documentation:** [Keydb Operator Docs](https://krestomatio.com/docs/keydb-operator) provides guidance and further installation instructions. 6 | 7 | **Krestomatio Managed Service:** 8 | 9 | This project is part of open source powering Krestomatio, a service offering [managed Moodle™ e-learning platforms](https://krestomatio.com). 10 | -------------------------------------------------------------------------------- /bundle/manifests/keydb-operator-keydb-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: keydb-operator-keydb-viewer-role 6 | rules: 7 | - apiGroups: 8 | - keydb.krestomat.io 9 | resources: 10 | - keydbs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - keydb.krestomat.io 17 | resources: 18 | - keydbs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/keydb_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit keydbs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: keydb-editor-role 6 | rules: 7 | - apiGroups: 8 | - keydb.krestomat.io 9 | resources: 10 | - keydbs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - keydb.krestomat.io 21 | resources: 22 | - keydbs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | patches: 6 | - path: patches/basic.config.yaml 7 | target: 8 | group: scorecard.operatorframework.io 9 | kind: Configuration 10 | name: config 11 | version: v1alpha3 12 | - path: patches/olm.config.yaml 13 | target: 14 | group: scorecard.operatorframework.io 15 | kind: Configuration 16 | name: config 17 | version: v1alpha3 18 | # +kubebuilder:scaffold:patches 19 | -------------------------------------------------------------------------------- /.github/workflows/test_on_label.yml: -------------------------------------------------------------------------------- 1 | name: Test on label 2 | on: 3 | pull_request_target: 4 | types: 5 | - labeled 6 | 7 | jobs: 8 | test-group-comment: 9 | name: Test group comment 10 | if: github.event.label.name == 'test_group' 11 | runs-on: ubuntu-latest 12 | permissions: 13 | pull-requests: write 14 | steps: 15 | - uses: peter-evans/create-or-update-comment@v1 16 | with: 17 | issue-number: ${{ github.event.pull_request.number }} 18 | body: | 19 | /test group 20 | -------------------------------------------------------------------------------- /bundle/manifests/keydb-operator-keydb-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: keydb-operator-keydb-editor-role 6 | rules: 7 | - apiGroups: 8 | - keydb.krestomat.io 9 | resources: 10 | - keydbs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - keydb.krestomat.io 21 | resources: 22 | - keydbs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /bundle/manifests/keydb-operator-controller-manager-metrics-service_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app.kubernetes.io/managed-by: kustomize 7 | app.kubernetes.io/name: keydb-operator 8 | control-plane: controller-manager 9 | name: keydb-operator-controller-manager-metrics-service 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | control-plane: controller-manager 18 | status: 19 | loadBalancer: {} 20 | -------------------------------------------------------------------------------- /config/default/manager_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch adds the args to allow exposing the metrics endpoint using HTTPS 2 | - op: add 3 | path: /spec/template/spec/containers/0/args/0 4 | value: --metrics-bind-address=:8443 5 | # This patch adds the args to allow securing the metrics endpoint 6 | - op: add 7 | path: /spec/template/spec/containers/0/args/0 8 | value: --metrics-secure 9 | # This patch adds the args to allow RBAC-based authn/authz the metrics endpoint 10 | - op: add 11 | path: /spec/template/spec/containers/0/args/0 12 | value: --metrics-require-rbac 13 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: keydb-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: leader-election-role 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - update 20 | - patch 21 | - delete 22 | - apiGroups: 23 | - coordination.k8s.io 24 | resources: 25 | - leases 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - update 32 | - patch 33 | - delete 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - events 38 | verbs: 39 | - create 40 | - patch 41 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Enhancement request 3 | about: Suggest an improvement to a current an existing feature 4 | title: 'enhancement: ' 5 | labels: enhancement,request 6 | assignees: '' 7 | --- 8 | 9 | **What is the motivation or use case for the change?** 10 | 11 | **Describe the solution you'd like** 12 | A clear and concise description of what you want to happen. 13 | 14 | **Please tell us about your environment:** 15 | 16 | * Operating System: 17 | * Where is this running ( Local, Cloud Provider) 18 | * Storage being used (NFS, Hostpath, Gluster, etc): 19 | * Container Image Tag: 20 | * Platform (Docker, Kubernetes, OpenShift): 21 | * Platform Version: 22 | 23 | **Additional context** 24 | Add any other context or screenshots about the enhancement request here. 25 | -------------------------------------------------------------------------------- /bundle/metadata/annotations.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | # Core bundle annotations. 3 | operators.operatorframework.io.bundle.mediatype.v1: registry+v1 4 | operators.operatorframework.io.bundle.manifests.v1: manifests/ 5 | operators.operatorframework.io.bundle.metadata.v1: metadata/ 6 | operators.operatorframework.io.bundle.package.v1: keydb-operator 7 | operators.operatorframework.io.bundle.channels.v1: alpha 8 | operators.operatorframework.io.metrics.builder: operator-sdk-v1.39.1 9 | operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 10 | operators.operatorframework.io.metrics.project_layout: ansible.sdk.operatorframework.io/v1 11 | 12 | # Annotations for testing. 13 | operators.operatorframework.io.test.mediatype.v1: scorecard+v1 14 | operators.operatorframework.io.test.config.v1: tests/scorecard/ 15 | -------------------------------------------------------------------------------- /watches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use the 'create api' subcommand to add watches to this file. 3 | - version: v1alpha1 4 | group: keydb.krestomat.io 5 | kind: Keydb 6 | blacklist: 7 | # issue seing other secrets as dependant resources and triggering reconciliation (at least in logs) 8 | - group: "" 9 | version: v1 10 | kind: Secret 11 | # issue seing other config maps as dependant resources and triggering reconciliation (at least in logs) 12 | - group: "" 13 | version: v1 14 | kind: ConfigMap 15 | - group: "autoscaling" 16 | version: v2 17 | kind: HorizontalPodAutoscaler 18 | - group: "autoscaling.k8s.io" 19 | version: v1 20 | kind: VerticalPodAutoscaler 21 | finalizer: 22 | name: keydb.krestomat.io/finalizer 23 | vars: 24 | cr_state: absent 25 | playbook: playbooks/keydb.yml 26 | 27 | # +kubebuilder:scaffold:watch 28 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: 'feature: ' 5 | labels: feature,request 6 | assignees: '' 7 | --- 8 | 9 | **What is the motivation or use case for the feature?** 10 | 11 | **Describe the solution you'd like** 12 | A clear and concise description of what you want to happen. 13 | 14 | **Describe any alternatives you've considered** 15 | A clear and concise description of any alternative solutions or features you've considered. 16 | 17 | **Please tell us about your environment:** 18 | 19 | * Operating System: 20 | * Where is this running ( Local , Cloud Provider) 21 | * Storage being used (NFS, Hostpath, Gluster, etc): 22 | * Container Image Tag: 23 | * Platform (Docker, Kubernetes, OpenShift): 24 | * Platform Version: 25 | 26 | **Additional context** 27 | Add any other context or screenshots about the feature request here. 28 | -------------------------------------------------------------------------------- /config/network-policy/allow-metrics-traffic.yaml: -------------------------------------------------------------------------------- 1 | # This NetworkPolicy allows ingress traffic 2 | # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those 3 | # namespaces are able to gathering data from the metrics endpoint. 4 | apiVersion: networking.k8s.io/v1 5 | kind: NetworkPolicy 6 | metadata: 7 | labels: 8 | app.kubernetes.io/name: keydb-operator 9 | app.kubernetes.io/managed-by: kustomize 10 | name: allow-metrics-traffic 11 | namespace: system 12 | spec: 13 | podSelector: 14 | matchLabels: 15 | control-plane: controller-manager 16 | policyTypes: 17 | - Ingress 18 | ingress: 19 | # This allows ingress traffic from any namespace with the label metrics: enabled 20 | - from: 21 | - namespaceSelector: 22 | matchLabels: 23 | metrics: enabled # Only from namespaces with this label 24 | ports: 25 | - port: 8443 26 | protocol: TCP 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/support-and-qa.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Support - Question and Answer 3 | about: " Have a quick question, let us know." 4 | title: 'question: ' 5 | labels: question,request 6 | assignees: '' 7 | --- 8 | 9 | ** Which example are you working with?** 10 | 11 | **What is the current behavior?** 12 | 13 | **What is the expected behavior?** 14 | 15 | **Other information** (e.g. detailed explanation, related issues, etc) 16 | 17 | **Please tell us about your environment:** 18 | 19 | * Operating System: 20 | * Where is this running ( Local , Cloud Provider) 21 | * Storage being used (NFS, Hostpath, Gluster, etc): 22 | * Container Image Tag: 23 | * Platform (Docker, Kubernetes, OpenShift): 24 | * Platform Version: 25 | 26 | If possible please run the following on the kubernetes or OpenShift (oc) commands and provide the result: 27 | kubectl describe yourPodName 28 | kubectl describe pvc 29 | kubectl get nodes 30 | kubectl log yourPodName 31 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: 'bug: ' 5 | labels: bug 6 | assignees: '' 7 | --- 8 | 9 | **Describe the bug** 10 | A clear and concise description of what the bug is. 11 | 12 | **To Reproduce** 13 | Steps to reproduce the behavior: 14 | 1. Go to '...' 15 | 2. Click on '....' 16 | 3. Scroll down to '....' 17 | 4. See error 18 | 19 | **Expected behavior** 20 | A clear and concise description of what you expected to happen. 21 | 22 | **Screenshots** 23 | If applicable, add screenshots to help explain your problem. 24 | 25 | **Please tell us about your environment:** 26 | 27 | * Operating System: 28 | * Where is this running ( Local, Cloud Provider) 29 | * Storage being used (NFS, Hostpath, Gluster, etc): 30 | * Container Image Tag: 31 | * Platform (Docker, Kubernetes, OpenShift): 32 | * Platform Version: 33 | 34 | **Additional context** 35 | Add any other context about the problem here. 36 | -------------------------------------------------------------------------------- /.lighthouse/jenkins-x/triggers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.lighthouse.jenkins-x.io/v1alpha1 2 | kind: TriggerConfig 3 | spec: 4 | presubmits: 5 | - name: image 6 | max_concurrency: 1 7 | context: "image" 8 | always_run: false 9 | require_run: false 10 | trigger: (?m)^/test( all| image),?(s+|$) 11 | rerun_command: /test image 12 | source: "image.yaml" 13 | - name: k8s 14 | max_concurrency: 1 15 | context: "k8s" 16 | always_run: false 17 | require_run: true 18 | trigger: (?m)^/test( all| group| k8s),?(s+|$) 19 | rerun_command: /test k8s 20 | source: "k8s.yaml" 21 | - name: lint 22 | context: "lint" 23 | always_run: true 24 | trigger: (?m)^/test( all| lint),?(s+|$) 25 | rerun_command: /test lint 26 | source: "lint.yaml" 27 | postsubmits: 28 | - name: release 29 | max_concurrency: 1 30 | context: "release" 31 | source: "release.yaml" 32 | branches: 33 | - ^main$ 34 | - ^master$ 35 | -------------------------------------------------------------------------------- /bundle.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | # Core bundle labels. 4 | LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 5 | LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ 6 | LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ 7 | LABEL operators.operatorframework.io.bundle.package.v1=keydb-operator 8 | LABEL operators.operatorframework.io.bundle.channels.v1=alpha 9 | LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.39.1 10 | LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 11 | LABEL operators.operatorframework.io.metrics.project_layout=ansible.sdk.operatorframework.io/v1 12 | 13 | # Labels for testing. 14 | LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 15 | LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ 16 | 17 | # Copy files to locations specified by labels. 18 | COPY bundle/manifests /manifests/ 19 | COPY bundle/metadata /metadata/ 20 | COPY bundle/tests/scorecard /tests/scorecard/ 21 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | **Checklist:** 2 | 3 | 4 | - [ ] Have you added an explanation of what your changes do and why you'd like them to be included? 5 | - [ ] Have you updated or added documentation for the change, as applicable? 6 | - [ ] Have you tested your changes on all related environments with successful results, as applicable? 7 | 8 | 9 | 10 | **Type of Changes:** 11 | 12 | 13 | - [ ] Bug fix (non-breaking change which fixes an issue) 14 | - [ ] New feature (non-breaking change which adds functionality) 15 | - [ ] Breaking change (fix or feature that would cause existing functionality to change) 16 | 17 | 18 | 19 | **What is the current behavior? (link to any open issues here)** 20 | 21 | 22 | 23 | **What is the new behavior (if this is a feature change)?** 24 | 25 | 26 | 27 | **Other information**: 28 | -------------------------------------------------------------------------------- /config/testing/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: keydb-test 3 | 4 | namePrefix: keydb- 5 | 6 | # Labels to add to all resources and selectors. 7 | #commonLabels: 8 | # someName: someValue 9 | 10 | apiVersion: kustomize.config.k8s.io/v1beta1 11 | kind: Kustomization 12 | resources: 13 | - ../crd 14 | - ../rbac 15 | - ../manager 16 | images: 17 | - name: testing 18 | newName: testing-operator 19 | patches: 20 | - path: manager_image.yaml 21 | - path: debug_logs_patch.yaml 22 | - path: ../default/manager_metrics_patch.yaml 23 | target: 24 | kind: Deployment 25 | - path: watch_namespace_patch.yaml 26 | - path: ../manager/profile_tasks_patch.yaml 27 | - patch: |- 28 | - op: add 29 | path: /spec/template/spec/containers/0/args/- 30 | value: --zap-devel=true 31 | - op: add 32 | path: /spec/template/spec/containers/0/args/- 33 | value: --zap-time-encoding=iso8601 34 | - op: add 35 | path: /spec/template/spec/containers/0/args/- 36 | value: --zap-encoder=console 37 | - op: add 38 | path: /spec/template/spec/containers/0/args/- 39 | value: --ansible-args='-D' 40 | target: 41 | kind: Deployment 42 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # The following RBAC configurations are used to protect 13 | # the metrics endpoint with authn/authz. These configurations 14 | # ensure that only authorized users and service accounts 15 | # can access the metrics endpoint. Comment the following 16 | # permissions if you want to disable this protection. 17 | # More info: https://book.kubebuilder.io/reference/metrics.html 18 | - metrics_auth_role.yaml 19 | - metrics_auth_role_binding.yaml 20 | - metrics_reader_role.yaml 21 | # For each CRD, "Editor" and "Viewer" roles are scaffolded by 22 | # default, aiding admins in cluster management. Those roles are 23 | # not used by the Project itself. You can comment the following lines 24 | # if you do not want those helpers be installed with your Project. 25 | - keydb_editor_role.yaml 26 | - keydb_viewer_role.yaml 27 | 28 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.39.1 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.39.1 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.39.1 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.39.1 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.39.1 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | # Prometheus Monitor Service (Metrics) 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | app.kubernetes.io/name: keydb-operator 8 | app.kubernetes.io/managed-by: kustomize 9 | name: controller-manager-metrics-monitor 10 | namespace: system 11 | spec: 12 | endpoints: 13 | - path: /metrics 14 | port: https # Ensure this is the name of the port that exposes HTTPS metrics 15 | scheme: https 16 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 17 | tlsConfig: 18 | # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables 19 | # certificate verification. This poses a significant security risk by making the system vulnerable to 20 | # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between 21 | # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, 22 | # compromising the integrity and confidentiality of the information. 23 | # Please use the following options for secure configurations: 24 | # caFile: /etc/metrics-certs/ca.crt 25 | # certFile: /etc/metrics-certs/tls.crt 26 | # keyFile: /etc/metrics-certs/tls.key 27 | insecureSkipVerify: true 28 | selector: 29 | matchLabels: 30 | control-plane: controller-manager 31 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: keydb-operator-system 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: keydb-operator- 10 | 11 | # Labels to add to all resources and selectors. 12 | #labels: 13 | #- includeSelectors: true 14 | # pairs: 15 | # someName: someValue 16 | 17 | resources: 18 | - ../crd 19 | - ../rbac 20 | - ../manager 21 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 22 | #- ../prometheus 23 | # [METRICS] Expose the controller manager metrics service. 24 | - metrics_service.yaml 25 | # [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. 26 | # Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. 27 | # Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will 28 | # be able to communicate with the Webhook Server. 29 | #- ../network-policy 30 | 31 | # Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager 32 | patches: 33 | # [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. 34 | # More info: https://book.kubebuilder.io/reference/metrics 35 | - path: manager_metrics_patch.yaml 36 | target: 37 | kind: Deployment 38 | -------------------------------------------------------------------------------- /config/samples/keydb_v1alpha1_keydb_multimaster.yaml: -------------------------------------------------------------------------------- 1 | ### camelCase 2 | --- 3 | apiVersion: keydb.krestomat.io/v1alpha1 4 | kind: Keydb 5 | metadata: 6 | name: keydb-sample-multimaster 7 | spec: 8 | # keydbMode: one of 'standalone', 'multimaster', 'custom' 9 | # By default 'standalone' is 1 replica and 'multimaster' 3 10 | keydbMode: 'multimaster' 11 | 12 | # Enable and assign a limit of 1Gi memory 13 | keydbResourceLimits: true 14 | keydbResourceLimitsCpu: 1 15 | keydbResourceLimitsMemory: 1Gi 16 | 17 | # Assign 1Gi for each replica persistent volume 18 | keydbPvcDataSize: 1Gi 19 | 20 | # Enable autoexpansion 21 | # IMPORTANT: 22 | # * Kubernetes cluster and pvc MUST support expansion of volumes 23 | # * In older cluster versions, pods require restart when autoexpanding if Kubernetes feature gate 24 | # 'ExpandInUsePersistentVolumes' is false. See: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ 25 | # * Rempve keydbPvcDataSize 26 | # Autoexpansion: if storage available is less than 20% or 'keydbPvcDataAutoexpansionIncrementGib', adjust PVC storage size according to 'keydbPvcDataAutoexpansionIncrementGib' and 'keydbPvcDataAutoexpansionCapGib': 27 | ## Enable autoexpansion 28 | # keydbPvcDataAutoexpansion: true 29 | ## Every time autoexpansion is required, increment 5 GiB 30 | # keydbPvcDataAutoexpansionIncrementGib: 5 31 | ## But no more than 25 GiB 32 | # keydbPvcDataAutoexpansionCapGib: 25 33 | 34 | # Add extra keydb config 35 | keydbExtraConfig: | 36 | maxmemory 900mb 37 | maxmemory-policy allkeys-lru 38 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Stage to install krestomatio collection 2 | FROM quay.io/operator-framework/ansible-operator:v1.37.1 AS collection 3 | 4 | ## Install krestomatio collection 5 | ARG COLLECTION_FILE="krestomatio-k8s-master.tar.gz" 6 | ENV COLLECTION_FILE=$COLLECTION_FILE 7 | USER 0 8 | COPY $COLLECTION_FILE /tmp/$COLLECTION_FILE 9 | RUN ansible-galaxy collection install /tmp/${COLLECTION_FILE} 10 | 11 | # Stage to build operator container 12 | FROM quay.io/operator-framework/ansible-operator:v1.37.1 13 | 14 | ## Install kubectl 15 | ENV KUBECTL_VERSION="1.26.6" 16 | USER 0 17 | RUN echo "Installing kubectl version: ${KUBECTL_VERSION}..." && \ 18 | curl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')/kubectl -o /usr/local/bin/kubectl && \ 19 | chmod +x /usr/local/bin/kubectl 20 | USER 1001 21 | 22 | COPY requirements.yml ${HOME}/requirements.yml 23 | RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ 24 | && chmod -R ug+rwx ${HOME}/.ansible 25 | 26 | COPY watches.yaml ${HOME}/watches.yaml 27 | COPY playbooks/ ${HOME}/playbooks/ 28 | COPY inventory.yml ${HOME}/inventory.yml 29 | 30 | ENV ANSIBLE_INVENTORY=${HOME}/inventory.yml \ 31 | ANSIBLE_INVENTORY_ENABLED=auto,krestomatio.k8s.inventory 32 | 33 | # Install krestomatio collection 34 | COPY --from=collection --chown=1001:0 ${HOME}/.ansible/collections/ansible_collections/krestomatio ${HOME}/.ansible/collections/ansible_collections/krestomatio 35 | RUN pip install --user -r ${HOME}/.ansible/collections/ansible_collections/krestomatio/k8s/requirements.txt 36 | -------------------------------------------------------------------------------- /config/samples/keydb_v1alpha1_keydb.yaml: -------------------------------------------------------------------------------- 1 | ### camelCase 2 | --- 3 | apiVersion: keydb.krestomat.io/v1alpha1 4 | kind: Keydb 5 | metadata: 6 | name: keydb-sample 7 | spec: 8 | # keydbMode: one of 'standalone', 'multimaster', 'custom' 9 | # By default 'standalone' is 1 replica and 'multimaster' 3 10 | keydbMode: 'standalone' 11 | 12 | # Enable and assign a limit of 1Gi memory 13 | keydbResourceLimits: true 14 | keydbResourceLimitsCpu: 1 15 | keydbResourceLimitsMemory: 1Gi 16 | 17 | # Assign 1Gi for each replica persistent volume 18 | keydbPvcDataSize: 1Gi 19 | 20 | # Enable autoexpansion 21 | # IMPORTANT: 22 | # * Kubernetes cluster and pvc MUST support expansion of volumes 23 | # * In older cluster versions, pods require restart when autoexpanding if Kubernetes feature gate 24 | # 'ExpandInUsePersistentVolumes' is false. See: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ 25 | # * Rempve keydbPvcDataSize 26 | # Autoexpansion: if storage available is less than 20% or 'keydbPvcDataAutoexpansionIncrementGib', adjust PVC storage size according to 'keydbPvcDataAutoexpansionIncrementGib' and 'keydbPvcDataAutoexpansionCapGib': 27 | ## Enable autoexpansion 28 | # keydbPvcDataAutoexpansion: true 29 | ## Every time autoexpansion is required, increment 5 GiB 30 | # keydbPvcDataAutoexpansionIncrementGib: 5 31 | ## But no more than 25 GiB 32 | # keydbPvcDataAutoexpansionCapGib: 25 33 | 34 | # Add extra keydb config 35 | keydbExtraConfig: | 36 | maxmemory 900mb 37 | maxmemory-policy allkeys-lru 38 | 39 | # Default NetworkPolicy 40 | # keydbNetpolOmit: false 41 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: manager-role 6 | rules: 7 | ## 8 | ## Base operator rules 9 | ## 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | - secrets 15 | - pods 16 | - pods/exec 17 | - pods/log 18 | - persistentvolumeclaims 19 | - services 20 | verbs: 21 | - create 22 | - delete 23 | - get 24 | - list 25 | - patch 26 | - update 27 | - watch 28 | - apiGroups: 29 | - apps 30 | resources: 31 | - statefulsets 32 | verbs: 33 | - create 34 | - delete 35 | - get 36 | - list 37 | - patch 38 | - update 39 | - watch 40 | - apiGroups: 41 | - networking.k8s.io 42 | resources: 43 | - networkpolicies 44 | verbs: 45 | - create 46 | - delete 47 | - get 48 | - list 49 | - patch 50 | - update 51 | - watch 52 | ## 53 | ## Rules for pod autoscalers 54 | ## 55 | - apiGroups: 56 | - autoscaling.k8s.io 57 | resources: 58 | - verticalpodautoscalers 59 | verbs: 60 | - create 61 | - delete 62 | - get 63 | - list 64 | - patch 65 | - update 66 | - watch 67 | ## 68 | ## Rules for keydb.krestomat.io/v1alpha1, Kind: Keydb 69 | ## 70 | - apiGroups: 71 | - keydb.krestomat.io 72 | resources: 73 | - keydbs 74 | - keydbs/status 75 | - keydbs/finalizers 76 | verbs: 77 | - create 78 | - delete 79 | - get 80 | - list 81 | - patch 82 | - update 83 | - watch 84 | # +kubebuilder:scaffold:rules 85 | -------------------------------------------------------------------------------- /bundle/tests/scorecard/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: 8 | - entrypoint: 9 | - scorecard-test 10 | - basic-check-spec 11 | image: quay.io/operator-framework/scorecard-test:v1.39.1 12 | labels: 13 | suite: basic 14 | test: basic-check-spec-test 15 | storage: 16 | spec: 17 | mountPath: {} 18 | - entrypoint: 19 | - scorecard-test 20 | - olm-bundle-validation 21 | image: quay.io/operator-framework/scorecard-test:v1.39.1 22 | labels: 23 | suite: olm 24 | test: olm-bundle-validation-test 25 | storage: 26 | spec: 27 | mountPath: {} 28 | - entrypoint: 29 | - scorecard-test 30 | - olm-crds-have-validation 31 | image: quay.io/operator-framework/scorecard-test:v1.39.1 32 | labels: 33 | suite: olm 34 | test: olm-crds-have-validation-test 35 | storage: 36 | spec: 37 | mountPath: {} 38 | - entrypoint: 39 | - scorecard-test 40 | - olm-crds-have-resources 41 | image: quay.io/operator-framework/scorecard-test:v1.39.1 42 | labels: 43 | suite: olm 44 | test: olm-crds-have-resources-test 45 | storage: 46 | spec: 47 | mountPath: {} 48 | - entrypoint: 49 | - scorecard-test 50 | - olm-spec-descriptors 51 | image: quay.io/operator-framework/scorecard-test:v1.39.1 52 | labels: 53 | suite: olm 54 | test: olm-spec-descriptors-test 55 | storage: 56 | spec: 57 | mountPath: {} 58 | - entrypoint: 59 | - scorecard-test 60 | - olm-status-descriptors 61 | image: quay.io/operator-framework/scorecard-test:v1.39.1 62 | labels: 63 | suite: olm 64 | test: olm-status-descriptors-test 65 | storage: 66 | spec: 67 | mountPath: {} 68 | storage: 69 | spec: 70 | mountPath: {} 71 | -------------------------------------------------------------------------------- /.lighthouse/jenkins-x/lint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | creationTimestamp: null 5 | name: lint 6 | spec: 7 | workspaces: 8 | - name: shared-workspace 9 | volumeClaimTemplate: 10 | spec: 11 | storageClassName: local-path 12 | persistentVolumeReclaimPolicy: Delete 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 1Gi 18 | pipelineSpec: 19 | workspaces: 20 | - name: shared-workspace 21 | tasks: 22 | - name: git-clone-pr 23 | workspaces: 24 | - name: output 25 | workspace: shared-workspace 26 | taskRef: 27 | name: git-clone-pr 28 | params: 29 | - name: VERSION_MAKEFILE 30 | value: "true" 31 | - name: PROJECT_TIMESTAMP 32 | value: midnight 33 | - name: lint 34 | resources: {} 35 | runAfter: 36 | - git-clone-pr 37 | workspaces: 38 | - name: source 39 | workspace: shared-workspace 40 | taskSpec: 41 | metadata: {} 42 | workspaces: 43 | - name: source 44 | mountPath: /workspace 45 | stepTemplate: 46 | name: '' 47 | env: 48 | - name: HOME 49 | value: /workspace 50 | resources: 51 | limits: 52 | cpu: 400m 53 | memory: 512Mi 54 | requests: 55 | cpu: 50m 56 | memory: 32Mi 57 | workingDir: /workspace/source 58 | steps: 59 | - image: quay.io/krestomatio/ansible-operator-ci 60 | name: collection 61 | args: 62 | - collection-build 63 | command: 64 | - make 65 | resources: {} 66 | - image: quay.io/krestomatio/ansible-operator-ci 67 | name: lint 68 | args: 69 | - lint 70 | command: 71 | - make 72 | resources: {} 73 | podTemplate: {} 74 | serviceAccountName: tekton-bot 75 | timeout: 240h0m0s 76 | status: {} 77 | -------------------------------------------------------------------------------- /config/crd/bases/keydb.krestomat.io_keydbs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: keydbs.keydb.krestomat.io 6 | spec: 7 | group: keydb.krestomat.io 8 | names: 9 | kind: Keydb 10 | listKind: KeydbList 11 | plural: keydbs 12 | singular: keydb 13 | categories: 14 | - lms 15 | - database 16 | scope: Namespaced 17 | versions: 18 | - name: v1alpha1 19 | schema: 20 | openAPIV3Schema: 21 | description: Keydb is the Schema for the keydbs API 22 | properties: 23 | apiVersion: 24 | description: 'APIVersion defines the versioned schema of this representation 25 | of an object. Servers should convert recognized schemas to the latest 26 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 27 | type: string 28 | kind: 29 | description: 'Kind is a string value representing the REST resource this 30 | object represents. Servers may infer this from the endpoint the client 31 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 32 | type: string 33 | metadata: 34 | type: object 35 | spec: 36 | description: Spec defines the desired state of Keydb 37 | type: object 38 | x-kubernetes-preserve-unknown-fields: true 39 | status: 40 | description: Status defines the observed state of Keydb 41 | type: object 42 | x-kubernetes-preserve-unknown-fields: true 43 | type: object 44 | additionalPrinterColumns: 45 | - description: Age of the resource 46 | jsonPath: .metadata.creationTimestamp 47 | name: AGE 48 | type: date 49 | - description: Site status such as Unknown/SettingUp/Ready/Failed/Terminating 50 | etc 51 | jsonPath: .status.state 52 | name: STATUS 53 | type: string 54 | - description: Time of latest transition 55 | jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime 56 | name: SINCE 57 | type: date 58 | - description: "KeyDB CR mode: one of 'standalone', 'multimaster', 'custom'" 59 | jsonPath: .spec.keydbMode 60 | name: MODE 61 | type: string 62 | - description: Generated service name to access CR 63 | jsonPath: .status.service 64 | name: SERVICE 65 | type: string 66 | served: true 67 | storage: true 68 | subresources: 69 | status: {} 70 | -------------------------------------------------------------------------------- /.lighthouse/jenkins-x/image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | creationTimestamp: null 5 | name: image 6 | spec: 7 | workspaces: 8 | - name: shared-workspace 9 | volumeClaimTemplate: 10 | spec: 11 | storageClassName: local-path 12 | persistentVolumeReclaimPolicy: Delete 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 1Gi 18 | pipelineSpec: 19 | workspaces: 20 | - name: shared-workspace 21 | tasks: 22 | - name: git-clone-pr 23 | workspaces: 24 | - name: output 25 | workspace: shared-workspace 26 | taskRef: 27 | name: git-clone-pr 28 | params: 29 | - name: VERSION_MAKEFILE 30 | value: "true" 31 | - name: PROJECT_TIMESTAMP 32 | value: midnight 33 | - name: multiarch-builder-config 34 | workspaces: 35 | - name: output 36 | workspace: shared-workspace 37 | taskRef: 38 | name: multiarch-builder-config 39 | - name: image 40 | resources: {} 41 | runAfter: 42 | - git-clone-pr 43 | - multiarch-builder-config 44 | workspaces: 45 | - name: source 46 | workspace: shared-workspace 47 | taskSpec: 48 | metadata: {} 49 | workspaces: 50 | - name: source 51 | mountPath: /workspace 52 | volumes: 53 | - name: shared 54 | persistentVolumeClaim: 55 | claimName: shared-0sd6j3-pvc 56 | stepTemplate: 57 | name: '' 58 | env: 59 | - name: HOME 60 | value: /workspace 61 | - name: DOCKER_CONTEXT 62 | value: multiarch-builder-amd64 63 | resources: 64 | limits: 65 | cpu: 400m 66 | memory: 512Mi 67 | requests: 68 | cpu: 50m 69 | memory: 32Mi 70 | workingDir: /workspace/source 71 | volumeMounts: 72 | - name: shared 73 | mountPath: /shared 74 | steps: 75 | - image: quay.io/krestomatio/ansible-operator-ci 76 | name: collection 77 | args: 78 | - collection-build 79 | command: 80 | - make 81 | resources: {} 82 | - image: quay.io/krestomatio/ansible-docker-ci 83 | name: image 84 | args: 85 | - multiarch-image 86 | command: 87 | - make 88 | resources: 89 | limits: 90 | cpu: 750m 91 | memory: 2048Mi 92 | requests: 93 | cpu: 0.1 94 | memory: 128Mi 95 | serviceAccountName: tekton-bot 96 | timeout: 240h0m0s 97 | status: {} 98 | -------------------------------------------------------------------------------- /bundle/manifests/keydb.krestomat.io_keydbs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | creationTimestamp: null 5 | name: keydbs.keydb.krestomat.io 6 | spec: 7 | group: keydb.krestomat.io 8 | names: 9 | categories: 10 | - lms 11 | - database 12 | kind: Keydb 13 | listKind: KeydbList 14 | plural: keydbs 15 | singular: keydb 16 | scope: Namespaced 17 | versions: 18 | - additionalPrinterColumns: 19 | - description: Age of the resource 20 | jsonPath: .metadata.creationTimestamp 21 | name: AGE 22 | type: date 23 | - description: Site status such as Unknown/SettingUp/Ready/Failed/Terminating 24 | etc 25 | jsonPath: .status.state 26 | name: STATUS 27 | type: string 28 | - description: Time of latest transition 29 | jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime 30 | name: SINCE 31 | type: date 32 | - description: 'KeyDB CR mode: one of ''standalone'', ''multimaster'', ''custom''' 33 | jsonPath: .spec.keydbMode 34 | name: MODE 35 | type: string 36 | - description: Generated service name to access CR 37 | jsonPath: .status.service 38 | name: SERVICE 39 | type: string 40 | name: v1alpha1 41 | schema: 42 | openAPIV3Schema: 43 | description: Keydb is the Schema for the keydbs API 44 | properties: 45 | apiVersion: 46 | description: 'APIVersion defines the versioned schema of this representation 47 | of an object. Servers should convert recognized schemas to the latest 48 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 49 | type: string 50 | kind: 51 | description: 'Kind is a string value representing the REST resource this 52 | object represents. Servers may infer this from the endpoint the client 53 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 54 | type: string 55 | metadata: 56 | type: object 57 | spec: 58 | description: Spec defines the desired state of Keydb 59 | type: object 60 | x-kubernetes-preserve-unknown-fields: true 61 | status: 62 | description: Status defines the observed state of Keydb 63 | type: object 64 | x-kubernetes-preserve-unknown-fields: true 65 | type: object 66 | served: true 67 | storage: true 68 | subresources: 69 | status: {} 70 | status: 71 | acceptedNames: 72 | kind: "" 73 | plural: "" 74 | conditions: null 75 | storedVersions: null 76 | -------------------------------------------------------------------------------- /.lighthouse/jenkins-x/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | creationTimestamp: null 5 | name: release 6 | spec: 7 | workspaces: 8 | - name: shared-workspace 9 | volumeClaimTemplate: 10 | spec: 11 | storageClassName: local-path 12 | persistentVolumeReclaimPolicy: Delete 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 1Gi 18 | pipelineSpec: 19 | workspaces: 20 | - name: shared-workspace 21 | tasks: 22 | - name: git-clone 23 | workspaces: 24 | - name: output 25 | workspace: shared-workspace 26 | taskRef: 27 | name: git-clone 28 | params: 29 | - name: VERSION_MAKEFILE 30 | value: "true" 31 | - name: PROJECT_TIMESTAMP 32 | value: midnight 33 | - name: multiarch-builder-config 34 | workspaces: 35 | - name: output 36 | workspace: shared-workspace 37 | taskRef: 38 | name: multiarch-builder-config 39 | - name: release 40 | resources: {} 41 | timeout: "2h0m0s" 42 | runAfter: 43 | - git-clone 44 | - multiarch-builder-config 45 | workspaces: 46 | - name: source 47 | workspace: shared-workspace 48 | taskSpec: 49 | metadata: {} 50 | workspaces: 51 | - name: source 52 | mountPath: /workspace 53 | stepTemplate: 54 | name: '' 55 | env: 56 | - name: HOME 57 | value: /workspace 58 | - name: DOCKER_CONTEXT 59 | value: multiarch-builder-amd64 60 | resources: 61 | limits: 62 | cpu: 400m 63 | memory: 512Mi 64 | requests: 65 | cpu: 50m 66 | memory: 32Mi 67 | workingDir: /workspace/source 68 | steps: 69 | - image: ghcr.io/jenkins-x/jx-changelog:0.0.47 70 | name: changelog 71 | resources: {} 72 | args: 73 | - changelog 74 | command: 75 | - make 76 | - image: quay.io/krestomatio/ansible-operator-ci 77 | name: release 78 | args: 79 | - release 80 | command: 81 | - make 82 | resources: 83 | requests: 84 | cpu: 0.1 85 | memory: 128Mi 86 | - image: quay.io/krestomatio/ansible-docker-ci 87 | name: bundle-catalog 88 | args: 89 | - bundle-catalog 90 | command: 91 | - make 92 | resources: 93 | requests: 94 | cpu: 0.1 95 | memory: 128Mi 96 | - image: quay.io/krestomatio/ansible-operator-ci 97 | name: promote 98 | resources: {} 99 | args: 100 | - promote 101 | command: 102 | - make 103 | podTemplate: 104 | nodeSelector: 105 | kubernetes.io/arch: amd64 106 | serviceAccountName: tekton-bot 107 | timeout: 240h0m0s 108 | status: {} 109 | -------------------------------------------------------------------------------- /.lighthouse/jenkins-x/k8s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | creationTimestamp: null 5 | name: k8s 6 | spec: 7 | workspaces: 8 | - name: shared-workspace 9 | volumeClaimTemplate: 10 | spec: 11 | storageClassName: local-path 12 | persistentVolumeReclaimPolicy: Delete 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 1Gi 18 | pipelineSpec: 19 | workspaces: 20 | - name: shared-workspace 21 | tasks: 22 | - name: git-clone-pr 23 | workspaces: 24 | - name: output 25 | workspace: shared-workspace 26 | taskRef: 27 | name: git-clone-pr 28 | params: 29 | - name: VERSION_MAKEFILE 30 | value: "true" 31 | - name: PROJECT_TIMESTAMP 32 | value: midnight 33 | - name: multiarch-builder-config 34 | workspaces: 35 | - name: output 36 | workspace: shared-workspace 37 | taskRef: 38 | name: multiarch-builder-config 39 | - name: k8s 40 | resources: {} 41 | runAfter: 42 | - git-clone-pr 43 | - multiarch-builder-config 44 | workspaces: 45 | - name: source 46 | workspace: shared-workspace 47 | taskSpec: 48 | metadata: {} 49 | workspaces: 50 | - name: source 51 | mountPath: /workspace 52 | volumes: 53 | - name: shared 54 | persistentVolumeClaim: 55 | claimName: shared-0sd6j3-pvc 56 | stepTemplate: 57 | name: '' 58 | env: 59 | - name: HOME 60 | value: /workspace 61 | - name: DOCKER_CONTEXT 62 | value: multiarch-builder-amd64 63 | resources: 64 | limits: 65 | cpu: 400m 66 | memory: 512Mi 67 | requests: 68 | cpu: 50m 69 | memory: 32Mi 70 | workingDir: /workspace/source 71 | volumeMounts: 72 | - name: shared 73 | mountPath: /shared 74 | steps: 75 | - image: quay.io/krestomatio/ansible-operator-ci 76 | name: collection 77 | args: 78 | - collection-build 79 | command: 80 | - make 81 | resources: {} 82 | - image: quay.io/krestomatio/ansible-docker-ci 83 | name: image 84 | args: 85 | - multiarch-image 86 | command: 87 | - make 88 | resources: 89 | limits: 90 | cpu: 750m 91 | memory: 2048Mi 92 | requests: 93 | cpu: 0.1 94 | memory: 128Mi 95 | - image: quay.io/krestomatio/ansible-operator-ci 96 | name: molecule 97 | args: 98 | - molecule 99 | command: 100 | - make 101 | resources: 102 | limits: 103 | cpu: 750m 104 | memory: 2048Mi 105 | requests: 106 | cpu: 0.1 107 | memory: 128Mi 108 | serviceAccountName: tekton-bot 109 | timeout: 240h0m0s 110 | status: {} 111 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Keydb Operator 2 | 3 | This operator simplifies the deployment and management of KeyDB, a high-performance, multi-threaded in-memory data store, within Kubernetes environments. It leverages the [KeyDB project](https://github.com/Snapchat/KeyDB) and offers two deployment configurations: 4 | 5 | * **Standalone Mode:** 6 | * Deploys a single KeyDB instance for basic use cases. 7 | * Suitable for scenarios where read/write performance is the primary concern. 8 | * **Multi-Master Mode:** 9 | * Deploys a cluster with multiple KeyDB instances configured for high availability and fault tolerance. 10 | * Enables read/write operations on all masters, providing redundancy and improved data availability. 11 | 12 | **Key Technologies:** 13 | 14 | * Kubernetes 15 | * Ansible Operator SDK 16 | * Keydb 17 | 18 | ## Installation 19 | 20 | **Important Note:** This Keydb Operator is currently in **Beta** stage. Proceed with caution in production deployments. 21 | 22 | 1. **Install Operator:** 23 | ```bash 24 | # Ensure prerequisites are met 25 | kubectl apply -k https://github.com/krestomatio/keydb-operator/config/default?ref=v0.3.28 26 | ``` 27 | 28 | 2. **Configure Keydb Instance:** 29 | - Download and modify [this sample](https://raw.githubusercontent.com/krestomatio/keydb-operator/v0.3.28/config/samples/keydb_v1alpha1_keydb.yaml) file to reflect your specific instance. This file defines the desired configuration for your KeyDB deployment, including the chosen mode (standalone or multi-master). 30 | ```bash 31 | curl -sSL 'https://raw.githubusercontent.com/krestomatio/keydb-operator/v0.3.28/config/samples/keydb_v1alpha1_keydb.yaml' -o keydb_v1alpha1_keydb.yaml 32 | # modify keydb_v1alpha1_keydb.yaml 33 | 34 | # for multimaster mode, use: 35 | # curl -sSL 'https://raw.githubusercontent.com/krestomatio/keydb-operator/v0.3.28/config/samples/keydb_v1alpha1_keydb_multimaster.yaml' -o keydb_v1alpha1_keydb.yaml 36 | ``` 37 | 38 | 3. **Deploy Keydb:** 39 | - Deploy a Keydb instance using the modified configuration: 40 | ```bash 41 | kubectl apply -f keydb_v1alpha1_keydb.yaml 42 | ``` 43 | 44 | 4. **Monitor Logs:** 45 | - Track the Keydb Operator logs for insights into the deployment process: 46 | ```bash 47 | kubectl -n keydb-operator-system logs -l control-plane=controller-manager -c manager -f 48 | ``` 49 | 50 | - Monitor the status of your deployed Keydb instance: 51 | ```bash 52 | kubectl get -f keydb_v1alpha1_keydb.yaml -w 53 | ``` 54 | 55 | ## Uninstall 56 | 57 | 1. **Delete Keydb Instance:** 58 | ```bash 59 | # Caution: This step leads to data loss. Proceed with caution. 60 | kubectl delete -f keydb_v1alpha1_keydb.yaml 61 | ``` 62 | 63 | 2. **Uninstall Operator:** 64 | ```bash 65 | kubectl delete -k https://github.com/krestomatio/keydb-operator/config/default?ref=v0.3.28 66 | ``` 67 | 68 | ## Configuration 69 | 70 | Keydb custom resource (CR) can be configure via its spec field. Keydb CR spec supports all the the variables in [v1alpha1.database.keydb ansible role](https://krestomatio.com/docs/ansible-collection-k8s/roles/v1alpha1.database.keydb/defaults/main/keydb) as fields. These variables can be specified directly in the Keydb CR YAML manifest file, allowing for customization of the Keydb instance during deployment. Refer to the official [v1alpha1.database.keydb ansible role documentation](https://krestomatio.com/docs/ansible-collection-k8s/roles/v1alpha1.database.keydb/) for a comprehensive list of supported fields. 71 | 72 | ## Contributing 73 | 74 | * Report bugs, request enhancements, or propose new features using GitHub issues. 75 | -------------------------------------------------------------------------------- /config/templates/docs/README.md.j2: -------------------------------------------------------------------------------- 1 | # Keydb Operator 2 | 3 | This operator simplifies the deployment and management of KeyDB, a high-performance, multi-threaded in-memory data store, within Kubernetes environments. It leverages the [KeyDB project](https://github.com/Snapchat/KeyDB) and offers two deployment configurations: 4 | 5 | * **Standalone Mode:** 6 | * Deploys a single KeyDB instance for basic use cases. 7 | * Suitable for scenarios where read/write performance is the primary concern. 8 | * **Multi-Master Mode:** 9 | * Deploys a cluster with multiple KeyDB instances configured for high availability and fault tolerance. 10 | * Enables read/write operations on all masters, providing redundancy and improved data availability. 11 | 12 | **Key Technologies:** 13 | 14 | * Kubernetes 15 | * Ansible Operator SDK 16 | * Keydb 17 | 18 | ## Installation 19 | 20 | **Important Note:** This Keydb Operator is currently in **Beta** stage. Proceed with caution in production deployments. 21 | 22 | 1. **Install Operator:** 23 | ```bash 24 | # Ensure prerequisites are met 25 | kubectl apply -k https://github.com/krestomatio/keydb-operator/config/default?ref=v{{ operator_version }} 26 | ``` 27 | 28 | 2. **Configure Keydb Instance:** 29 | - Download and modify [this sample](https://raw.githubusercontent.com/krestomatio/keydb-operator/v{{ operator_version }}/config/samples/keydb_v1alpha1_keydb.yaml) file to reflect your specific instance. This file defines the desired configuration for your KeyDB deployment, including the chosen mode (standalone or multi-master). 30 | ```bash 31 | curl -sSL 'https://raw.githubusercontent.com/krestomatio/keydb-operator/v{{ operator_version }}/config/samples/keydb_v1alpha1_keydb.yaml' -o keydb_v1alpha1_keydb.yaml 32 | # modify keydb_v1alpha1_keydb.yaml 33 | 34 | # for multimaster mode, use: 35 | # curl -sSL 'https://raw.githubusercontent.com/krestomatio/keydb-operator/v{{ operator_version }}/config/samples/keydb_v1alpha1_keydb_multimaster.yaml' -o keydb_v1alpha1_keydb.yaml 36 | ``` 37 | 38 | 3. **Deploy Keydb:** 39 | - Deploy a Keydb instance using the modified configuration: 40 | ```bash 41 | kubectl apply -f keydb_v1alpha1_keydb.yaml 42 | ``` 43 | 44 | 4. **Monitor Logs:** 45 | - Track the Keydb Operator logs for insights into the deployment process: 46 | ```bash 47 | kubectl -n keydb-operator-system logs -l control-plane=controller-manager -c manager -f 48 | ``` 49 | 50 | - Monitor the status of your deployed Keydb instance: 51 | ```bash 52 | kubectl get -f keydb_v1alpha1_keydb.yaml -w 53 | ``` 54 | 55 | ## Uninstall 56 | 57 | 1. **Delete Keydb Instance:** 58 | ```bash 59 | # Caution: This step leads to data loss. Proceed with caution. 60 | kubectl delete -f keydb_v1alpha1_keydb.yaml 61 | ``` 62 | 63 | 2. **Uninstall Operator:** 64 | ```bash 65 | kubectl delete -k https://github.com/krestomatio/keydb-operator/config/default?ref=v{{ operator_version }} 66 | ``` 67 | 68 | ## Configuration 69 | 70 | Keydb custom resource (CR) can be configure via its spec field. Keydb CR spec supports all the the variables in [v1alpha1.database.keydb ansible role](https://krestomatio.com/docs/ansible-collection-k8s/roles/v1alpha1.database.keydb/defaults/main/keydb) as fields. These variables can be specified directly in the Keydb CR YAML manifest file, allowing for customization of the Keydb instance during deployment. Refer to the official [v1alpha1.database.keydb ansible role documentation](https://krestomatio.com/docs/ansible-collection-k8s/roles/v1alpha1.database.keydb/) for a comprehensive list of supported fields. 71 | 72 | ## Contributing 73 | 74 | * Report bugs, request enhancements, or propose new features using GitHub issues. 75 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: keydb-operator 7 | app.kubernetes.io/managed-by: kustomize 8 | name: system 9 | --- 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | metadata: 13 | name: controller-manager 14 | namespace: system 15 | labels: 16 | control-plane: controller-manager 17 | app.kubernetes.io/name: keydb-operator 18 | app.kubernetes.io/managed-by: kustomize 19 | spec: 20 | selector: 21 | matchLabels: 22 | control-plane: controller-manager 23 | replicas: 1 24 | template: 25 | metadata: 26 | annotations: 27 | kubectl.kubernetes.io/default-container: manager 28 | labels: 29 | control-plane: controller-manager 30 | spec: 31 | # TODO(user): Uncomment the following code to configure the nodeAffinity expression 32 | # according to the platforms which are supported by your solution. 33 | # It is considered best practice to support multiple architectures. You can 34 | # build your manager image using the makefile target docker-buildx. 35 | # affinity: 36 | # nodeAffinity: 37 | # requiredDuringSchedulingIgnoredDuringExecution: 38 | # nodeSelectorTerms: 39 | # - matchExpressions: 40 | # - key: kubernetes.io/arch 41 | # operator: In 42 | # values: 43 | # - amd64 44 | # - arm64 45 | # - ppc64le 46 | # - s390x 47 | # - key: kubernetes.io/os 48 | # operator: In 49 | # values: 50 | # - linux 51 | securityContext: 52 | runAsNonRoot: true 53 | # TODO(user): For common cases that do not require escalating privileges 54 | # it is recommended to ensure that all your Pods/Containers are restrictive. 55 | # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted 56 | # Please uncomment the following code if your project does NOT have to work on old Kubernetes 57 | # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). 58 | # seccompProfile: 59 | # type: RuntimeDefault 60 | containers: 61 | - args: 62 | - --leader-elect 63 | - --leader-election-id=keydb-operator 64 | - --health-probe-bind-address=:6789 65 | image: controller:latest 66 | name: manager 67 | env: 68 | - name: ANSIBLE_GATHERING 69 | value: explicit 70 | securityContext: 71 | allowPrivilegeEscalation: false 72 | capabilities: 73 | drop: 74 | - "ALL" 75 | livenessProbe: 76 | httpGet: 77 | path: /healthz 78 | port: 6789 79 | initialDelaySeconds: 15 80 | periodSeconds: 20 81 | readinessProbe: 82 | httpGet: 83 | path: /readyz 84 | port: 6789 85 | initialDelaySeconds: 5 86 | periodSeconds: 10 87 | # TODO(user): Configure the resources accordingly based on the project requirements. 88 | # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 89 | resources: 90 | limits: 91 | cpu: 1 92 | memory: 2Gi 93 | requests: 94 | cpu: 10m 95 | memory: 20Mi 96 | serviceAccountName: controller-manager 97 | terminationGracePeriodSeconds: 10 98 | -------------------------------------------------------------------------------- /config/manifests/bases/keydb-operator.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: '[]' 6 | capabilities: Seamless Upgrades 7 | categories: Database 8 | containerImage: quay.io/krestomatio/keydb-operator 9 | description: |- 10 | This operator simplifies Keydb deployments in Kubernetes by leveraging 11 | the Ansible Operator SDK for automation 12 | repository: https://github.com/krestomatio/keydb-operator 13 | labels: 14 | operatorframework.io/arch.amd64: supported 15 | operatorframework.io/arch.arm64: supported 16 | operatorframework.io/os.linux: supported 17 | name: keydb-operator.v0.0.0 18 | namespace: placeholder 19 | spec: 20 | apiservicedefinitions: {} 21 | customresourcedefinitions: {} 22 | description: |- 23 | This operator simplifies Keydb deployments in Kubernetes by leveraging 24 | the Ansible Operator SDK for automation 25 | displayName: Keydb Operator 26 | icon: 27 | - base64data: |- 28 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcK 29 | ICAgdmVyc2lvbj0iMS4xIgogICBpZD0iTGF5ZXJfMSIKICAgeD0iMHB4IgogICB5PSIwcHgiCiAgIHZp 30 | ZXdCb3g9IjAgMCAxMDAwIDk5OS45OTk5NyIKICAgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIKICAgc29kaXBv 31 | ZGk6ZG9jbmFtZT0ibG9nb19pY29uX3NxdWFyZS5zdmciCiAgIGlua3NjYXBlOnZlcnNpb249IjEuMy4y 32 | ICgwOTFlMjBlZjBmLCAyMDIzLTExLTI1KSIKICAgd2lkdGg9IjEwMDAiCiAgIGhlaWdodD0iMTAwMCIK 33 | ICAgeG1sbnM6aW5rc2NhcGU9Imh0dHA6Ly93d3cuaW5rc2NhcGUub3JnL25hbWVzcGFjZXMvaW5rc2Nh 34 | cGUiCiAgIHhtbG5zOnNvZGlwb2RpPSJodHRwOi8vc29kaXBvZGkuc291cmNlZm9yZ2UubmV0L0RURC9z 35 | b2RpcG9kaS0wLmR0ZCIKICAgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxu 36 | czpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cu 37 | dzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOmNjPSJodHRwOi8vY3JlYXRp 38 | dmVjb21tb25zLm9yZy9ucyMiCiAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMv 39 | MS4xLyI+PG1ldGFkYXRhCiAgIGlkPSJtZXRhZGF0YTExMyI+PHJkZjpSREY+PGNjOldvcmsKICAgICAg 40 | IHJkZjphYm91dD0iIj48ZGM6Zm9ybWF0PmltYWdlL3N2Zyt4bWw8L2RjOmZvcm1hdD48ZGM6dHlwZQog 41 | ICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdl 42 | IiAvPjwvY2M6V29yaz48L3JkZjpSREY+PC9tZXRhZGF0YT48ZGVmcwogICBpZD0iZGVmczExMSIgLz48 43 | c29kaXBvZGk6bmFtZWR2aWV3CiAgIHBhZ2Vjb2xvcj0iI2ZmZmZmZiIKICAgYm9yZGVyY29sb3I9IiM2 44 | NjY2NjYiCiAgIGJvcmRlcm9wYWNpdHk9IjEiCiAgIG9iamVjdHRvbGVyYW5jZT0iMTAiCiAgIGdyaWR0 45 | b2xlcmFuY2U9IjEwIgogICBndWlkZXRvbGVyYW5jZT0iMTAiCiAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5 46 | PSIwIgogICBpbmtzY2FwZTpwYWdlc2hhZG93PSIyIgogICBpbmtzY2FwZTp3aW5kb3ctd2lkdGg9IjE5 47 | MjAiCiAgIGlua3NjYXBlOndpbmRvdy1oZWlnaHQ9IjExMTUiCiAgIGlkPSJuYW1lZHZpZXcxMDkiCiAg 48 | IHNob3dncmlkPSJmYWxzZSIKICAgaW5rc2NhcGU6em9vbT0iMC41MDA4Nzc4NCIKICAgaW5rc2NhcGU6 49 | Y3g9IjIyMy42MDc0MiIKICAgaW5rc2NhcGU6Y3k9IjU1OC4wMjAyOSIKICAgaW5rc2NhcGU6d2luZG93 50 | LXg9IjAiCiAgIGlua3NjYXBlOndpbmRvdy15PSIwIgogICBpbmtzY2FwZTp3aW5kb3ctbWF4aW1pemVk 51 | PSIxIgogICBpbmtzY2FwZTpjdXJyZW50LWxheWVyPSJMYXllcl8xIgogICBpbmtzY2FwZTpzaG93cGFn 52 | ZXNoYWRvdz0iMiIKICAgaW5rc2NhcGU6cGFnZWNoZWNrZXJib2FyZD0iMCIKICAgaW5rc2NhcGU6ZGVz 53 | a2NvbG9yPSIjZDFkMWQxIiAvPgo8c3R5bGUKICAgdHlwZT0idGV4dC9jc3MiCiAgIGlkPSJzdHlsZTIi 54 | PgoJLnN0MHtlbmFibGUtYmFja2dyb3VuZDpuZXcgICAgO30KCS5zdDF7ZmlsbDojMzczNjRFO30KCS5z 55 | dDJ7ZmlsbDojRjI2NzJDO30KPC9zdHlsZT4KCjxnCiAgIGlkPSJnNDQiCiAgIHRyYW5zZm9ybT0ibWF0 56 | cml4KDEwLjMyNTAwNiwwLDAsMTAuNzk2Nzg3LC0xMDg2LjEwOTIsLTM2NC4wMjcwOSkiPgoJPGcKICAg 57 | aWQ9ImczMCI+CgkJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNjkuNjIsODEuMjMgMTcuNTks 58 | MTguNzYgYyAwLjY4LDAuNzIgMC4xNywxLjkxIC0wLjgzLDEuOTEgaCAtMTAuODQgYyAtMC4zMSwwIC0w 59 | LjYxLC0wLjEzIC0wLjgyLC0wLjM2IEwgMTU5LjU2LDg1LjQ3IgogICBpZD0icGF0aDI4IiAvPgoJPC9n 60 | PgoJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNjIuOTcsNTguNDcgLTcuMDUsNi43OSBjIC0w 61 | LjIyLDAuMjEgLTAuMzUsMC41MSAtMC4zNSwwLjgxIHYgMTQuNTkgYyAwLDAuOTkgMS4xNywxLjUgMS45 62 | LDAuODMgbCA3LjA1LC02LjQ4IGMgMC4yMywtMC4yMSAwLjM3LC0wLjUyIDAuMzcsLTAuODMgdiAtMTQu 63 | OSBjIC0wLjAxLC0wLjk5IC0xLjIsLTEuNSAtMS45MiwtMC44MSB6IgogICBpZD0icGF0aDMyIiAvPgoJ 64 | PHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxODYuOCw3My45MiAtMjkuMzMsMjYuMzYgYyAtMC43 65 | MywwLjY1IC0xLjg5LDAuMTQgLTEuODksLTAuODQgdiAtOS44MiBjIDAsLTAuMzIgMC4xMywtMC42MiAw 66 | LjM3LC0wLjg0IGwgMTguMDksLTE2LjU0IGMgMC4yMSwtMC4xOSAwLjQ4LC0wLjMgMC43NiwtMC4zIGgg 67 | MTEuMjQgYyAxLjA0LDAuMDEgMS41MywxLjI5IDAuNzYsMS45OCB6IgogICBpZD0icGF0aDM0IiAvPgoJ 68 | PGcKICAgaWQ9ImczOCI+CgkJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNDcuNjcsODUuNDcg 69 | LTE1LjE2LDE2LjA3IGMgLTAuMjEsMC4yMyAtMC41MSwwLjM2IC0wLjgyLDAuMzYgaCAtMTAuODQgYyAt 70 | MC45OSwwIC0xLjUsLTEuMTggLTAuODMsLTEuOTEgbCAxNy41OSwtMTguNzYiCiAgIGlkPSJwYXRoMzYi 71 | IC8+Cgk8L2c+Cgk8cGF0aAogICBjbGFzcz0ic3QyIgogICBkPSJtIDE0NC4yNyw1OC40NyA3LjA1LDYu 72 | NzkgYyAwLjIyLDAuMjEgMC4zNSwwLjUxIDAuMzUsMC44MSB2IDE0LjU5IGMgMCwwLjk5IC0xLjE3LDEu 73 | NSAtMS45LDAuODMgbCAtNy4wNSwtNi40OCBjIC0wLjIzLC0wLjIxIC0wLjM3LC0wLjUyIC0wLjM3LC0w 74 | LjgzIHYgLTE0LjkgYyAwLjAxLC0wLjk5IDEuMjEsLTEuNSAxLjkyLC0wLjgxIHoiCiAgIGlkPSJwYXRo 75 | NDAiIC8+Cgk8cGF0aAogICBjbGFzcz0ic3QyIgogICBkPSJtIDEyMC40NSw3My45MiAyOS4zMywyNi4z 76 | NiBjIDAuNzMsMC42NSAxLjg5LDAuMTQgMS44OSwtMC44NCB2IC05LjgyIGMgMCwtMC4zMiAtMC4xMywt 77 | MC42MiAtMC4zNywtMC44NCBMIDEzMy4yMSw3Mi4yNCBjIC0wLjIxLC0wLjE5IC0wLjQ4LC0wLjMgLTAu 78 | NzYsLTAuMyBIIDEyMS4yIGMgLTEuMDQsMC4wMSAtMS41MywxLjI5IC0wLjc1LDEuOTggeiIKICAgaWQ9 79 | InBhdGg0MiIgLz4KPC9nPgoKPC9zdmc+Cg== 80 | mediatype: image/svg+xml 81 | install: 82 | spec: 83 | deployments: null 84 | strategy: "" 85 | installModes: 86 | - supported: false 87 | type: OwnNamespace 88 | - supported: false 89 | type: SingleNamespace 90 | - supported: false 91 | type: MultiNamespace 92 | - supported: true 93 | type: AllNamespaces 94 | keywords: 95 | - keydb 96 | - database 97 | links: 98 | - name: Keydb Operator 99 | url: https://krestomatio.com/docs/keydb-operator 100 | - name: Keydb Image 101 | url: https://krestomatio.com/docs/container-builder/keydb 102 | - name: Keydb Repo 103 | url: https://github.com/Snapchat/KeyDB 104 | - name: Keydb Docs 105 | url: https://docs.keydb.dev 106 | maintainers: 107 | - email: jobcespedes@krestomatio.com 108 | name: Job Cespedes Ortiz 109 | maturity: alpha 110 | minKubeVersion: 1.26.0 111 | provider: 112 | name: Krestomatio 113 | url: https://krestomatio.com 114 | version: 0.0.0 115 | -------------------------------------------------------------------------------- /Makefile-dist.mk: -------------------------------------------------------------------------------- 1 | # VERSION defines the project version for the bundle. 2 | # Update this value when you upgrade the version of your project. 3 | # To re-generate a bundle for another specific version without changing the standard setup, you can: 4 | # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) 5 | # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) 6 | VERSION ?= 0.0.1 7 | 8 | # CHANNELS define the bundle channels used in the bundle. 9 | # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") 10 | # To re-generate a bundle for other specific channels without changing the standard setup, you can: 11 | # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) 12 | # - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") 13 | ifneq ($(origin CHANNELS), undefined) 14 | BUNDLE_CHANNELS := --channels=$(CHANNELS) 15 | endif 16 | 17 | # DEFAULT_CHANNEL defines the default channel used in the bundle. 18 | # Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") 19 | # To re-generate a bundle for any other default channel without changing the default setup, you can: 20 | # - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) 21 | # - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") 22 | ifneq ($(origin DEFAULT_CHANNEL), undefined) 23 | BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) 24 | endif 25 | BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) 26 | 27 | # IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. 28 | # This variable is used to construct full image tags for bundle and catalog images. 29 | # 30 | # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both 31 | # krestomat.io/keydb-operator-bundle:$VERSION and krestomat.io/keydb-operator-catalog:$VERSION. 32 | IMAGE_TAG_BASE ?= krestomat.io/keydb-operator 33 | 34 | # BUNDLE_IMG defines the image:tag used for the bundle. 35 | # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) 36 | BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) 37 | 38 | # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command 39 | BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) 40 | 41 | # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests 42 | # You can enable this value if you would like to use SHA Based Digests 43 | # To enable set flag to true 44 | USE_IMAGE_DIGESTS ?= false 45 | ifeq ($(USE_IMAGE_DIGESTS), true) 46 | BUNDLE_GEN_FLAGS += --use-image-digests 47 | endif 48 | 49 | # Set the Operator SDK version to use. By default, what is installed on the system is used. 50 | # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. 51 | OPERATOR_SDK_VERSION ?= v1.39.1 52 | 53 | # Image URL to use all building/pushing image targets 54 | IMG ?= controller:latest 55 | 56 | .PHONY: all 57 | all: docker-build 58 | 59 | ##@ General 60 | 61 | # The help target prints out all targets with their descriptions organized 62 | # beneath their categories. The categories are represented by '##@' and the 63 | # target descriptions by '##'. The awk commands is responsible for reading the 64 | # entire set of makefiles included in this invocation, looking for lines of the 65 | # file as xyz: ## something, and then pretty-format the target and help. Then, 66 | # if there's a line with ##@ something, that gets pretty-printed as a category. 67 | # More info on the usage of ANSI control characters for terminal formatting: 68 | # https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters 69 | # More info on the awk command: 70 | # http://linuxcommand.org/lc3_adv_awk.php 71 | 72 | .PHONY: help 73 | help: ## Display this help. 74 | @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) 75 | 76 | ##@ Build 77 | 78 | .PHONY: run 79 | ANSIBLE_ROLES_PATH?="$(shell pwd)/roles" 80 | run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config 81 | $(ANSIBLE_OPERATOR) run 82 | 83 | .PHONY: docker-build 84 | docker-build: ## Build docker image with the manager. 85 | docker build -t ${IMG} . 86 | 87 | .PHONY: docker-push 88 | docker-push: ## Push docker image with the manager. 89 | docker push ${IMG} 90 | 91 | # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple 92 | # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: 93 | # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ 94 | # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ 95 | # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) 96 | # To properly provided solutions that supports more than one platform you should use this option. 97 | PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le 98 | .PHONY: docker-buildx 99 | docker-buildx: ## Build and push docker image for the manager for cross-platform support 100 | - docker buildx create --name project-v3-builder 101 | docker buildx use project-v3-builder 102 | - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . 103 | - docker buildx rm project-v3-builder 104 | 105 | ##@ Deployment 106 | 107 | .PHONY: install 108 | install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. 109 | $(KUSTOMIZE) build config/crd | kubectl apply -f - 110 | 111 | .PHONY: uninstall 112 | uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. 113 | $(KUSTOMIZE) build config/crd | kubectl delete -f - 114 | 115 | .PHONY: deploy 116 | deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. 117 | cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} 118 | $(KUSTOMIZE) build config/default | kubectl apply -f - 119 | 120 | .PHONY: undeploy 121 | undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. 122 | $(KUSTOMIZE) build config/default | kubectl delete -f - 123 | 124 | OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') 125 | ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') 126 | 127 | .PHONY: kustomize 128 | KUSTOMIZE = $(shell pwd)/bin/kustomize 129 | kustomize: ## Download kustomize locally if necessary. 130 | ifeq (,$(wildcard $(KUSTOMIZE))) 131 | ifeq (,$(shell which kustomize 2>/dev/null)) 132 | @{ \ 133 | set -e ;\ 134 | mkdir -p $(dir $(KUSTOMIZE)) ;\ 135 | curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.4.3/kustomize_v5.4.3_$(OS)_$(ARCH).tar.gz | \ 136 | tar xzf - -C bin/ ;\ 137 | } 138 | else 139 | KUSTOMIZE = $(shell which kustomize) 140 | endif 141 | endif 142 | 143 | .PHONY: ansible-operator 144 | ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator 145 | ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. 146 | ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) 147 | ifeq (,$(shell which ansible-operator 2>/dev/null)) 148 | @{ \ 149 | set -e ;\ 150 | mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ 151 | curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.37.1/ansible-operator_$(OS)_$(ARCH) ;\ 152 | chmod +x $(ANSIBLE_OPERATOR) ;\ 153 | } 154 | else 155 | ANSIBLE_OPERATOR = $(shell which ansible-operator) 156 | endif 157 | endif 158 | 159 | .PHONY: operator-sdk 160 | OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk 161 | operator-sdk: ## Download operator-sdk locally if necessary. 162 | ifeq (,$(wildcard $(OPERATOR_SDK))) 163 | ifeq (, $(shell which operator-sdk 2>/dev/null)) 164 | @{ \ 165 | set -e ;\ 166 | mkdir -p $(dir $(OPERATOR_SDK)) ;\ 167 | curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(OS)_$(ARCH) ;\ 168 | chmod +x $(OPERATOR_SDK) ;\ 169 | } 170 | else 171 | OPERATOR_SDK = $(shell which operator-sdk) 172 | endif 173 | endif 174 | 175 | .PHONY: bundle 176 | bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. 177 | $(OPERATOR_SDK) generate kustomize manifests -q 178 | cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) 179 | $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) 180 | $(OPERATOR_SDK) bundle validate ./bundle 181 | 182 | .PHONY: bundle-build 183 | bundle-build: ## Build the bundle image. 184 | docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . 185 | 186 | .PHONY: bundle-push 187 | bundle-push: ## Push the bundle image. 188 | $(MAKE) docker-push IMG=$(BUNDLE_IMG) 189 | 190 | .PHONY: opm 191 | OPM = $(LOCALBIN)/opm 192 | opm: ## Download opm locally if necessary. 193 | ifeq (,$(wildcard $(OPM))) 194 | ifeq (,$(shell which opm 2>/dev/null)) 195 | @{ \ 196 | set -e ;\ 197 | mkdir -p $(dir $(OPM)) ;\ 198 | curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCH)-opm ;\ 199 | chmod +x $(OPM) ;\ 200 | } 201 | else 202 | OPM = $(shell which opm) 203 | endif 204 | endif 205 | 206 | # A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). 207 | # These images MUST exist in a registry and be pull-able. 208 | BUNDLE_IMGS ?= $(BUNDLE_IMG) 209 | 210 | # The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). 211 | CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) 212 | 213 | # Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. 214 | ifneq ($(origin CATALOG_BASE_IMG), undefined) 215 | FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) 216 | endif 217 | 218 | # Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. 219 | # This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: 220 | # https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator 221 | .PHONY: catalog-build 222 | catalog-build: opm ## Build a catalog image. 223 | $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) 224 | 225 | # Push the catalog image. 226 | .PHONY: catalog-push 227 | catalog-push: ## Push a catalog image. 228 | $(MAKE) docker-push IMG=$(CATALOG_IMG) 229 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2020 Krestomatio 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /bundle/manifests/keydb-operator.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: |- 6 | [ 7 | { 8 | "apiVersion": "keydb.krestomat.io/v1alpha1", 9 | "kind": "Keydb", 10 | "metadata": { 11 | "name": "keydb-sample" 12 | }, 13 | "spec": { 14 | "keydbExtraConfig": "maxmemory 900mb\nmaxmemory-policy allkeys-lru\n", 15 | "keydbMode": "standalone", 16 | "keydbPvcDataSize": "1Gi", 17 | "keydbResourceLimits": true, 18 | "keydbResourceLimitsCpu": 1, 19 | "keydbResourceLimitsMemory": "1Gi" 20 | } 21 | }, 22 | { 23 | "apiVersion": "keydb.krestomat.io/v1alpha1", 24 | "kind": "Keydb", 25 | "metadata": { 26 | "name": "keydb-sample-multimaster" 27 | }, 28 | "spec": { 29 | "keydbExtraConfig": "maxmemory 900mb\nmaxmemory-policy allkeys-lru\n", 30 | "keydbMode": "multimaster", 31 | "keydbPvcDataSize": "1Gi", 32 | "keydbResourceLimits": true, 33 | "keydbResourceLimitsCpu": 1, 34 | "keydbResourceLimitsMemory": "1Gi" 35 | } 36 | } 37 | ] 38 | capabilities: Seamless Upgrades 39 | categories: Database 40 | containerImage: quay.io/krestomatio/keydb-operator:0.3.28 41 | createdAt: "2025-09-09T06:57:25Z" 42 | description: |- 43 | This operator simplifies Keydb deployments in Kubernetes by leveraging 44 | the Ansible Operator SDK for automation 45 | operators.operatorframework.io/builder: operator-sdk-v1.39.1 46 | operators.operatorframework.io/project_layout: ansible.sdk.operatorframework.io/v1 47 | repository: https://github.com/krestomatio/keydb-operator 48 | labels: 49 | operatorframework.io/arch.amd64: supported 50 | operatorframework.io/arch.arm64: supported 51 | operatorframework.io/os.linux: supported 52 | name: keydb-operator.v0.3.28 53 | namespace: placeholder 54 | spec: 55 | apiservicedefinitions: {} 56 | customresourcedefinitions: 57 | owned: 58 | - kind: Keydb 59 | name: keydbs.keydb.krestomat.io 60 | version: v1alpha1 61 | description: |- 62 | This operator simplifies Keydb deployments in Kubernetes by leveraging 63 | the Ansible Operator SDK for automation 64 | displayName: Keydb Operator 65 | icon: 66 | - base64data: |- 67 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcK 68 | ICAgdmVyc2lvbj0iMS4xIgogICBpZD0iTGF5ZXJfMSIKICAgeD0iMHB4IgogICB5PSIwcHgiCiAgIHZp 69 | ZXdCb3g9IjAgMCAxMDAwIDk5OS45OTk5NyIKICAgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIKICAgc29kaXBv 70 | ZGk6ZG9jbmFtZT0ibG9nb19pY29uX3NxdWFyZS5zdmciCiAgIGlua3NjYXBlOnZlcnNpb249IjEuMy4y 71 | ICgwOTFlMjBlZjBmLCAyMDIzLTExLTI1KSIKICAgd2lkdGg9IjEwMDAiCiAgIGhlaWdodD0iMTAwMCIK 72 | ICAgeG1sbnM6aW5rc2NhcGU9Imh0dHA6Ly93d3cuaW5rc2NhcGUub3JnL25hbWVzcGFjZXMvaW5rc2Nh 73 | cGUiCiAgIHhtbG5zOnNvZGlwb2RpPSJodHRwOi8vc29kaXBvZGkuc291cmNlZm9yZ2UubmV0L0RURC9z 74 | b2RpcG9kaS0wLmR0ZCIKICAgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxu 75 | czpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cu 76 | dzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOmNjPSJodHRwOi8vY3JlYXRp 77 | dmVjb21tb25zLm9yZy9ucyMiCiAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMv 78 | MS4xLyI+PG1ldGFkYXRhCiAgIGlkPSJtZXRhZGF0YTExMyI+PHJkZjpSREY+PGNjOldvcmsKICAgICAg 79 | IHJkZjphYm91dD0iIj48ZGM6Zm9ybWF0PmltYWdlL3N2Zyt4bWw8L2RjOmZvcm1hdD48ZGM6dHlwZQog 80 | ICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdl 81 | IiAvPjwvY2M6V29yaz48L3JkZjpSREY+PC9tZXRhZGF0YT48ZGVmcwogICBpZD0iZGVmczExMSIgLz48 82 | c29kaXBvZGk6bmFtZWR2aWV3CiAgIHBhZ2Vjb2xvcj0iI2ZmZmZmZiIKICAgYm9yZGVyY29sb3I9IiM2 83 | NjY2NjYiCiAgIGJvcmRlcm9wYWNpdHk9IjEiCiAgIG9iamVjdHRvbGVyYW5jZT0iMTAiCiAgIGdyaWR0 84 | b2xlcmFuY2U9IjEwIgogICBndWlkZXRvbGVyYW5jZT0iMTAiCiAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5 85 | PSIwIgogICBpbmtzY2FwZTpwYWdlc2hhZG93PSIyIgogICBpbmtzY2FwZTp3aW5kb3ctd2lkdGg9IjE5 86 | MjAiCiAgIGlua3NjYXBlOndpbmRvdy1oZWlnaHQ9IjExMTUiCiAgIGlkPSJuYW1lZHZpZXcxMDkiCiAg 87 | IHNob3dncmlkPSJmYWxzZSIKICAgaW5rc2NhcGU6em9vbT0iMC41MDA4Nzc4NCIKICAgaW5rc2NhcGU6 88 | Y3g9IjIyMy42MDc0MiIKICAgaW5rc2NhcGU6Y3k9IjU1OC4wMjAyOSIKICAgaW5rc2NhcGU6d2luZG93 89 | LXg9IjAiCiAgIGlua3NjYXBlOndpbmRvdy15PSIwIgogICBpbmtzY2FwZTp3aW5kb3ctbWF4aW1pemVk 90 | PSIxIgogICBpbmtzY2FwZTpjdXJyZW50LWxheWVyPSJMYXllcl8xIgogICBpbmtzY2FwZTpzaG93cGFn 91 | ZXNoYWRvdz0iMiIKICAgaW5rc2NhcGU6cGFnZWNoZWNrZXJib2FyZD0iMCIKICAgaW5rc2NhcGU6ZGVz 92 | a2NvbG9yPSIjZDFkMWQxIiAvPgo8c3R5bGUKICAgdHlwZT0idGV4dC9jc3MiCiAgIGlkPSJzdHlsZTIi 93 | PgoJLnN0MHtlbmFibGUtYmFja2dyb3VuZDpuZXcgICAgO30KCS5zdDF7ZmlsbDojMzczNjRFO30KCS5z 94 | dDJ7ZmlsbDojRjI2NzJDO30KPC9zdHlsZT4KCjxnCiAgIGlkPSJnNDQiCiAgIHRyYW5zZm9ybT0ibWF0 95 | cml4KDEwLjMyNTAwNiwwLDAsMTAuNzk2Nzg3LC0xMDg2LjEwOTIsLTM2NC4wMjcwOSkiPgoJPGcKICAg 96 | aWQ9ImczMCI+CgkJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNjkuNjIsODEuMjMgMTcuNTks 97 | MTguNzYgYyAwLjY4LDAuNzIgMC4xNywxLjkxIC0wLjgzLDEuOTEgaCAtMTAuODQgYyAtMC4zMSwwIC0w 98 | LjYxLC0wLjEzIC0wLjgyLC0wLjM2IEwgMTU5LjU2LDg1LjQ3IgogICBpZD0icGF0aDI4IiAvPgoJPC9n 99 | PgoJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNjIuOTcsNTguNDcgLTcuMDUsNi43OSBjIC0w 100 | LjIyLDAuMjEgLTAuMzUsMC41MSAtMC4zNSwwLjgxIHYgMTQuNTkgYyAwLDAuOTkgMS4xNywxLjUgMS45 101 | LDAuODMgbCA3LjA1LC02LjQ4IGMgMC4yMywtMC4yMSAwLjM3LC0wLjUyIDAuMzcsLTAuODMgdiAtMTQu 102 | OSBjIC0wLjAxLC0wLjk5IC0xLjIsLTEuNSAtMS45MiwtMC44MSB6IgogICBpZD0icGF0aDMyIiAvPgoJ 103 | PHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxODYuOCw3My45MiAtMjkuMzMsMjYuMzYgYyAtMC43 104 | MywwLjY1IC0xLjg5LDAuMTQgLTEuODksLTAuODQgdiAtOS44MiBjIDAsLTAuMzIgMC4xMywtMC42MiAw 105 | LjM3LC0wLjg0IGwgMTguMDksLTE2LjU0IGMgMC4yMSwtMC4xOSAwLjQ4LC0wLjMgMC43NiwtMC4zIGgg 106 | MTEuMjQgYyAxLjA0LDAuMDEgMS41MywxLjI5IDAuNzYsMS45OCB6IgogICBpZD0icGF0aDM0IiAvPgoJ 107 | PGcKICAgaWQ9ImczOCI+CgkJPHBhdGgKICAgY2xhc3M9InN0MiIKICAgZD0ibSAxNDcuNjcsODUuNDcg 108 | LTE1LjE2LDE2LjA3IGMgLTAuMjEsMC4yMyAtMC41MSwwLjM2IC0wLjgyLDAuMzYgaCAtMTAuODQgYyAt 109 | MC45OSwwIC0xLjUsLTEuMTggLTAuODMsLTEuOTEgbCAxNy41OSwtMTguNzYiCiAgIGlkPSJwYXRoMzYi 110 | IC8+Cgk8L2c+Cgk8cGF0aAogICBjbGFzcz0ic3QyIgogICBkPSJtIDE0NC4yNyw1OC40NyA3LjA1LDYu 111 | NzkgYyAwLjIyLDAuMjEgMC4zNSwwLjUxIDAuMzUsMC44MSB2IDE0LjU5IGMgMCwwLjk5IC0xLjE3LDEu 112 | NSAtMS45LDAuODMgbCAtNy4wNSwtNi40OCBjIC0wLjIzLC0wLjIxIC0wLjM3LC0wLjUyIC0wLjM3LC0w 113 | LjgzIHYgLTE0LjkgYyAwLjAxLC0wLjk5IDEuMjEsLTEuNSAxLjkyLC0wLjgxIHoiCiAgIGlkPSJwYXRo 114 | NDAiIC8+Cgk8cGF0aAogICBjbGFzcz0ic3QyIgogICBkPSJtIDEyMC40NSw3My45MiAyOS4zMywyNi4z 115 | NiBjIDAuNzMsMC42NSAxLjg5LDAuMTQgMS44OSwtMC44NCB2IC05LjgyIGMgMCwtMC4zMiAtMC4xMywt 116 | MC42MiAtMC4zNywtMC44NCBMIDEzMy4yMSw3Mi4yNCBjIC0wLjIxLC0wLjE5IC0wLjQ4LC0wLjMgLTAu 117 | NzYsLTAuMyBIIDEyMS4yIGMgLTEuMDQsMC4wMSAtMS41MywxLjI5IC0wLjc1LDEuOTggeiIKICAgaWQ9 118 | InBhdGg0MiIgLz4KPC9nPgoKPC9zdmc+Cg== 119 | mediatype: image/svg+xml 120 | install: 121 | spec: 122 | clusterPermissions: 123 | - rules: 124 | - apiGroups: 125 | - "" 126 | resources: 127 | - configmaps 128 | - secrets 129 | - pods 130 | - pods/exec 131 | - pods/log 132 | - persistentvolumeclaims 133 | - services 134 | verbs: 135 | - create 136 | - delete 137 | - get 138 | - list 139 | - patch 140 | - update 141 | - watch 142 | - apiGroups: 143 | - apps 144 | resources: 145 | - statefulsets 146 | verbs: 147 | - create 148 | - delete 149 | - get 150 | - list 151 | - patch 152 | - update 153 | - watch 154 | - apiGroups: 155 | - networking.k8s.io 156 | resources: 157 | - networkpolicies 158 | verbs: 159 | - create 160 | - delete 161 | - get 162 | - list 163 | - patch 164 | - update 165 | - watch 166 | - apiGroups: 167 | - autoscaling.k8s.io 168 | resources: 169 | - verticalpodautoscalers 170 | verbs: 171 | - create 172 | - delete 173 | - get 174 | - list 175 | - patch 176 | - update 177 | - watch 178 | - apiGroups: 179 | - keydb.krestomat.io 180 | resources: 181 | - keydbs 182 | - keydbs/status 183 | - keydbs/finalizers 184 | verbs: 185 | - create 186 | - delete 187 | - get 188 | - list 189 | - patch 190 | - update 191 | - watch 192 | - apiGroups: 193 | - authentication.k8s.io 194 | resources: 195 | - tokenreviews 196 | verbs: 197 | - create 198 | - apiGroups: 199 | - authorization.k8s.io 200 | resources: 201 | - subjectaccessreviews 202 | verbs: 203 | - create 204 | serviceAccountName: keydb-operator-controller-manager 205 | deployments: 206 | - label: 207 | app.kubernetes.io/managed-by: kustomize 208 | app.kubernetes.io/name: keydb-operator 209 | control-plane: controller-manager 210 | name: keydb-operator-controller-manager 211 | spec: 212 | replicas: 1 213 | selector: 214 | matchLabels: 215 | control-plane: controller-manager 216 | strategy: {} 217 | template: 218 | metadata: 219 | annotations: 220 | kubectl.kubernetes.io/default-container: manager 221 | labels: 222 | control-plane: controller-manager 223 | spec: 224 | containers: 225 | - args: 226 | - --metrics-require-rbac 227 | - --metrics-secure 228 | - --metrics-bind-address=:8443 229 | - --leader-elect 230 | - --leader-election-id=keydb-operator 231 | - --health-probe-bind-address=:6789 232 | env: 233 | - name: ANSIBLE_GATHERING 234 | value: explicit 235 | image: quay.io/krestomatio/keydb-operator:0.3.28 236 | livenessProbe: 237 | httpGet: 238 | path: /healthz 239 | port: 6789 240 | initialDelaySeconds: 15 241 | periodSeconds: 20 242 | name: manager 243 | readinessProbe: 244 | httpGet: 245 | path: /readyz 246 | port: 6789 247 | initialDelaySeconds: 5 248 | periodSeconds: 10 249 | resources: 250 | limits: 251 | cpu: "1" 252 | memory: 2Gi 253 | requests: 254 | cpu: 10m 255 | memory: 20Mi 256 | securityContext: 257 | allowPrivilegeEscalation: false 258 | capabilities: 259 | drop: 260 | - ALL 261 | securityContext: 262 | runAsNonRoot: true 263 | serviceAccountName: keydb-operator-controller-manager 264 | terminationGracePeriodSeconds: 10 265 | permissions: 266 | - rules: 267 | - apiGroups: 268 | - "" 269 | resources: 270 | - configmaps 271 | verbs: 272 | - get 273 | - list 274 | - watch 275 | - create 276 | - update 277 | - patch 278 | - delete 279 | - apiGroups: 280 | - coordination.k8s.io 281 | resources: 282 | - leases 283 | verbs: 284 | - get 285 | - list 286 | - watch 287 | - create 288 | - update 289 | - patch 290 | - delete 291 | - apiGroups: 292 | - "" 293 | resources: 294 | - events 295 | verbs: 296 | - create 297 | - patch 298 | serviceAccountName: keydb-operator-controller-manager 299 | strategy: deployment 300 | installModes: 301 | - supported: false 302 | type: OwnNamespace 303 | - supported: false 304 | type: SingleNamespace 305 | - supported: false 306 | type: MultiNamespace 307 | - supported: true 308 | type: AllNamespaces 309 | keywords: 310 | - keydb 311 | - database 312 | links: 313 | - name: Keydb Operator 314 | url: https://krestomatio.com/docs/keydb-operator 315 | - name: Keydb Image 316 | url: https://krestomatio.com/docs/container-builder/keydb 317 | - name: Keydb Repo 318 | url: https://github.com/Snapchat/KeyDB 319 | - name: Keydb Docs 320 | url: https://docs.keydb.dev 321 | maintainers: 322 | - email: jobcespedes@krestomatio.com 323 | name: Job Cespedes Ortiz 324 | maturity: alpha 325 | minKubeVersion: 1.26.0 326 | provider: 327 | name: Krestomatio 328 | url: https://krestomatio.com 329 | version: 0.3.28 330 | --------------------------------------------------------------------------------