├── config ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml │ └── kustomization.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ ├── kustomization.yaml │ └── bases │ │ └── mariadb-operator.clusterserviceversion.yaml ├── crd │ ├── kustomization.yaml │ └── bases │ │ └── helm.mariadb.mmontes.io_mariadboperators.yaml ├── samples │ ├── database.yaml │ ├── restore.yaml │ ├── external_mariadb.yaml │ ├── grant.yaml │ ├── kustomization.yaml │ ├── user.yaml │ ├── connection.yaml │ ├── backup.yaml │ ├── physicalbackup.yaml │ ├── sqljob.yaml │ ├── mariadb.yaml │ ├── maxscale.yaml │ └── mariadboperator.yaml ├── rbac │ ├── service_account.yaml │ ├── kustomization.yaml │ ├── role_binding.yaml │ ├── leader_election_role_binding.yaml │ ├── mariadboperator_viewer_role.yaml │ ├── mariadboperator_editor_role.yaml │ ├── leader_election_role.yaml │ └── role.yaml └── default │ └── kustomization.yaml ├── bundle ├── ci.yaml ├── metadata │ └── annotations.yaml ├── tests │ └── scorecard │ │ └── config.yaml └── manifests │ ├── helm.mariadb.mmontes.io_mariadboperators.yaml │ ├── k8s.mariadb.com_databases.yaml │ ├── k8s.mariadb.com_grants.yaml │ ├── k8s.mariadb.com_users.yaml │ ├── k8s.mariadb.com_connections.yaml │ ├── k8s.mariadb.com_externalmariadbs.yaml │ └── k8s.mariadb.com_sqljobs.yaml ├── .gitignore ├── .mailmap ├── Dockerfile ├── watches.yaml ├── helm-charts └── README.md ├── PROJECT ├── hack ├── bump-bundle.sh └── sync-chart.sh ├── .github └── workflows │ ├── bundle.yaml │ ├── ci.yaml │ └── release.yaml ├── LICENSE ├── bundle.Dockerfile ├── README.md └── Makefile /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /bundle/ci.yaml: -------------------------------------------------------------------------------- 1 | updateGraph: semver-mode 2 | addReviewers: true 3 | 4 | reviewers: 5 | - mmontes11 -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | 3 | helm-charts/* 4 | !helm-charts/README.md 5 | 6 | community-operators/ 7 | community-operators-prod/ 8 | 9 | # Git 10 | .gitconfig 11 | -------------------------------------------------------------------------------- /.mailmap: -------------------------------------------------------------------------------- 1 | Martin Montes Martin Montes 2 | Martin Montes Martin Montes 3 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM quay.io/operator-framework/helm-operator:v1.26.0 3 | 4 | ENV HOME=/opt/helm 5 | COPY watches.yaml ${HOME}/watches.yaml 6 | COPY helm-charts ${HOME}/helm-charts 7 | WORKDIR ${HOME} 8 | -------------------------------------------------------------------------------- /watches.yaml: -------------------------------------------------------------------------------- 1 | # Use the 'create api' subcommand to add watches to this file. 2 | - group: helm.mariadb.mmontes.io 3 | version: v1alpha1 4 | kind: MariadbOperator 5 | chart: helm-charts/mariadb-operator 6 | #+kubebuilder:scaffold:watch 7 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: ghcr.io/mariadb-operator/mariadb-operator-helm 8 | newTag: 25.10.3 9 | -------------------------------------------------------------------------------- /helm-charts/README.md: -------------------------------------------------------------------------------- 1 | # Charts source directory 2 | 3 | This directory contains the helm charts reconciled by the helm operator. They are dynamically synced from the `mariadb-operator`'s the [releases](https://github.com/mariadb-operator/mariadb-operator/releases). -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/mariadb-operator.clusterserviceversion.yaml 5 | - crds/crds.yaml 6 | - ../default 7 | - ../samples 8 | - ../scorecard 9 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.26.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/helm.mariadb.mmontes.io_mariadboperators.yaml 6 | #+kubebuilder:scaffold:crdkustomizeresource 7 | -------------------------------------------------------------------------------- /config/samples/database.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Database 3 | metadata: 4 | name: data-test 5 | spec: 6 | # If you want the database to be created with a different name than the resource name 7 | # name: data-custom 8 | mariaDbRef: 9 | name: mariadb 10 | characterSet: utf8 11 | collate: utf8_general_ci 12 | retryInterval: 5s -------------------------------------------------------------------------------- /config/samples/restore.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Restore 3 | metadata: 4 | name: restore 5 | spec: 6 | mariaDbRef: 7 | name: mariadb 8 | backupRef: 9 | name: backup 10 | targetRecoveryTime: 2023-12-19T09:00:00Z 11 | resources: 12 | requests: 13 | cpu: 100m 14 | memory: 128Mi 15 | limits: 16 | cpu: 300m 17 | memory: 512Mi -------------------------------------------------------------------------------- /config/samples/external_mariadb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: ExternalMariaDB 3 | metadata: 4 | name: external-mariadb 5 | spec: 6 | host: mariadb.default.svc.cluster.local 7 | port: 3306 8 | username: root 9 | passwordSecretKeyRef: 10 | name: mariadb 11 | key: password 12 | connection: 13 | secretName: external-mariadb 14 | healthCheck: 15 | interval: 5s -------------------------------------------------------------------------------- /config/samples/grant.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Grant 3 | metadata: 4 | name: grant 5 | spec: 6 | mariaDbRef: 7 | name: mariadb 8 | privileges: 9 | - "SELECT" 10 | - "INSERT" 11 | - "UPDATE" 12 | # - "ALL PRIVILEGES" 13 | database: "*" 14 | table: "*" 15 | username: user 16 | grantOption: true 17 | host: "%" 18 | requeueInterval: 30s 19 | retryInterval: 5s -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: mariadb.mmontes.io 2 | layout: 3 | - helm.sdk.operatorframework.io/v1 4 | plugins: 5 | manifests.sdk.operatorframework.io/v2: {} 6 | scorecard.sdk.operatorframework.io/v2: {} 7 | projectName: mariadb-operator 8 | resources: 9 | - api: 10 | crdVersion: v1 11 | namespaced: true 12 | domain: mariadb.mmontes.io 13 | group: helm 14 | kind: MariadbOperator 15 | version: v1alpha1 16 | version: "3" 17 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - backup.yaml 4 | - connection.yaml 5 | - database.yaml 6 | - external_mariadb.yaml 7 | - grant.yaml 8 | - mariadb.yaml 9 | - mariadboperator.yaml 10 | - maxscale.yaml 11 | - physicalbackup.yaml 12 | - restore.yaml 13 | - sqljob.yaml 14 | - user.yaml 15 | #+kubebuilder:scaffold:manifestskustomizesamples 16 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: serviceaccount 6 | app.kubernetes.io/instance: controller-manager-sa 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: helm-operator 9 | app.kubernetes.io/part-of: helm-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/samples/user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: User 3 | metadata: 4 | name: user 5 | spec: 6 | # If you want the user to be created with a different name than the resource name 7 | # name: user-custom 8 | mariaDbRef: 9 | name: mariadb 10 | passwordSecretKeyRef: 11 | name: mariadb 12 | key: password 13 | # This field is immutable and defaults to 10 14 | maxUserConnections: 20 15 | host: "%" 16 | retryInterval: 5s -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | -------------------------------------------------------------------------------- /hack/bump-bundle.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | VERSION=$1 6 | 7 | echo "📦 Bumping bundle to version '$VERSION'" 8 | 9 | echo "📦 Updating Makefile" 10 | sed -i "s/VERSION ?= .*/VERSION ?= $VERSION/g" Makefile 11 | 12 | echo "📦 Generating bundle" 13 | make bundle 14 | 15 | echo "📦 Pushing changes" 16 | git config user.email "martin11lrx@gmail.com" 17 | git config user.name "Martin Montes" 18 | git add . 19 | git commit -m "Bump bundle to version '$VERSION'" 20 | git push 21 | 22 | echo "📦 Creating tag" 23 | git tag $VERSION 24 | git push --tags -------------------------------------------------------------------------------- /.github/workflows/bundle.yaml: -------------------------------------------------------------------------------- 1 | name: Bundle 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: "Helm chart version used to bump the bundle" 8 | required: true 9 | type: string 10 | 11 | jobs: 12 | bump: 13 | name: Bump 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v3 18 | with: 19 | fetch-depth: 0 20 | token: "${{ secrets.GHA_TOKEN }}" 21 | 22 | - name: Bump bundle 23 | run: ./hack/bump-bundle.sh "${{ inputs.version }}" 24 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrolebinding 6 | app.kubernetes.io/instance: manager-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: helm-operator 9 | app.kubernetes.io/part-of: helm-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: manager-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: manager-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: rolebinding 6 | app.kubernetes.io/instance: leader-election-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: helm-operator 9 | app.kubernetes.io/part-of: helm-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: leader-election-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: leader-election-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: mariadb-operator-helm-system 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: mariadb-operator-helm- 10 | 11 | # Labels to add to all resources and selectors. 12 | #labels: 13 | #- includeSelectors: true 14 | # pairs: 15 | # someName: someValue 16 | 17 | resources: 18 | - ../crd 19 | - ../rbac 20 | - ../manager 21 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 22 | #- ../prometheus 23 | -------------------------------------------------------------------------------- /config/samples/connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Connection 3 | metadata: 4 | name: connection 5 | spec: 6 | mariaDbRef: 7 | name: mariadb 8 | username: mariadb 9 | passwordSecretKeyRef: 10 | name: mariadb 11 | key: password 12 | database: mariadb 13 | params: 14 | parseTime: "true" 15 | secretName: connection 16 | secretTemplate: 17 | labels: 18 | k8s.mariadb.com/connection: sample 19 | annotations: 20 | k8s.mariadb.com/connection: sample 21 | key: dsn 22 | usernameKey: username 23 | passwordKey: password 24 | hostKey: host 25 | portKey: port 26 | databaseKey: database 27 | healthCheck: 28 | interval: 10s 29 | retryInterval: 3s 30 | serviceName: mariadb 31 | -------------------------------------------------------------------------------- /config/rbac/mariadboperator_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view mariadboperators. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: mariadboperator-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: helm-operator 10 | app.kubernetes.io/part-of: helm-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: mariadboperator-viewer-role 13 | rules: 14 | - apiGroups: 15 | - helm.mariadb.mmontes.io 16 | resources: 17 | - mariadboperators 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - helm.mariadb.mmontes.io 24 | resources: 25 | - mariadboperators/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/mariadboperator_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit mariadboperators. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: mariadboperator-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: helm-operator 10 | app.kubernetes.io/part-of: helm-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: mariadboperator-editor-role 13 | rules: 14 | - apiGroups: 15 | - helm.mariadb.mmontes.io 16 | resources: 17 | - mariadboperators 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - helm.mariadb.mmontes.io 28 | resources: 29 | - mariadboperators/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | app.kubernets.io/name: servicemonitor 9 | app.kubernetes.io/instance: controller-manager-metrics-monitor 10 | app.kubernetes.io/component: metrics 11 | app.kubernetes.io/created-by: helm-operator 12 | app.kubernetes.io/part-of: helm-operator 13 | app.kubernetes.io/managed-by: kustomize 14 | name: controller-manager-metrics-monitor 15 | namespace: system 16 | spec: 17 | endpoints: 18 | - path: /metrics 19 | port: https 20 | scheme: https 21 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 22 | tlsConfig: 23 | insecureSkipVerify: true 24 | selector: 25 | matchLabels: 26 | control-plane: controller-manager 27 | -------------------------------------------------------------------------------- /config/samples/backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: Backup 3 | metadata: 4 | name: backup 5 | spec: 6 | mariaDbRef: 7 | name: mariadb 8 | schedule: 9 | cron: "*/1 * * * *" 10 | suspend: false 11 | maxRetention: 720h # 30 days 12 | storage: 13 | s3: 14 | bucket: backups 15 | prefix: mariadb 16 | endpoint: minio.minio.svc.cluster.local:9000 17 | accessKeyIdSecretKeyRef: 18 | name: minio 19 | key: access-key-id 20 | secretAccessKeySecretKeyRef: 21 | name: minio 22 | key: secret-access-key 23 | tls: 24 | enabled: true 25 | caSecretKeyRef: 26 | name: minio-ca 27 | key: ca.crt 28 | args: 29 | - --single-transaction 30 | - --all-databases 31 | logLevel: info 32 | resources: 33 | requests: 34 | cpu: 100m 35 | memory: 128Mi 36 | limits: 37 | cpu: 300m 38 | memory: 512Mi -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: role 7 | app.kubernetes.io/instance: leader-election-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: helm-operator 10 | app.kubernetes.io/part-of: helm-operator 11 | app.kubernets.io/managed-by: kustomize 12 | name: leader-election-role 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - configmaps 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - create 23 | - update 24 | - patch 25 | - delete 26 | - apiGroups: 27 | - coordination.k8s.io 28 | resources: 29 | - leases 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - create 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - "" 40 | resources: 41 | - events 42 | verbs: 43 | - create 44 | - patch 45 | -------------------------------------------------------------------------------- /hack/sync-chart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | install_yq() { 6 | if ! command -v yq &> /dev/null; then 7 | echo "yq command not found, installing yq..." 8 | sudo curl -sSLo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64 9 | sudo chmod +x /usr/local/bin/yq 10 | fi 11 | } 12 | install_yq 13 | 14 | HELM_CHART_VERSION=$1 15 | HELM_CHART_DIR="helm-charts/mariadb-operator" 16 | HELM_CHART_FILE="$HELM_CHART_DIR/Chart.yaml" 17 | RELEASE_URL="https://github.com/mariadb-operator/mariadb-operator/releases/download/mariadb-operator-$HELM_CHART_VERSION/mariadb-operator-$HELM_CHART_VERSION.tgz" 18 | 19 | echo "☸️ Syncing helm chart version $HELM_CHART_VERSION"; 20 | if [ -d "$HELM_CHART_DIR" ]; then 21 | rm -rf $HELM_CHART_DIR 22 | fi 23 | curl -sL $RELEASE_URL | tar xz -C helm-charts/ 24 | 25 | echo "☸️ Syncing CRDs"; 26 | cp helm-charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml config/manifests/crds/crds.yaml -------------------------------------------------------------------------------- /bundle/metadata/annotations.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | # Core bundle annotations. 3 | operators.operatorframework.io.bundle.mediatype.v1: registry+v1 4 | operators.operatorframework.io.bundle.manifests.v1: manifests/ 5 | operators.operatorframework.io.bundle.metadata.v1: metadata/ 6 | operators.operatorframework.io.bundle.package.v1: mariadb-operator 7 | operators.operatorframework.io.bundle.channels.v1: alpha 8 | operators.operatorframework.io.bundle.channel.default.v1: alpha 9 | operators.operatorframework.io.metrics.builder: operator-sdk-v1.26.0 10 | operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 11 | operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 12 | com.redhat.openshift.versions: v4.12 13 | com.redhat.delivery.operator.bundle: true 14 | com.redhat.delivery.backport: false 15 | # Annotations for testing. 16 | operators.operatorframework.io.test.mediatype.v1: scorecard+v1 17 | operators.operatorframework.io.test.config.v1: tests/scorecard/ 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Martín Montes 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: {} 8 | 9 | jobs: 10 | detect-noop: 11 | name: Detect noop 12 | runs-on: ubuntu-latest 13 | outputs: 14 | noop: ${{ steps.noop.outputs.should_skip }} 15 | steps: 16 | - name: Detect no-op changes 17 | id: noop 18 | uses: fkirc/skip-duplicate-actions@v5.3.0 19 | with: 20 | github_token: ${{ secrets.GITHUB_TOKEN }} 21 | paths_ignore: '["**.md"]' 22 | concurrent_skipping: false 23 | 24 | operator: 25 | name: Operator 26 | runs-on: ubuntu-latest 27 | needs: detect-noop 28 | if: ${{ needs.detect-noop.outputs.noop != 'true' }} 29 | steps: 30 | - name: Checkout code 31 | uses: actions/checkout@v3 32 | 33 | - name: Build 34 | run: make docker-build 35 | 36 | bundle: 37 | name: Bundle 38 | runs-on: ubuntu-latest 39 | needs: detect-noop 40 | if: ${{ needs.detect-noop.outputs.noop != 'true' }} 41 | steps: 42 | - name: Checkout code 43 | uses: actions/checkout@v3 44 | 45 | - name: Build 46 | run: make bundle-build 47 | -------------------------------------------------------------------------------- /config/samples/physicalbackup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: PhysicalBackup 3 | metadata: 4 | name: physicalbackup 5 | spec: 6 | mariaDbRef: 7 | name: mariadb 8 | schedule: 9 | cron: "*/1 * * * *" 10 | suspend: false 11 | immediate: true 12 | compression: bzip2 13 | maxRetention: 720h # 30 days 14 | storage: 15 | s3: 16 | bucket: physicalbackups 17 | prefix: mariadb 18 | endpoint: minio.minio.svc.cluster.local:9000 19 | region: us-east-1 20 | accessKeyIdSecretKeyRef: 21 | name: minio 22 | key: access-key-id 23 | secretAccessKeySecretKeyRef: 24 | name: minio 25 | key: secret-access-key 26 | tls: 27 | enabled: true 28 | caSecretKeyRef: 29 | name: minio-ca 30 | key: ca.crt 31 | stagingStorage: 32 | persistentVolumeClaim: 33 | resources: 34 | requests: 35 | storage: 1Gi 36 | accessModes: 37 | - ReadWriteOnce 38 | timeout: 1h 39 | podAffinity: true 40 | serviceAccountName: backup 41 | resources: 42 | requests: 43 | cpu: 100m 44 | memory: 128Mi 45 | limits: 46 | cpu: 300m 47 | memory: 512Mi -------------------------------------------------------------------------------- /bundle.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | # Core bundle labels. 4 | LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 5 | LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ 6 | LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ 7 | LABEL operators.operatorframework.io.bundle.package.v1=mariadb-operator 8 | LABEL operators.operatorframework.io.bundle.channels.v1=alpha 9 | LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha 10 | LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.26.0 11 | LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 12 | LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1 13 | LABEL com.redhat.openshift.versions=v4.12 14 | LABEL com.redhat.delivery.operator.bundle=true 15 | LABEL com.redhat.delivery.backport=false 16 | 17 | # Labels for testing. 18 | LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 19 | LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ 20 | 21 | # Copy files to locations specified by labels. 22 | COPY bundle/manifests /manifests/ 23 | COPY bundle/metadata /metadata/ 24 | COPY bundle/tests/scorecard /tests/scorecard/ 25 | -------------------------------------------------------------------------------- /config/samples/sqljob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: SqlJob 3 | metadata: 4 | name: 03-stars 5 | spec: 6 | dependsOn: 7 | - name: 01-users 8 | - name: 02-repos 9 | mariaDbRef: 10 | name: mariadb 11 | schedule: 12 | cron: "*/1 * * * *" 13 | suspend: false 14 | username: mariadb 15 | passwordSecretKeyRef: 16 | name: mariadb 17 | key: password 18 | database: mariadb 19 | sql: | 20 | CREATE TABLE IF NOT EXISTS stars ( 21 | id bigint PRIMARY KEY AUTO_INCREMENT, 22 | user_id bigint NOT NULL, 23 | repo_id bigint NOT NULL, 24 | FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, 25 | FOREIGN KEY (repo_id) REFERENCES repos(id) ON DELETE CASCADE, 26 | UNIQUE KEY (user_id, repo_id) 27 | ); 28 | INSERT INTO stars(user_id, repo_id) 29 | VALUES((SELECT id FROM users ORDER BY RAND() LIMIT 1), (SELECT id FROM repos ORDER BY RAND() LIMIT 1)) 30 | ON DUPLICATE KEY UPDATE id=id; 31 | DELETE FROM stars WHERE id = (SELECT id FROM stars ORDER BY RAND() LIMIT 1); 32 | SELECT r.name AS repo, COUNT(*) AS stars 33 | FROM stars s 34 | JOIN repos r 35 | ON s.repo_id = r.id 36 | GROUP BY r.id 37 | ORDER BY stars DESC; -------------------------------------------------------------------------------- /config/samples/mariadb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: MariaDB 3 | metadata: 4 | name: mariadb 5 | spec: 6 | rootPasswordSecretKeyRef: 7 | name: mariadb-root 8 | key: password 9 | generate: true 10 | 11 | username: mariadb 12 | passwordSecretKeyRef: 13 | name: mariadb-password 14 | key: password 15 | generate: true 16 | database: mariadb 17 | 18 | storage: 19 | size: 1Gi 20 | 21 | replicas: 3 22 | 23 | galera: 24 | enabled: true 25 | 26 | service: 27 | type: ClusterIP 28 | connection: 29 | secretName: mariadb-conn 30 | secretTemplate: 31 | key: dsn 32 | primaryService: 33 | type: ClusterIP 34 | primaryConnection: 35 | secretName: mariadb-conn-primary 36 | secretTemplate: 37 | key: dsn 38 | secondaryService: 39 | type: ClusterIP 40 | secondaryConnection: 41 | secretName: mariadb-conn-secondary 42 | secretTemplate: 43 | key: dsn 44 | 45 | updateStrategy: 46 | type: ReplicasFirstPrimaryLast 47 | 48 | myCnf: | 49 | [mariadb] 50 | bind-address=* 51 | default_storage_engine=InnoDB 52 | binlog_format=row 53 | innodb_autoinc_lock_mode=2 54 | innodb_buffer_pool_size=1024M 55 | max_allowed_packet=256M 56 | 57 | metrics: 58 | passwordSecretKeyRef: 59 | name: mariadb-metrics 60 | key: password 61 | generate: true 62 | enabled: true -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.26.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.26.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.26.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.26.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.26.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /bundle/tests/scorecard/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: 8 | - entrypoint: 9 | - scorecard-test 10 | - basic-check-spec 11 | image: quay.io/operator-framework/scorecard-test:v1.26.0 12 | labels: 13 | suite: basic 14 | test: basic-check-spec-test 15 | storage: 16 | spec: 17 | mountPath: {} 18 | - entrypoint: 19 | - scorecard-test 20 | - olm-bundle-validation 21 | image: quay.io/operator-framework/scorecard-test:v1.26.0 22 | labels: 23 | suite: olm 24 | test: olm-bundle-validation-test 25 | storage: 26 | spec: 27 | mountPath: {} 28 | - entrypoint: 29 | - scorecard-test 30 | - olm-crds-have-validation 31 | image: quay.io/operator-framework/scorecard-test:v1.26.0 32 | labels: 33 | suite: olm 34 | test: olm-crds-have-validation-test 35 | storage: 36 | spec: 37 | mountPath: {} 38 | - entrypoint: 39 | - scorecard-test 40 | - olm-crds-have-resources 41 | image: quay.io/operator-framework/scorecard-test:v1.26.0 42 | labels: 43 | suite: olm 44 | test: olm-crds-have-resources-test 45 | storage: 46 | spec: 47 | mountPath: {} 48 | - entrypoint: 49 | - scorecard-test 50 | - olm-spec-descriptors 51 | image: quay.io/operator-framework/scorecard-test:v1.26.0 52 | labels: 53 | suite: olm 54 | test: olm-spec-descriptors-test 55 | storage: 56 | spec: 57 | mountPath: {} 58 | - entrypoint: 59 | - scorecard-test 60 | - olm-status-descriptors 61 | image: quay.io/operator-framework/scorecard-test:v1.26.0 62 | labels: 63 | suite: olm 64 | test: olm-status-descriptors-test 65 | storage: 66 | spec: 67 | mountPath: {} 68 | storage: 69 | spec: 70 | mountPath: {} 71 | -------------------------------------------------------------------------------- /config/crd/bases/helm.mariadb.mmontes.io_mariadboperators.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: mariadboperators.helm.mariadb.mmontes.io 6 | spec: 7 | group: helm.mariadb.mmontes.io 8 | names: 9 | kind: MariadbOperator 10 | listKind: MariadbOperatorList 11 | plural: mariadboperators 12 | singular: mariadboperator 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: MariadbOperator is the Schema for the mariadboperators API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of MariadbOperator 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of MariadbOperator 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/samples/maxscale.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.mariadb.com/v1alpha1 2 | kind: MaxScale 3 | metadata: 4 | name: maxscale-galera 5 | spec: 6 | replicas: 3 7 | 8 | mariaDbRef: 9 | name: mariadb-galera 10 | 11 | services: 12 | - name: rw-router 13 | router: readwritesplit 14 | params: 15 | transaction_replay: "true" 16 | transaction_replay_attempts: "10" 17 | transaction_replay_timeout: "5s" 18 | max_slave_connections: "255" 19 | max_replication_lag: "3s" 20 | master_accept_reads: "true" 21 | listener: 22 | port: 3306 23 | protocol: MariaDBProtocol 24 | params: 25 | connection_metadata: "tx_isolation=auto" 26 | - name: rconn-master-router 27 | router: readconnroute 28 | params: 29 | router_options: "master" 30 | max_replication_lag: "3s" 31 | master_accept_reads: "true" 32 | listener: 33 | port: 3307 34 | - name: rconn-slave-router 35 | router: readconnroute 36 | params: 37 | router_options: "slave" 38 | max_replication_lag: "3s" 39 | listener: 40 | port: 3308 41 | 42 | monitor: 43 | interval: 2s 44 | cooperativeMonitoring: majority_of_all 45 | params: 46 | disable_master_failback: "false" 47 | available_when_donor: "false" 48 | disable_master_role_setting: "false" 49 | 50 | admin: 51 | port: 8989 52 | guiEnabled: true 53 | 54 | config: 55 | sync: 56 | database: mysql 57 | interval: 5s 58 | timeout: 10s 59 | 60 | auth: 61 | generate: true 62 | 63 | kubernetesService: 64 | type: LoadBalancer 65 | annotations: 66 | metallb.universe.tf/loadBalancerIPs: 172.18.0.224 67 | 68 | guiKubernetesService: 69 | type: LoadBalancer 70 | metadata: 71 | annotations: 72 | metallb.universe.tf/loadBalancerIPs: 172.18.0.231 73 | 74 | connection: 75 | secretName: mxs-galera-conn 76 | port: 3306 77 | 78 | requeueInterval: 10s -------------------------------------------------------------------------------- /bundle/manifests/helm.mariadb.mmontes.io_mariadboperators.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | creationTimestamp: null 5 | name: mariadboperators.helm.mariadb.mmontes.io 6 | spec: 7 | group: helm.mariadb.mmontes.io 8 | names: 9 | kind: MariadbOperator 10 | listKind: MariadbOperatorList 11 | plural: mariadboperators 12 | singular: mariadboperator 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: MariadbOperator is the Schema for the mariadboperators API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of MariadbOperator 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of MariadbOperator 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | status: 46 | acceptedNames: 47 | kind: "" 48 | plural: "" 49 | conditions: null 50 | storedVersions: null 51 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: manager-role 5 | rules: 6 | ## 7 | ## Base operator rules 8 | ## 9 | # We need to get namespaces so the operator can read namespaces to ensure they exist 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - namespaces 14 | verbs: 15 | - get 16 | # We need to manage Helm release secrets 17 | - apiGroups: 18 | - "" 19 | resources: 20 | - secrets 21 | verbs: 22 | - "*" 23 | # We need to create events on CRs about things happening during reconciliation 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - events 28 | verbs: 29 | - create 30 | 31 | ## 32 | ## Rules for helm.mariadb.mmontes.io/v1alpha1, Kind: MariadbOperator 33 | ## 34 | - apiGroups: 35 | - helm.mariadb.mmontes.io 36 | resources: 37 | - mariadboperators 38 | - mariadboperators/status 39 | - mariadboperators/finalizers 40 | verbs: 41 | - create 42 | - delete 43 | - get 44 | - list 45 | - patch 46 | - update 47 | - watch 48 | - verbs: 49 | - "*" 50 | apiGroups: 51 | - "rbac.authorization.k8s.io" 52 | resources: 53 | - "clusterrolebindings" 54 | - "clusterroles" 55 | - verbs: 56 | - "*" 57 | apiGroups: 58 | - "admissionregistration.k8s.io" 59 | resources: 60 | - "validatingwebhookconfigurations" 61 | - "mutatingwebhookconfigurations" 62 | - verbs: 63 | - "*" 64 | apiGroups: 65 | - "rbac.authorization.k8s.io" 66 | resources: 67 | - "rolebindings" 68 | - "roles" 69 | - verbs: 70 | - "*" 71 | apiGroups: 72 | - "apps" 73 | resources: 74 | - "deployments" 75 | - verbs: 76 | - "*" 77 | apiGroups: 78 | - "" 79 | resources: 80 | - "serviceaccounts" 81 | - "services" 82 | 83 | ## 84 | ## Extra rules needed by the helm operator 85 | ## 86 | - verbs: 87 | - "*" 88 | apiGroups: 89 | - "apiextensions.k8s.io" 90 | resources: 91 | - "customresourcedefinitions" 92 | - verbs: 93 | - "*" 94 | apiGroups: 95 | - "cert-manager.io" 96 | resources: 97 | - "certificates" 98 | - "issuers" 99 | - verbs: 100 | - "*" 101 | apiGroups: 102 | - monitoring.coreos.com 103 | resources: 104 | - servicemonitors 105 | #+kubebuilder:scaffold:rules 106 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: namespace 7 | app.kubernetes.io/instance: system 8 | app.kubernetes.io/component: manager 9 | app.kubernetes.io/created-by: helm-operator 10 | app.kubernetes.io/part-of: helm-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: system 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: controller-manager 18 | namespace: system 19 | labels: 20 | control-plane: controller-manager 21 | app.kubernetes.io/name: deployment 22 | app.kubernetes.io/instance: controller-manager 23 | app.kubernetes.io/component: manager 24 | app.kubernetes.io/created-by: helm-operator 25 | app.kubernetes.io/part-of: helm-operator 26 | app.kubernetes.io/managed-by: kustomize 27 | spec: 28 | selector: 29 | matchLabels: 30 | control-plane: controller-manager 31 | replicas: 1 32 | template: 33 | metadata: 34 | annotations: 35 | kubectl.kubernetes.io/default-container: manager 36 | labels: 37 | control-plane: controller-manager 38 | spec: 39 | # TODO(user): Uncomment the following code to configure the nodeAffinity expression 40 | # according to the platforms which are supported by your solution. 41 | # It is considered best practice to support multiple architectures. You can 42 | # build your manager image using the makefile target docker-buildx. 43 | # affinity: 44 | # nodeAffinity: 45 | # requiredDuringSchedulingIgnoredDuringExecution: 46 | # nodeSelectorTerms: 47 | # - matchExpressions: 48 | # - key: kubernetes.io/arch 49 | # operator: In 50 | # values: 51 | # - amd64 52 | # - arm64 53 | # - ppc64le 54 | # - s390x 55 | # - key: kubernetes.io/os 56 | # operator: In 57 | # values: 58 | # - linux 59 | securityContext: 60 | runAsNonRoot: true 61 | # TODO(user): For common cases that do not require escalating privileges 62 | # it is recommended to ensure that all your Pods/Containers are restrictive. 63 | # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted 64 | # Please uncomment the following code if your project does NOT have to work on old Kubernetes 65 | # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). 66 | # seccompProfile: 67 | # type: RuntimeDefault 68 | # Clean up old ReplicaSets. After making manual changes in the CSV, ReplicaSet is downscaled instead of deleted: 69 | # https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit 70 | # https://github.com/mariadb-operator/mariadb-operator/issues/251#issuecomment-1760467114 71 | revisionHistoryLimit: 0 72 | containers: 73 | - args: 74 | - --leader-elect 75 | - --leader-election-id=helm-operator 76 | image: controller:latest 77 | name: manager 78 | securityContext: 79 | allowPrivilegeEscalation: false 80 | capabilities: 81 | drop: 82 | - "ALL" 83 | livenessProbe: 84 | httpGet: 85 | path: /healthz 86 | port: 8081 87 | initialDelaySeconds: 15 88 | periodSeconds: 20 89 | readinessProbe: 90 | httpGet: 91 | path: /readyz 92 | port: 8081 93 | initialDelaySeconds: 5 94 | periodSeconds: 10 95 | # TODO(user): Configure the resources accordingly based on the project requirements. 96 | # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 97 | resources: 98 | limits: 99 | cpu: 500m 100 | memory: 512Mi 101 | requests: 102 | cpu: 10m 103 | memory: 128Mi 104 | serviceAccountName: controller-manager 105 | terminationGracePeriodSeconds: 10 106 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | mariadb 3 |

4 | 5 |

6 | CI 7 | Bundle 8 | Release 9 |

10 | 11 |

12 | Slack 13 | Operator Hub 14 | Artifact Hub 15 |

16 | 17 | # 🦭 mariadb-operator-helm 18 | 19 | Install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via [OLM](https://olm.operatorframework.io/) using the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator). 20 | 21 | This helm operator provides provides a 1:1 mapping between the official helm chart and the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, allowing to install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via OLM without having to do any change in the helm chart. 22 | 23 | Normally, you would install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) providing this `values.yaml` to the helm chart: 24 | ```yaml 25 | image: 26 | repository: ghcr.io/mariadb-operator/mariadb-operator 27 | pullPolicy: IfNotPresent 28 | logLevel: INFO 29 | ha: 30 | enabled: true 31 | metrics: 32 | enabled: true 33 | serviceMonitor: 34 | enabled: true 35 | webhook: 36 | cert: 37 | certManager: 38 | enabled: true 39 | ``` 40 | 41 | This helm chart installation is abstracted in the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, which will be reconciled by the helm operator: 42 | ```yaml 43 | apiVersion: helm.mariadb.mmontes.io/v1alpha1 44 | kind: MariadbOperator 45 | metadata: 46 | name: mariadb-operator 47 | spec: 48 | image: 49 | repository: ghcr.io/mariadb-operator/mariadb-operator 50 | pullPolicy: IfNotPresent 51 | logLevel: INFO 52 | ha: 53 | enabled: true 54 | metrics: 55 | enabled: true 56 | serviceMonitor: 57 | enabled: true 58 | webhook: 59 | cert: 60 | certManager: 61 | enabled: true 62 | ``` 63 | 64 | Once you have installed the operator, you will able to install a [`MariaDB`](https://github.com/mariadb-operator/mariadb-operator/blob/main/examples/manifests/mariadb_v1alpha1_mariadb.yaml) instance. Refer to the main [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) documentation for getting started with the rest of CRDs. 65 | 66 | ## Documentation 67 | * [mariadb-operator](https://github.com/mariadb-operator/mariadb-operator/blob/main/README.md) 68 | * [mariadb-operator-helm](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/README.md) 69 | 70 | ## Releases 71 | This operator is automatically published in the following repositories whenever a new version of the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator) is released: 72 | - [k8s-operatorhub/community-operators](https://github.com/k8s-operatorhub/community-operators) 73 | - [redhat-openshift-ecosystem/community-operators-prod](https://github.com/redhat-openshift-ecosystem/community-operators-prod) 74 | 75 | ## Roadmap 76 | Take a look at our [roadmap](https://github.com/mariadb-operator/mariadb-operator/blob/main/ROADMAP.md) and feel free to open an issue to suggest new features. 77 | 78 | ## Contributing 79 | We welcome and encourage contributions to this project! Please check our [contributing](https://github.com/mariadb-operator/mariadb-operator/blob/main/CONTRIBUTING.md) and [development](https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/DEVELOPMENT.md) guides. PRs welcome! 80 | 81 | ## Community 82 | - [We Tested and Compared 6 Database Operators. The Results are In!](https://www.youtube.com/watch?v=l33pcnQ4cUQ&t=17m25s) - KubeCon EU, March 2024 83 | - [Get Started with MariaDB in Kubernetes and mariadb-operator](https://mariadb.com/resources/blog/get-started-with-mariadb-in-kubernetes-and-mariadb-operator/) - MariaDB Corporation blog, February 2024 84 | - [Run and operate MariaDB in Kubernetes with mariadb-operator](https://mariadb.org/mariadb-in-kubernetes-with-mariadb-operator/) - MariaDB Foundation blog, July 2023 85 | - [L'enfer des DB SQL sur Kubernetes face à la promesse des opérateurs](https://www.youtube.com/watch?v=d_ka7PlWo1I&t=2415s&ab_channel=KCDFrance) - KCD France, March 2023 86 | 87 | ## Get in touch 88 | Join us on Slack: **[MariaDB Community Slack](https://r.mariadb.com/join-community-slack)**. 89 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release 2 | 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | 8 | jobs: 9 | version: 10 | name: Version 11 | runs-on: ubuntu-latest 12 | outputs: 13 | build_date: ${{ steps.version.outputs.buid_date }} 14 | version: ${{ steps.version.outputs.version }} 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v3 18 | with: 19 | fetch-depth: 0 20 | 21 | - name: Fetch tags 22 | run: git fetch --force --tags 23 | 24 | - name: Get Version 25 | id: version 26 | run: | 27 | VERSION=sha-${GITHUB_SHA::8} 28 | if [[ $GITHUB_REF == refs/tags/* ]]; then 29 | VERSION=${GITHUB_REF/refs\/tags\//} 30 | fi 31 | echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT 32 | echo "version=${VERSION}" >> $GITHUB_OUTPUT 33 | 34 | operator: 35 | name: Operator 36 | runs-on: ubuntu-latest 37 | needs: 38 | - version 39 | steps: 40 | - name: Checkout 41 | uses: actions/checkout@v2 42 | with: 43 | fetch-depth: 0 44 | 45 | - name: Fetch tags 46 | run: git fetch --force --tags 47 | 48 | - name: Setup QEMU 49 | uses: docker/setup-qemu-action@v2 50 | 51 | - name: Setup Docker Buildx 52 | uses: docker/setup-buildx-action@v2 53 | id: buildx 54 | 55 | - name: Login to container Registry 56 | uses: docker/login-action@v2 57 | with: 58 | username: ${{ github.repository_owner }} 59 | password: ${{ secrets.GHA_TOKEN }} 60 | registry: ghcr.io 61 | 62 | - name: Sync chart 63 | run: make sync-chart 64 | env: 65 | VERSION: "${{ needs.version.outputs.version }}" 66 | 67 | - name: Publish operator image 68 | uses: docker/build-push-action@v2 69 | with: 70 | push: true 71 | builder: ${{ steps.buildx.outputs.name }} 72 | context: . 73 | file: ./Dockerfile 74 | platforms: linux/arm64,linux/amd64 75 | tags: | 76 | ghcr.io/${{ github.repository_owner }}/mariadb-operator-helm:${{ needs.version.outputs.version }} 77 | ghcr.io/${{ github.repository_owner }}/mariadb-operator-helm:latest 78 | labels: | 79 | org.opencontainers.image.title=${{ github.event.repository.name }} 80 | org.opencontainers.image.description=${{ github.event.repository.description }} 81 | org.opencontainers.image.source=${{ github.event.repository.html_url }} 82 | org.opencontainers.image.url=${{ github.event.repository.html_url }} 83 | org.opencontainers.image.revision=${{ github.sha }} 84 | org.opencontainers.image.version=${{ needs.version.outputs.version }} 85 | org.opencontainers.image.created=${{ needs.version.outputs.build_date }} 86 | 87 | bundle: 88 | name: Bundle 89 | runs-on: ubuntu-latest 90 | needs: 91 | - version 92 | steps: 93 | - name: Checkout 94 | uses: actions/checkout@v2 95 | with: 96 | fetch-depth: 0 97 | 98 | - name: Fetch tags 99 | run: git fetch --force --tags 100 | 101 | - name: Setup QEMU 102 | uses: docker/setup-qemu-action@v2 103 | 104 | - name: Setup Docker Buildx 105 | uses: docker/setup-buildx-action@v2 106 | id: buildx 107 | 108 | - name: Login to container Registry 109 | uses: docker/login-action@v2 110 | with: 111 | username: ${{ github.repository_owner }} 112 | password: ${{ secrets.GHA_TOKEN }} 113 | registry: ghcr.io 114 | 115 | - name: Publish operator image 116 | uses: docker/build-push-action@v2 117 | with: 118 | push: true 119 | builder: ${{ steps.buildx.outputs.name }} 120 | context: . 121 | file: ./bundle.Dockerfile 122 | platforms: linux/arm64,linux/amd64 123 | tags: | 124 | ghcr.io/${{ github.repository_owner }}/mariadb-operator-helm-bundle:${{ needs.version.outputs.version }} 125 | ghcr.io/${{ github.repository_owner }}/mariadb-operator-helm-bundle:latest 126 | labels: | 127 | org.opencontainers.image.title=${{ github.event.repository.name }} 128 | org.opencontainers.image.description=${{ github.event.repository.description }} 129 | org.opencontainers.image.source=${{ github.event.repository.html_url }} 130 | org.opencontainers.image.url=${{ github.event.repository.html_url }} 131 | org.opencontainers.image.revision=${{ github.sha }} 132 | org.opencontainers.image.version=${{ needs.version.outputs.version }} 133 | org.opencontainers.image.created=${{ needs.version.outputs.build_date }} 134 | 135 | operatorhub: 136 | name: OperatorHub 137 | runs-on: ubuntu-latest 138 | needs: 139 | - version 140 | - operator 141 | - bundle 142 | steps: 143 | - name: Checkout 144 | uses: actions/checkout@v4 145 | with: 146 | fetch-depth: 0 147 | 148 | - name: Operator PR 149 | uses: mariadb-operator/openshift-operator-pr@v1 150 | env: 151 | GITHUB_TOKEN: "${{ secrets.GHA_TOKEN }}" 152 | with: 153 | name: "mariadb-operator" 154 | version: "${{ needs.version.outputs.version }}" 155 | fork-repo-name: "mariadb-operator/community-operators" 156 | upstream-repo-name: "k8s-operatorhub/community-operators" 157 | bundle-path-dir: "bundle" 158 | ci-path-file: "bundle/ci.yaml" 159 | user-name: "Martin Montes" 160 | user-email: "martin11lrx@gmail.com" 161 | 162 | openshift: 163 | name: OpenShift 164 | runs-on: ubuntu-latest 165 | needs: 166 | - version 167 | - operator 168 | - bundle 169 | - operatorhub 170 | steps: 171 | - name: Checkout 172 | uses: actions/checkout@v4 173 | with: 174 | fetch-depth: 0 175 | 176 | - name: Operator PR 177 | uses: mariadb-operator/openshift-operator-pr@v1 178 | env: 179 | GITHUB_TOKEN: "${{ secrets.GHA_TOKEN }}" 180 | with: 181 | name: "mariadb-operator" 182 | version: "${{ needs.version.outputs.version }}" 183 | fork-repo-name: "mariadb-operator/community-operators-prod" 184 | upstream-repo-name: "redhat-openshift-ecosystem/community-operators-prod" 185 | bundle-path-dir: "bundle" 186 | ci-path-file: "bundle/ci.yaml" 187 | user-name: "Martin Montes" 188 | user-email: "martin11lrx@gmail.com" -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_databases.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: databases.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: Database 12 | listKind: DatabaseList 13 | plural: databases 14 | shortNames: 15 | - dmdb 16 | singular: database 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Ready")].status 21 | name: Ready 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Ready")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .spec.characterSet 27 | name: CharSet 28 | type: string 29 | - jsonPath: .spec.collate 30 | name: Collate 31 | type: string 32 | - jsonPath: .spec.mariaDbRef.name 33 | name: MariaDB 34 | type: string 35 | - jsonPath: .metadata.creationTimestamp 36 | name: Age 37 | type: date 38 | - jsonPath: .spec.name 39 | name: Name 40 | type: string 41 | name: v1alpha1 42 | schema: 43 | openAPIV3Schema: 44 | description: Database is the Schema for the databases API. It is used to define 45 | a logical database as if you were running a 'CREATE DATABASE' statement. 46 | properties: 47 | apiVersion: 48 | description: |- 49 | APIVersion defines the versioned schema of this representation of an object. 50 | Servers should convert recognized schemas to the latest internal value, and 51 | may reject unrecognized values. 52 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 53 | type: string 54 | kind: 55 | description: |- 56 | Kind is a string value representing the REST resource this object represents. 57 | Servers may infer this from the endpoint the client submits requests to. 58 | Cannot be updated. 59 | In CamelCase. 60 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 61 | type: string 62 | metadata: 63 | type: object 64 | spec: 65 | description: DatabaseSpec defines the desired state of Database 66 | properties: 67 | characterSet: 68 | default: utf8 69 | description: CharacterSet to use in the Database. 70 | type: string 71 | cleanupPolicy: 72 | description: CleanupPolicy defines the behavior for cleaning up a 73 | SQL resource. 74 | enum: 75 | - Skip 76 | - Delete 77 | type: string 78 | collate: 79 | default: utf8_general_ci 80 | description: Collate to use in the Database. 81 | type: string 82 | mariaDbRef: 83 | description: MariaDBRef is a reference to a MariaDB object. 84 | properties: 85 | kind: 86 | description: Kind of the referent. 87 | type: string 88 | name: 89 | type: string 90 | namespace: 91 | type: string 92 | waitForIt: 93 | default: true 94 | description: WaitForIt indicates whether the controller using 95 | this reference should wait for MariaDB to be ready. 96 | type: boolean 97 | type: object 98 | name: 99 | description: Name overrides the default Database name provided by 100 | metadata.name. 101 | maxLength: 80 102 | type: string 103 | requeueInterval: 104 | description: RequeueInterval is used to perform requeue reconciliations. 105 | type: string 106 | retryInterval: 107 | description: RetryInterval is the interval used to perform retries. 108 | type: string 109 | required: 110 | - mariaDbRef 111 | type: object 112 | status: 113 | description: DatabaseStatus defines the observed state of Database 114 | properties: 115 | conditions: 116 | description: Conditions for the Database object. 117 | items: 118 | description: Condition contains details for one aspect of the current 119 | state of this API Resource. 120 | properties: 121 | lastTransitionTime: 122 | description: |- 123 | lastTransitionTime is the last time the condition transitioned from one status to another. 124 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 125 | format: date-time 126 | type: string 127 | message: 128 | description: |- 129 | message is a human readable message indicating details about the transition. 130 | This may be an empty string. 131 | maxLength: 32768 132 | type: string 133 | observedGeneration: 134 | description: |- 135 | observedGeneration represents the .metadata.generation that the condition was set based upon. 136 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 137 | with respect to the current state of the instance. 138 | format: int64 139 | minimum: 0 140 | type: integer 141 | reason: 142 | description: |- 143 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 144 | Producers of specific condition types may define expected values and meanings for this field, 145 | and whether the values are considered a guaranteed API. 146 | The value should be a CamelCase string. 147 | This field may not be empty. 148 | maxLength: 1024 149 | minLength: 1 150 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 151 | type: string 152 | status: 153 | description: status of the condition, one of True, False, Unknown. 154 | enum: 155 | - "True" 156 | - "False" 157 | - Unknown 158 | type: string 159 | type: 160 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 161 | maxLength: 316 162 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 163 | type: string 164 | required: 165 | - lastTransitionTime 166 | - message 167 | - reason 168 | - status 169 | - type 170 | type: object 171 | type: array 172 | type: object 173 | type: object 174 | served: true 175 | storage: true 176 | subresources: 177 | status: {} 178 | status: 179 | acceptedNames: 180 | kind: "" 181 | plural: "" 182 | conditions: null 183 | storedVersions: null 184 | -------------------------------------------------------------------------------- /config/samples/mariadboperator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.mariadb.mmontes.io/v1alpha1 2 | kind: MariadbOperator 3 | metadata: 4 | name: mariadb-operator 5 | spec: 6 | nameOverride: "" 7 | fullnameOverride: "" 8 | 9 | image: 10 | repository: ghcr.io/mariadb-operator/mariadb-operator 11 | pullPolicy: IfNotPresent 12 | # -- Image tag to use. By default the chart appVersion is used 13 | tag: "" 14 | imagePullSecrets: [] 15 | 16 | # -- Controller log level 17 | logLevel: INFO 18 | 19 | # -- Cluster DNS name 20 | clusterName: cluster.local 21 | 22 | ha: 23 | # -- Enable high availability 24 | enabled: false 25 | # -- Number of replicas 26 | replicas: 3 27 | 28 | metrics: 29 | # -- Enable prometheus metrics. Prometheus must be installed in the cluster 30 | enabled: false 31 | serviceMonitor: 32 | # -- Enable controller ServiceMonitor 33 | enabled: true 34 | # -- Labels to be added to the controller ServiceMonitor 35 | additionalLabels: {} 36 | # release: kube-prometheus-stack 37 | # -- Interval to scrape metrics 38 | interval: 30s 39 | # -- Timeout if metrics can't be retrieved in given time interval 40 | scrapeTimeout: 25s 41 | 42 | serviceAccount: 43 | # -- Specifies whether a service account should be created 44 | enabled: true 45 | # -- Automounts the service account token in all containers of the Pod 46 | automount: true 47 | # -- Annotations to add to the service account 48 | annotations: {} 49 | # -- Extra Labels to add to the service account 50 | extraLabels: {} 51 | # -- The name of the service account to use. 52 | # If not set and enabled is true, a name is generated using the fullname template 53 | name: "" 54 | 55 | rbac: 56 | # -- Specifies whether RBAC resources should be created 57 | enabled: true 58 | 59 | # -- Extra arguments to be passed to the controller entrypoint 60 | extrArgs: [] 61 | 62 | # -- Extra volumes to pass to pod. 63 | extraVolumes: [] 64 | 65 | # -- Extra volumes to mount to the container. 66 | extraVolumeMounts: [] 67 | 68 | # -- Annotations to add to controller Pod 69 | podAnnotations: {} 70 | 71 | # -- Security context to add to controller Pod 72 | podSecurityContext: {} 73 | 74 | # -- Security context to add to controller container 75 | securityContext: {} 76 | 77 | # -- Resources to add to controller container 78 | resources: {} 79 | # requests: 80 | # cpu: 10m 81 | # memory: 32Mi 82 | 83 | # -- Node selectors to add to controller Pod 84 | nodeSelector: {} 85 | 86 | # -- Tolerations to add to controller Pod 87 | tolerations: [] 88 | 89 | # -- Affinity to add to controller Pod 90 | affinity: {} 91 | 92 | webhook: 93 | image: 94 | repository: ghcr.io/mariadb-operator/mariadb-operator 95 | pullPolicy: IfNotPresent 96 | # -- Image tag to use. By default the chart appVersion is used 97 | tag: "" 98 | imagePullSecrets: [] 99 | ha: 100 | # -- Enable high availability 101 | enabled: false 102 | # -- Number of replicas 103 | replicas: 3 104 | cert: 105 | certManager: 106 | # -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. 107 | enabled: false 108 | # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. 109 | issuerRef: {} 110 | # -- Duration to be used in the Certificate resource, 111 | duration: "" 112 | # -- Renew before duration to be used in the Certificate resource. 113 | renewBefore: "" 114 | # -- Annotatioms to be added to webhook TLS secret. 115 | secretAnnotations: {} 116 | # -- Path where the CA certificate will be mounted. 117 | caPath: /tmp/k8s-webhook-server/certificate-authority 118 | # -- Path where the certificate will be mounted. 119 | path: /tmp/k8s-webhook-server/serving-certs 120 | # -- Port to be used by the webhook server 121 | port: 10250 122 | # -- Expose the webhook server in the host network 123 | hostNetwork: false 124 | serviceMonitor: 125 | # -- Enable webhook ServiceMonitor. Metrics must be enabled 126 | enabled: true 127 | # -- Labels to be added to the webhook ServiceMonitor 128 | additionalLabels: {} 129 | # release: kube-prometheus-stack 130 | # -- Interval to scrape metrics 131 | interval: 30s 132 | # -- Timeout if metrics can't be retrieved in given time interval 133 | scrapeTimeout: 25s 134 | serviceAccount: 135 | # -- Specifies whether a service account should be created 136 | enabled: true 137 | # -- Automounts the service account token in all containers of the Pod 138 | automount: true 139 | # -- Annotations to add to the service account 140 | annotations: {} 141 | # -- Extra Labels to add to the service account 142 | extraLabels: {} 143 | # -- The name of the service account to use. 144 | # If not set and enabled is true, a name is generated using the fullname template 145 | name: "" 146 | # -- Annotations for webhook configurations. 147 | annotations: {} 148 | # -- Extra arguments to be passed to the webhook entrypoint 149 | extrArgs: [] 150 | # -- Extra volumes to pass to webhook Pod 151 | extraVolumes: [] 152 | # -- Extra volumes to mount to webhook container 153 | extraVolumeMounts: [] 154 | # -- Annotations to add to webhook Pod 155 | podAnnotations: {} 156 | # -- Security context to add to webhook Pod 157 | podSecurityContext: {} 158 | # -- Security context to add to webhook container 159 | securityContext: {} 160 | # -- Resources to add to webhook container 161 | resources: {} 162 | # requests: 163 | # cpu: 10m 164 | # memory: 32Mi 165 | # -- Node selectors to add to controller Pod 166 | nodeSelector: {} 167 | # -- Tolerations to add to controller Pod 168 | tolerations: [] 169 | # -- Affinity to add to controller Pod 170 | affinity: {} 171 | 172 | certController: 173 | # -- Specifies whether the cert-controller should be created. 174 | enabled: true 175 | image: 176 | repository: ghcr.io/mariadb-operator/mariadb-operator 177 | pullPolicy: IfNotPresent 178 | # -- Image tag to use. By default the chart appVersion is used 179 | tag: "" 180 | imagePullSecrets: [] 181 | ha: 182 | # -- Enable high availability 183 | enabled: false 184 | # -- Number of replicas 185 | replicas: 3 186 | # -- CA certificate validity. It must be greater than certValidity. 187 | caValidity: 35064h 188 | # -- Certificate validity. 189 | certValidity: 8766h 190 | # -- Duration used to verify whether a certificate is valid or not. 191 | lookaheadValidity: 2160h 192 | # -- Requeue duration to ensure that certificate gets renewed. 193 | requeueDuration: 5m 194 | serviceMonitor: 195 | # -- Enable cert-controller ServiceMonitor. Metrics must be enabled 196 | enabled: true 197 | # -- Labels to be added to the cert-controller ServiceMonitor 198 | additionalLabels: {} 199 | # release: kube-prometheus-stack 200 | # -- Interval to scrape metrics 201 | interval: 30s 202 | # -- Timeout if metrics can't be retrieved in given time interval 203 | scrapeTimeout: 25s 204 | serviceAccount: 205 | # -- Specifies whether a service account should be created 206 | enabled: true 207 | # -- Automounts the service account token in all containers of the Pod 208 | automount: true 209 | # -- Annotations to add to the service account 210 | annotations: {} 211 | # -- Extra Labels to add to the service account 212 | extraLabels: {} 213 | # -- The name of the service account to use. 214 | # If not set and enabled is true, a name is generated using the fullname template 215 | name: "" 216 | # -- Extra arguments to be passed to the cert-controller entrypoint 217 | extrArgs: [] 218 | # -- Extra volumes to pass to cert-controller Pod 219 | extraVolumes: [] 220 | # -- Extra volumes to mount to cert-controller container 221 | extraVolumeMounts: [] 222 | # -- Annotations to add to cert-controller Pod 223 | podAnnotations: {} 224 | # -- Security context to add to cert-controller Pod 225 | podSecurityContext: {} 226 | # -- Security context to add to cert-controller container 227 | securityContext: {} 228 | # -- Resources to add to cert-controller container 229 | resources: {} 230 | # requests: 231 | # cpu: 10m 232 | # memory: 32Mi 233 | # -- Node selectors to add to controller Pod 234 | nodeSelector: {} 235 | # -- Tolerations to add to controller Pod 236 | tolerations: [] 237 | # -- Affinity to add to controller Pod 238 | affinity: {} 239 | -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_grants.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: grants.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: Grant 12 | listKind: GrantList 13 | plural: grants 14 | shortNames: 15 | - gmdb 16 | singular: grant 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Ready")].status 21 | name: Ready 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Ready")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .spec.database 27 | name: Database 28 | type: string 29 | - jsonPath: .spec.table 30 | name: Table 31 | type: string 32 | - jsonPath: .spec.username 33 | name: Username 34 | type: string 35 | - jsonPath: .spec.grantOption 36 | name: GrantOpt 37 | type: string 38 | - jsonPath: .spec.mariaDbRef.name 39 | name: MariaDB 40 | type: string 41 | - jsonPath: .metadata.creationTimestamp 42 | name: Age 43 | type: date 44 | name: v1alpha1 45 | schema: 46 | openAPIV3Schema: 47 | description: Grant is the Schema for the grants API. It is used to define 48 | grants as if you were running a 'GRANT' statement. 49 | properties: 50 | apiVersion: 51 | description: |- 52 | APIVersion defines the versioned schema of this representation of an object. 53 | Servers should convert recognized schemas to the latest internal value, and 54 | may reject unrecognized values. 55 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 56 | type: string 57 | kind: 58 | description: |- 59 | Kind is a string value representing the REST resource this object represents. 60 | Servers may infer this from the endpoint the client submits requests to. 61 | Cannot be updated. 62 | In CamelCase. 63 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 64 | type: string 65 | metadata: 66 | type: object 67 | spec: 68 | description: GrantSpec defines the desired state of Grant 69 | properties: 70 | cleanupPolicy: 71 | description: CleanupPolicy defines the behavior for cleaning up a 72 | SQL resource. 73 | enum: 74 | - Skip 75 | - Delete 76 | type: string 77 | database: 78 | default: '*' 79 | description: Database to use in the Grant. 80 | type: string 81 | grantOption: 82 | default: false 83 | description: GrantOption to use in the Grant. 84 | type: boolean 85 | host: 86 | description: Host to use in the Grant. It can be localhost, an IP 87 | or '%'. 88 | type: string 89 | mariaDbRef: 90 | description: MariaDBRef is a reference to a MariaDB object. 91 | properties: 92 | kind: 93 | description: Kind of the referent. 94 | type: string 95 | name: 96 | type: string 97 | namespace: 98 | type: string 99 | waitForIt: 100 | default: true 101 | description: WaitForIt indicates whether the controller using 102 | this reference should wait for MariaDB to be ready. 103 | type: boolean 104 | type: object 105 | privileges: 106 | description: Privileges to use in the Grant. 107 | items: 108 | type: string 109 | minItems: 1 110 | type: array 111 | requeueInterval: 112 | description: RequeueInterval is used to perform requeue reconciliations. 113 | type: string 114 | retryInterval: 115 | description: RetryInterval is the interval used to perform retries. 116 | type: string 117 | table: 118 | default: '*' 119 | description: Table to use in the Grant. 120 | type: string 121 | username: 122 | description: Username to use in the Grant. 123 | type: string 124 | required: 125 | - mariaDbRef 126 | - privileges 127 | - username 128 | type: object 129 | status: 130 | description: GrantStatus defines the observed state of Grant 131 | properties: 132 | conditions: 133 | description: Conditions for the Grant object. 134 | items: 135 | description: Condition contains details for one aspect of the current 136 | state of this API Resource. 137 | properties: 138 | lastTransitionTime: 139 | description: |- 140 | lastTransitionTime is the last time the condition transitioned from one status to another. 141 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 142 | format: date-time 143 | type: string 144 | message: 145 | description: |- 146 | message is a human readable message indicating details about the transition. 147 | This may be an empty string. 148 | maxLength: 32768 149 | type: string 150 | observedGeneration: 151 | description: |- 152 | observedGeneration represents the .metadata.generation that the condition was set based upon. 153 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 154 | with respect to the current state of the instance. 155 | format: int64 156 | minimum: 0 157 | type: integer 158 | reason: 159 | description: |- 160 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 161 | Producers of specific condition types may define expected values and meanings for this field, 162 | and whether the values are considered a guaranteed API. 163 | The value should be a CamelCase string. 164 | This field may not be empty. 165 | maxLength: 1024 166 | minLength: 1 167 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 168 | type: string 169 | status: 170 | description: status of the condition, one of True, False, Unknown. 171 | enum: 172 | - "True" 173 | - "False" 174 | - Unknown 175 | type: string 176 | type: 177 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 178 | maxLength: 316 179 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 180 | type: string 181 | required: 182 | - lastTransitionTime 183 | - message 184 | - reason 185 | - status 186 | - type 187 | type: object 188 | type: array 189 | currentPrivileges: 190 | description: |- 191 | CurrentPrivileges is the list of current privileges used in the Grant. 192 | It allows to detect the divergence from the desired privileges. 193 | items: 194 | type: string 195 | type: array 196 | type: object 197 | type: object 198 | served: true 199 | storage: true 200 | subresources: 201 | status: {} 202 | status: 203 | acceptedNames: 204 | kind: "" 205 | plural: "" 206 | conditions: null 207 | storedVersions: null 208 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | VERSION ?= 25.10.3 2 | 3 | CHANNELS ?= alpha 4 | BUNDLE_CHANNELS := --channels=$(CHANNELS) 5 | 6 | DEFAULT_CHANNEL ?= alpha 7 | BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) 8 | 9 | DEFAULT_PACKAGE ?= mariadb-operator 10 | BUNDLE_PACKAGE := --package=$(DEFAULT_PACKAGE) 11 | 12 | BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) $(BUNDLE_PACKAGE) 13 | 14 | # IMAGE_TAG_BASE defines the ghcr.io namespace and part of the image name for remote images. 15 | # This variable is used to construct full image tags for bundle and catalog images. 16 | # 17 | # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both 18 | # mariadb.mmontes.io/helm-operator-bundle:$VERSION and mariadb.mmontes.io/helm-operator-catalog:$VERSION. 19 | IMAGE_TAG_BASE ?= ghcr.io/mariadb-operator/mariadb-operator-helm 20 | 21 | # BUNDLE_IMG defines the image:tag used for the bundle. 22 | # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) 23 | BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:$(VERSION) 24 | 25 | # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command 26 | BUNDLE_GEN_FLAGS ?= -q --overwrite=false --version $(VERSION) $(BUNDLE_METADATA_OPTS) 27 | 28 | # USE_IMAGE_DIGESTS defines if images are resolved via tags or digests 29 | # You can enable this value if you would like to use SHA Based Digests 30 | # To enable set flag to true 31 | USE_IMAGE_DIGESTS ?= false 32 | ifeq ($(USE_IMAGE_DIGESTS), true) 33 | BUNDLE_GEN_FLAGS += --use-image-digests 34 | endif 35 | 36 | # Image URL to use all building/pushing image targets 37 | IMG ?= ghcr.io/mariadb-operator/mariadb-operator-helm:$(VERSION) 38 | 39 | .PHONY: all 40 | all: help 41 | 42 | ##@ General 43 | 44 | # The help target prints out all targets with their descriptions organized 45 | # beneath their categories. The categories are represented by '##@' and the 46 | # target descriptions by '##'. The awk commands is responsible for reading the 47 | # entire set of makefiles included in this invocation, looking for lines of the 48 | # file as xyz: ## something, and then pretty-format the target and help. Then, 49 | # if there's a line with ##@ something, that gets pretty-printed as a category. 50 | # More info on the usage of ANSI control characters for terminal formatting: 51 | # https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters 52 | # More info on the awk command: 53 | # http://linuxcommand.org/lc3_adv_awk.php 54 | 55 | .PHONY: help 56 | help: ## Display this help. 57 | @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) 58 | 59 | ##@ Sync 60 | 61 | .PHONY: sync-chart 62 | sync-chart: ## Sync helm chart. 63 | @./hack/sync-chart.sh $(VERSION) 64 | 65 | ##@ Build 66 | 67 | .PHONY: run 68 | run: helm-operator ## Run against the configured Kubernetes cluster in ~/.kube/config. 69 | $(HELM_OPERATOR) run 70 | 71 | .PHONY: docker-build 72 | docker-build: ## Build docker image with the manager. 73 | docker build -t ${IMG} . 74 | 75 | .PHONY: docker-push 76 | docker-push: ## Push docker image with the manager. 77 | docker push ${IMG} 78 | 79 | CLUSTER ?= mdb 80 | .PHONY: docker-load 81 | docker-load: kind ## Load docker image in KIND. 82 | $(KIND) load docker-image --name ${CLUSTER} ${IMG} 83 | 84 | # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple 85 | # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: 86 | # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ 87 | # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ 88 | # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) 89 | # To properly provided solutions that supports more than one platform you should use this option. 90 | PLATFORMS ?= linux/arm64,linux/amd64 91 | .PHONY: docker-buildx 92 | docker-buildx: ## Build and push docker image for the manager for cross-platform support. 93 | # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile 94 | sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross 95 | - docker buildx create --name project-v3-builder 96 | docker buildx use project-v3-builder 97 | - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . 98 | - docker buildx rm project-v3-builder 99 | rm Dockerfile.cross 100 | 101 | ##@ Deployment 102 | 103 | .PHONY: install 104 | install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. 105 | $(KUSTOMIZE) build config/crd | kubectl apply -f - 106 | 107 | .PHONY: uninstall 108 | uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. 109 | $(KUSTOMIZE) build config/crd | kubectl delete -f - 110 | 111 | .PHONY: deploy 112 | deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. 113 | cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} 114 | $(KUSTOMIZE) build config/default | kubectl apply -f - 115 | 116 | .PHONY: undeploy 117 | undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. 118 | $(KUSTOMIZE) build config/default | kubectl delete -f - 119 | 120 | OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') 121 | ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') 122 | 123 | .PHONY: bundle 124 | bundle: operator-sdk kustomize sync-chart ## Generate bundle manifests and metadata, then validate generated files. 125 | $(OPERATOR_SDK) generate kustomize manifests -q 126 | cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) 127 | $(YQ) e -i '.metadata.annotations.containerImage = "$(IMG)"' config/manifests/bases/mariadb-operator.clusterserviceversion.yaml 128 | $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) 129 | $(OPERATOR_SDK) bundle validate ./bundle --select-optional suite=operatorframework 130 | 131 | .PHONY: bundle-build 132 | bundle-build: ## Build the bundle image. 133 | docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . 134 | 135 | .PHONY: bundle-push 136 | bundle-push: ## Push the bundle image. 137 | $(MAKE) docker-push IMG=$(BUNDLE_IMG) 138 | 139 | # A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). 140 | # These images MUST exist in a registry and be pull-able. 141 | BUNDLE_IMGS ?= $(BUNDLE_IMG) 142 | 143 | # The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). 144 | CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:$(VERSION) 145 | 146 | # Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. 147 | ifneq ($(origin CATALOG_BASE_IMG), undefined) 148 | FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) 149 | endif 150 | 151 | # Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. 152 | # This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: 153 | # https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator 154 | .PHONY: catalog-build 155 | catalog-build: opm ## Build a catalog image. 156 | $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) 157 | 158 | # Push the catalog image. 159 | .PHONY: catalog-push 160 | catalog-push: ## Push a catalog image. 161 | $(MAKE) docker-push IMG=$(CATALOG_IMG) 162 | 163 | ##@ Tooling 164 | 165 | .PHONY: kustomize 166 | KUSTOMIZE = $(shell pwd)/bin/kustomize 167 | kustomize: ## Download kustomize locally if necessary. 168 | ifeq (,$(wildcard $(KUSTOMIZE))) 169 | ifeq (,$(shell which kustomize 2>/dev/null)) 170 | @{ \ 171 | set -e ;\ 172 | mkdir -p $(dir $(KUSTOMIZE)) ;\ 173 | curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCH).tar.gz | \ 174 | tar xzf - -C bin/ ;\ 175 | } 176 | else 177 | KUSTOMIZE = $(shell which kustomize) 178 | endif 179 | endif 180 | 181 | .PHONY: helm-operator 182 | HELM_OPERATOR = $(shell pwd)/bin/helm-operator 183 | helm-operator: ## Download helm-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. 184 | ifeq (,$(wildcard $(HELM_OPERATOR))) 185 | ifeq (,$(shell which helm-operator 2>/dev/null)) 186 | @{ \ 187 | set -e ;\ 188 | mkdir -p $(dir $(HELM_OPERATOR)) ;\ 189 | curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.26.0/helm-operator_$(OS)_$(ARCH) ;\ 190 | chmod +x $(HELM_OPERATOR) ;\ 191 | } 192 | else 193 | HELM_OPERATOR = $(shell which helm-operator) 194 | endif 195 | endif 196 | 197 | OPERATOR_SDK_RELEASE = v1.26.0 198 | OPERATOR_SDK = $(shell pwd)/bin/operator-sdk-$(OPERATOR_SDK_RELEASE) 199 | OPERATOR_SDK_DL_URL = https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_RELEASE)/operator-sdk_$(OS)_$(ARCH) 200 | .PHONY: operator-sdk 201 | operator-sdk: 202 | ifeq (,$(wildcard $(OPERATOR_SDK))) 203 | ifeq (,$(shell which $(OPERATOR_SDK) 2>/dev/null)) 204 | @{ \ 205 | set -e ;\ 206 | mkdir -p $(shell pwd)/bin ;\ 207 | curl -sL -o $(OPERATOR_SDK) $(OPERATOR_SDK_DL_URL) ;\ 208 | chmod +x $(OPERATOR_SDK) ;\ 209 | } 210 | else 211 | OPERATOR_SDK = $(shell which $(OPERATOR_SDK)) 212 | endif 213 | endif 214 | 215 | .PHONY: yq 216 | YQ = $(shell pwd)/bin/yq 217 | yq: ## Download yq locally if necessary. 218 | ifeq (,$(wildcard $(YQ))) 219 | ifeq (,$(shell which yq 2>/dev/null)) 220 | @{ \ 221 | set -e ;\ 222 | mkdir -p $(dir $(YQ)) ;\ 223 | curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.16.1/yq_linux_amd64.tar.gz | \ 224 | tar xzf - -C bin/ ;\ 225 | mv bin/yq_linux_amd64 bin/yq ;\ 226 | } 227 | else 228 | YQ = $(shell which yq) 229 | endif 230 | endif 231 | 232 | .PHONY: opm 233 | OPM = ./bin/opm 234 | opm: ## Download opm locally if necessary. 235 | ifeq (,$(wildcard $(OPM))) 236 | ifeq (,$(shell which opm 2>/dev/null)) 237 | @{ \ 238 | set -e ;\ 239 | mkdir -p $(dir $(OPM)) ;\ 240 | curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCH)-opm ;\ 241 | chmod +x $(OPM) ;\ 242 | } 243 | else 244 | OPM = $(shell which opm) 245 | endif 246 | endif 247 | 248 | LOCALBIN ?= $(shell pwd)/bin 249 | $(LOCALBIN): 250 | mkdir -p $(LOCALBIN) 251 | 252 | .PHONY: kind 253 | KIND = ./bin/kind 254 | KIND_VERSION ?= 25.10.3 255 | kind: ## Download kind locally if necessary. 256 | ifeq (,$(wildcard $(KIND))) 257 | ifeq (,$(shell which kind 2>/dev/null)) 258 | @{ \ 259 | set -e ;\ 260 | mkdir -p $(dir $(KIND)) ;\ 261 | GOBIN=$(LOCALBIN) go install sigs.k8s.io/kind@$(KIND_VERSION) ;\ 262 | chmod +x $(KIND) ;\ 263 | } 264 | else 265 | KIND = $(shell which kind) 266 | endif 267 | endif 268 | -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_users.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: users.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: User 12 | listKind: UserList 13 | plural: users 14 | shortNames: 15 | - umdb 16 | singular: user 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Ready")].status 21 | name: Ready 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Ready")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .spec.maxUserConnections 27 | name: MaxConns 28 | type: string 29 | - jsonPath: .spec.mariaDbRef.name 30 | name: MariaDB 31 | type: string 32 | - jsonPath: .metadata.creationTimestamp 33 | name: Age 34 | type: date 35 | name: v1alpha1 36 | schema: 37 | openAPIV3Schema: 38 | description: User is the Schema for the users API. It is used to define grants 39 | as if you were running a 'CREATE USER' statement. 40 | properties: 41 | apiVersion: 42 | description: |- 43 | APIVersion defines the versioned schema of this representation of an object. 44 | Servers should convert recognized schemas to the latest internal value, and 45 | may reject unrecognized values. 46 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 47 | type: string 48 | kind: 49 | description: |- 50 | Kind is a string value representing the REST resource this object represents. 51 | Servers may infer this from the endpoint the client submits requests to. 52 | Cannot be updated. 53 | In CamelCase. 54 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 55 | type: string 56 | metadata: 57 | type: object 58 | spec: 59 | description: UserSpec defines the desired state of User 60 | properties: 61 | cleanupPolicy: 62 | description: CleanupPolicy defines the behavior for cleaning up a 63 | SQL resource. 64 | enum: 65 | - Skip 66 | - Delete 67 | type: string 68 | host: 69 | description: Host related to the User. 70 | maxLength: 255 71 | type: string 72 | mariaDbRef: 73 | description: MariaDBRef is a reference to a MariaDB object. 74 | properties: 75 | kind: 76 | description: Kind of the referent. 77 | type: string 78 | name: 79 | type: string 80 | namespace: 81 | type: string 82 | waitForIt: 83 | default: true 84 | description: WaitForIt indicates whether the controller using 85 | this reference should wait for MariaDB to be ready. 86 | type: boolean 87 | type: object 88 | maxUserConnections: 89 | default: 10 90 | description: MaxUserConnections defines the maximum number of simultaneous 91 | connections that the User can establish. 92 | format: int32 93 | type: integer 94 | name: 95 | description: Name overrides the default name provided by metadata.name. 96 | maxLength: 80 97 | type: string 98 | passwordHashSecretKeyRef: 99 | description: |- 100 | PasswordHashSecretKeyRef is a reference to the password hash to be used by the User. 101 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. 102 | properties: 103 | key: 104 | type: string 105 | name: 106 | default: "" 107 | type: string 108 | required: 109 | - key 110 | type: object 111 | x-kubernetes-map-type: atomic 112 | passwordPlugin: 113 | description: PasswordPlugin is a reference to the password plugin 114 | and arguments to be used by the User. 115 | properties: 116 | pluginArgSecretKeyRef: 117 | description: |- 118 | PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. 119 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. 120 | properties: 121 | key: 122 | type: string 123 | name: 124 | default: "" 125 | type: string 126 | required: 127 | - key 128 | type: object 129 | x-kubernetes-map-type: atomic 130 | pluginNameSecretKeyRef: 131 | description: |- 132 | PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. 133 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. 134 | properties: 135 | key: 136 | type: string 137 | name: 138 | default: "" 139 | type: string 140 | required: 141 | - key 142 | type: object 143 | x-kubernetes-map-type: atomic 144 | type: object 145 | passwordSecretKeyRef: 146 | description: |- 147 | PasswordSecretKeyRef is a reference to the password to be used by the User. 148 | If not provided, the account will be locked and the password will expire. 149 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. 150 | properties: 151 | key: 152 | type: string 153 | name: 154 | default: "" 155 | type: string 156 | required: 157 | - key 158 | type: object 159 | x-kubernetes-map-type: atomic 160 | requeueInterval: 161 | description: RequeueInterval is used to perform requeue reconciliations. 162 | type: string 163 | require: 164 | description: 'Require specifies TLS requirements for the user to connect. 165 | See: https://mariadb.com/kb/en/securing-connections-for-client-and-server/#requiring-tls.' 166 | properties: 167 | issuer: 168 | description: Issuer indicates that the TLS certificate provided 169 | by the user must be issued by a specific issuer. 170 | type: string 171 | ssl: 172 | description: SSL indicates that the user must connect via TLS. 173 | type: boolean 174 | subject: 175 | description: Subject indicates that the TLS certificate provided 176 | by the user must have a specific subject. 177 | type: string 178 | x509: 179 | description: X509 indicates that the user must provide a valid 180 | x509 certificate to connect. 181 | type: boolean 182 | type: object 183 | retryInterval: 184 | description: RetryInterval is the interval used to perform retries. 185 | type: string 186 | required: 187 | - mariaDbRef 188 | type: object 189 | status: 190 | description: UserStatus defines the observed state of User 191 | properties: 192 | conditions: 193 | description: Conditions for the User object. 194 | items: 195 | description: Condition contains details for one aspect of the current 196 | state of this API Resource. 197 | properties: 198 | lastTransitionTime: 199 | description: |- 200 | lastTransitionTime is the last time the condition transitioned from one status to another. 201 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 202 | format: date-time 203 | type: string 204 | message: 205 | description: |- 206 | message is a human readable message indicating details about the transition. 207 | This may be an empty string. 208 | maxLength: 32768 209 | type: string 210 | observedGeneration: 211 | description: |- 212 | observedGeneration represents the .metadata.generation that the condition was set based upon. 213 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 214 | with respect to the current state of the instance. 215 | format: int64 216 | minimum: 0 217 | type: integer 218 | reason: 219 | description: |- 220 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 221 | Producers of specific condition types may define expected values and meanings for this field, 222 | and whether the values are considered a guaranteed API. 223 | The value should be a CamelCase string. 224 | This field may not be empty. 225 | maxLength: 1024 226 | minLength: 1 227 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 228 | type: string 229 | status: 230 | description: status of the condition, one of True, False, Unknown. 231 | enum: 232 | - "True" 233 | - "False" 234 | - Unknown 235 | type: string 236 | type: 237 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 238 | maxLength: 316 239 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 240 | type: string 241 | required: 242 | - lastTransitionTime 243 | - message 244 | - reason 245 | - status 246 | - type 247 | type: object 248 | type: array 249 | type: object 250 | type: object 251 | served: true 252 | storage: true 253 | subresources: 254 | status: {} 255 | status: 256 | acceptedNames: 257 | kind: "" 258 | plural: "" 259 | conditions: null 260 | storedVersions: null 261 | -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_connections.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: connections.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: Connection 12 | listKind: ConnectionList 13 | plural: connections 14 | shortNames: 15 | - cmdb 16 | singular: connection 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Ready")].status 21 | name: Ready 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Ready")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .spec.secretName 27 | name: Secret 28 | type: string 29 | - jsonPath: .metadata.creationTimestamp 30 | name: Age 31 | type: date 32 | name: v1alpha1 33 | schema: 34 | openAPIV3Schema: 35 | description: Connection is the Schema for the connections API. It is used 36 | to configure connection strings for the applications connecting to MariaDB. 37 | properties: 38 | apiVersion: 39 | description: |- 40 | APIVersion defines the versioned schema of this representation of an object. 41 | Servers should convert recognized schemas to the latest internal value, and 42 | may reject unrecognized values. 43 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 44 | type: string 45 | kind: 46 | description: |- 47 | Kind is a string value representing the REST resource this object represents. 48 | Servers may infer this from the endpoint the client submits requests to. 49 | Cannot be updated. 50 | In CamelCase. 51 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 52 | type: string 53 | metadata: 54 | type: object 55 | spec: 56 | description: ConnectionSpec defines the desired state of Connection 57 | properties: 58 | database: 59 | description: Database to use when configuring the Connection. 60 | type: string 61 | healthCheck: 62 | description: HealthCheck to be used in the Connection. 63 | properties: 64 | interval: 65 | description: Interval used to perform health checks. 66 | type: string 67 | retryInterval: 68 | description: RetryInterval is the interval used to perform health 69 | check retries. 70 | type: string 71 | type: object 72 | host: 73 | description: Host to connect to. If not provided, it defaults to the 74 | MariaDB host or to the MaxScale host. 75 | type: string 76 | mariaDbRef: 77 | description: MariaDBRef is a reference to the MariaDB to connect to. 78 | Either MariaDBRef or MaxScaleRef must be provided. 79 | properties: 80 | kind: 81 | description: Kind of the referent. 82 | type: string 83 | name: 84 | type: string 85 | namespace: 86 | type: string 87 | waitForIt: 88 | default: true 89 | description: WaitForIt indicates whether the controller using 90 | this reference should wait for MariaDB to be ready. 91 | type: boolean 92 | type: object 93 | maxScaleRef: 94 | description: MaxScaleRef is a reference to the MaxScale to connect 95 | to. Either MariaDBRef or MaxScaleRef must be provided. 96 | properties: 97 | name: 98 | type: string 99 | namespace: 100 | type: string 101 | type: object 102 | params: 103 | additionalProperties: 104 | type: string 105 | description: Params to be used in the Connection. 106 | type: object 107 | passwordSecretKeyRef: 108 | description: |- 109 | PasswordSecretKeyRef is a reference to the password to use for configuring the Connection. 110 | Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials. 111 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. 112 | properties: 113 | key: 114 | type: string 115 | name: 116 | default: "" 117 | type: string 118 | required: 119 | - key 120 | type: object 121 | x-kubernetes-map-type: atomic 122 | port: 123 | description: Port to connect to. If not provided, it defaults to the 124 | MariaDB port or to the first MaxScale listener. 125 | format: int32 126 | type: integer 127 | secretName: 128 | description: SecretName to be used in the Connection. 129 | type: string 130 | secretTemplate: 131 | description: SecretTemplate to be used in the Connection. 132 | properties: 133 | databaseKey: 134 | description: DatabaseKey to be used in the Secret. 135 | type: string 136 | format: 137 | description: Format to be used in the Secret. 138 | type: string 139 | hostKey: 140 | description: HostKey to be used in the Secret. 141 | type: string 142 | key: 143 | description: Key to be used in the Secret. 144 | type: string 145 | metadata: 146 | description: Metadata to be added to the Secret object. 147 | properties: 148 | annotations: 149 | additionalProperties: 150 | type: string 151 | description: Annotations to be added to children resources. 152 | type: object 153 | labels: 154 | additionalProperties: 155 | type: string 156 | description: Labels to be added to children resources. 157 | type: object 158 | type: object 159 | passwordKey: 160 | description: PasswordKey to be used in the Secret. 161 | type: string 162 | portKey: 163 | description: PortKey to be used in the Secret. 164 | type: string 165 | usernameKey: 166 | description: UsernameKey to be used in the Secret. 167 | type: string 168 | type: object 169 | serviceName: 170 | description: ServiceName to be used in the Connection. 171 | type: string 172 | tlsClientCertSecretRef: 173 | description: |- 174 | TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when checking the connection health. 175 | Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials. 176 | If not provided, the client certificate provided by the referred MariaDB is used if TLS is enabled. 177 | If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the client certificate. 178 | properties: 179 | name: 180 | default: "" 181 | type: string 182 | type: object 183 | username: 184 | description: Username to use for configuring the Connection. 185 | type: string 186 | required: 187 | - username 188 | type: object 189 | status: 190 | description: ConnectionStatus defines the observed state of Connection 191 | properties: 192 | conditions: 193 | description: Conditions for the Connection object. 194 | items: 195 | description: Condition contains details for one aspect of the current 196 | state of this API Resource. 197 | properties: 198 | lastTransitionTime: 199 | description: |- 200 | lastTransitionTime is the last time the condition transitioned from one status to another. 201 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 202 | format: date-time 203 | type: string 204 | message: 205 | description: |- 206 | message is a human readable message indicating details about the transition. 207 | This may be an empty string. 208 | maxLength: 32768 209 | type: string 210 | observedGeneration: 211 | description: |- 212 | observedGeneration represents the .metadata.generation that the condition was set based upon. 213 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 214 | with respect to the current state of the instance. 215 | format: int64 216 | minimum: 0 217 | type: integer 218 | reason: 219 | description: |- 220 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 221 | Producers of specific condition types may define expected values and meanings for this field, 222 | and whether the values are considered a guaranteed API. 223 | The value should be a CamelCase string. 224 | This field may not be empty. 225 | maxLength: 1024 226 | minLength: 1 227 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 228 | type: string 229 | status: 230 | description: status of the condition, one of True, False, Unknown. 231 | enum: 232 | - "True" 233 | - "False" 234 | - Unknown 235 | type: string 236 | type: 237 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 238 | maxLength: 316 239 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 240 | type: string 241 | required: 242 | - lastTransitionTime 243 | - message 244 | - reason 245 | - status 246 | - type 247 | type: object 248 | type: array 249 | type: object 250 | type: object 251 | served: true 252 | storage: true 253 | subresources: 254 | status: {} 255 | status: 256 | acceptedNames: 257 | kind: "" 258 | plural: "" 259 | conditions: null 260 | storedVersions: null 261 | -------------------------------------------------------------------------------- /config/manifests/bases/mariadb-operator.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: '[]' 6 | capabilities: Deep Insights 7 | categories: Database 8 | containerImage: ghcr.io/mariadb-operator/mariadb-operator-helm:25.10.3 9 | description: Run and operate MariaDB in a cloud native way 10 | features.operators.openshift.io/disconnected: "false" 11 | features.operators.openshift.io/fips-compliant: "false" 12 | features.operators.openshift.io/proxy-aware: "false" 13 | features.operators.openshift.io/tls-profiles: "false" 14 | features.operators.openshift.io/token-auth-aws: "false" 15 | features.operators.openshift.io/token-auth-azure: "false" 16 | features.operators.openshift.io/token-auth-gcp: "false" 17 | repository: https://github.com/mariadb-operator/mariadb-operator 18 | support: mariadb-operator 19 | name: mariadb-operator.v0.0.0 20 | namespace: placeholder 21 | spec: 22 | apiservicedefinitions: {} 23 | customresourcedefinitions: 24 | owned: 25 | - description: Configures MariaDB helm chart based operator 26 | displayName: MariadbOperator 27 | kind: MariadbOperator 28 | name: mariadboperators.helm.mariadb.mmontes.io 29 | version: v1alpha1 30 | - description: Provisions a MariaDB instance 31 | displayName: MariaDB 32 | kind: MariaDB 33 | name: mariadbs.k8s.mariadb.com 34 | version: v1alpha1 35 | - description: Configures a backup 36 | displayName: Backup 37 | kind: Backup 38 | name: backups.k8s.mariadb.com 39 | version: v1alpha1 40 | - description: Configures a connection 41 | displayName: Connection 42 | kind: Connection 43 | name: connections.k8s.mariadb.com 44 | version: v1alpha1 45 | - description: Restores a backup 46 | displayName: Restore 47 | kind: Restore 48 | name: restores.k8s.mariadb.com 49 | version: v1alpha1 50 | - description: Defines a logical database 51 | displayName: Database 52 | kind: Database 53 | name: databases.k8s.mariadb.com 54 | version: v1alpha1 55 | - description: Grants permissions to an user in a database 56 | displayName: Grant 57 | kind: Grant 58 | name: grants.k8s.mariadb.com 59 | version: v1alpha1 60 | - description: Defines a SQL job 61 | displayName: SqlJob 62 | kind: SqlJob 63 | name: sqljobs.k8s.mariadb.com 64 | version: v1alpha1 65 | - description: Defines a user 66 | displayName: User 67 | kind: User 68 | name: users.k8s.mariadb.com 69 | version: v1alpha1 70 | - description: Defines a MaxScale database proxy 71 | displayName: MaxScale 72 | kind: MaxScale 73 | name: maxscales.k8s.mariadb.com 74 | version: v1alpha1 75 | - description: Configures a physical backup 76 | displayName: PhysicalBackup 77 | kind: PhysicalBackup 78 | name: physicalbackups.k8s.mariadb.com 79 | version: v1alpha1 80 | - description: Configures an external MariaDB resource 81 | displayName: ExternalMariaDB 82 | kind: ExternalMariaDB 83 | name: externalmariadbs.k8s.mariadb.com 84 | version: v1alpha1 85 | description: | 86 | Install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via [OLM](https://olm.operatorframework.io/) using the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator). 87 | 88 | This helm operator provides provides a 1:1 mapping between the official helm chart and the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, allowing to install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via OLM without having to do any change in the helm chart. 89 | 90 | Normally, you would install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) providing this `values.yaml` to the helm chart: 91 | ```yaml 92 | image: 93 | repository: ghcr.io/mariadb-operator/mariadb-operator 94 | pullPolicy: IfNotPresent 95 | logLevel: INFO 96 | ha: 97 | enabled: true 98 | metrics: 99 | enabled: true 100 | serviceMonitor: 101 | enabled: true 102 | webhook: 103 | cert: 104 | certManager: 105 | enabled: true 106 | ``` 107 | 108 | This helm chart installation is abstracted in the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, which will be reconciled by the helm operator: 109 | ```yaml 110 | apiVersion: helm.k8s.mariadb.com/v1alpha1 111 | kind: MariadbOperator 112 | metadata: 113 | name: mariadb-operator 114 | spec: 115 | image: 116 | repository: ghcr.io/mariadb-operator/mariadb-operator 117 | pullPolicy: IfNotPresent 118 | logLevel: INFO 119 | ha: 120 | enabled: true 121 | metrics: 122 | enabled: true 123 | serviceMonitor: 124 | enabled: true 125 | webhook: 126 | cert: 127 | certManager: 128 | enabled: true 129 | ``` 130 | 131 | Once you have installed the operator, you will able to install a [`MariaDB`](https://github.com/mariadb-operator/mariadb-operator/blob/main/examples/manifests/mariadb_v1alpha1_mariadb.yaml) instance. Refer to the main [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) documentation for getting started with the rest of CRDs. 132 | 133 | ## Documentation 134 | * [mariadb-operator](https://github.com/mariadb-operator/mariadb-operator/blob/main/README.md) 135 | * [mariadb-operator-helm](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/README.md) 136 | 137 | ## Releases 138 | This operator is automatically published in the following repositories whenever a new version of the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator) is released: 139 | - [k8s-operatorhub/community-operators](https://github.com/k8s-operatorhub/community-operators) 140 | - [redhat-openshift-ecosystem/community-operators-prod](https://github.com/redhat-openshift-ecosystem/community-operators-prod) 141 | 142 | ## Roadmap 143 | Take a look at our [roadmap](https://github.com/mariadb-operator/mariadb-operator/blob/main/ROADMAP.md) and feel free to open an issue to suggest new features. 144 | 145 | ## Contributing 146 | We welcome and encourage contributions to this project! Please check our [contributing](https://github.com/mariadb-operator/mariadb-operator/blob/main/CONTRIBUTING.md) and [development](https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/DEVELOPMENT.md) guides. PRs welcome! 147 | 148 | ## Get in touch 149 | Join us on Slack: **[MariaDB Community Slack](https://r.mariadb.com/join-community-slack)**. 150 | displayName: MariaDB Operator 151 | icon: 152 | - base64data: iVBORw0KGgoAAAANSUhEUgAAASAAAAEgCAYAAAAUg66AAAAABHNCSVQICAgIfAhkiAAAHOVJREFUeJzt3XlgTOfCBvBnsm/VBJGIBBE0tTXETrm1VC1JVGtLShE7tS+t0trrKom2qJbartJaQpEQkrSWoATtp733qy1BNllkkE2SyXx/6PVZYkxmzpl3luf3l2Rmznlo+uQ9y/sehVqtVoOISAAr0QGIyHKxgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCSMjegARGTaLv3PJcREH0TSuSTcSElBWVkZmjRtimkzpiOgeXONn1Wo1Wq1gXISkZkoLS3Fgf378d369fjrf/+q8D22trbYvTcKjZs0ee52eAhGRForLy/Hvqi96N6lK2ZNn/Hc8gEeltT327Zp3B4PwYjohQoKCrAvKgpbN2/BtWvXtP7cuV/PanydBUREFcrPz8eJY8cRF3cU8UfjkJ+fX+lt3L17V+PrLCAiC3Pv3j3cu3cPRYWFKCwqQv79fOTn30dOdjZycnJw88ZN/HHpEpKTk1FeXq7XvkpKSjS+zgIiMiN5d/KQkpKM69evIyU5BRkZ6cjNyUVOdjZy79zBndxclJWVGSzPi65xsYCITNitmzeReDIRSUnncPbMr0hPTxcd6Qnu7u4aX2cBEZmYK5cv41BMDPZG7cWtmzdFx9HIw9NT4+ssICITUFhQiB9//AHb/7UNycnJouNorUaNGhpfZwERGbHc3Fxs2bQZ27dtg1KpFB2n0jw8PTS+zgIiMkIlJSXYvHET1q5erdPlb2Ph4+Oj8XUWEJGRSYhPwJJFC3Ej5YboKHp70VwwFhCRkSgqKsKK5cuxZdNm0VEk4ejoCH9/f43vYQERGYGLFy5g2pSpRn9VqzKat2gBaxvNFcPJqESC7fzhR4QOHGRW5QMAwX1DXvgeLsdBJIhKpULEihX45ut1oqNIztHJCWfOnYWzs7PG9/EQjEiABw8e4IPx45EQnyA6iiz6BAW9sHwAjoCIDK6oqAjjRo/GyRMnRUeRhb29PY4kxKNWrVovfC9HQEQGVFBQgPBhw5B0Lkl0FNkMHzFCq/IBOAIiMpiSkhKMHD4CpxITRUeRjbe3Nw4ePgQXFxet3s+rYEQGoFKpMH3qVLMuH2sba0R8sUrr8gFYQEQGsfDT+TgUHSM6hqxmzpqNFoGBlfoMC4hIZtu2bn3h4uymLmzIEIwcParSn+M5ICIZnTl9GsOGDDXoKoSG1rff21i+YgWsrCo/nmEBEckkMyMTQb17Ie9OnugoshkcGor5ixbC2tpap8/zMjyRDFRlZZg6eZJZl8+kKZMxacoUvbbBAiKSQWREJM6dPSc6hiwcHBywcMli9HvnHb23xUMwIomdOX0aQ8Pe0/uRNsbI19cXa9atQ8NXGkqyPV4FI5JQfn4+Zs+YaZbl07ff2/jp4EHJygfgIRiRpBYvWIi0tDTRMSRVpUoVzF+0EMEhL15eo7JYQEQS+eXnn7F71y7RMSTVrn17/HPF5/Dy8pJl+zwHRCSBoqIi9HyzB1Jv3RIdRRJ2dnaYPHUqRo0ZrdP9PdriCIhIAqsiIs2mfBo0bIiIVZF4tVEj2ffFERCRnv795594OyQEqjKV6Ch6USgUGB4ejhmzZsLOzs4g++QIiEgP5eXl+GTuPJMvH2dnZyxbvhw9e/cy6H5ZQER62Lp5C367eFF0DL3Uq1cPa79Zh/oNGhh83zwEI9JRZkYmenTrhoKCAtFRdPZWz55YvmIFnJydhOyfNyIS6WjZ0qUmXT5Dh72PL9esFlY+AA/BiHSSdC4J0QcPio6hs4mTPsCUadNEx+AhGFFlqVQqvB0cgn//+afoKDoZO348ZsyaKToGAB6CEVXaDzt2mGz59AkKwvSZM0THeIQjIKJKUCqV6N6li0mu89MiMBDbdmw32D0+2uAIiKgSVkVEmmT5vPTSS4j4YpVRlQ/AAiLS2l//+xd2bP9edAydzJk3F97e3qJjPIMFRKSlRQsWmOQdz6/4v4J33n1XdIwKsYCItBB98CDOnD4tOoZOxowbJ+uMdn3wJDTRCxQXF6NH124mudCYq5sbEs+chr29vegoFTLOWiQyIl+vWWOS5QMAPd7qYbTlA7CAiDS6dfMmNny7XnQMnXXt2k10BI1YQEQaLFm0GA8ePBAdQycODg5o16G96BgasYCInuPYL78g7uhR0TF01rZdOzg6OoqOoRELiKgCRUVFmP/Jp6Jj6KVrd+M+/AJYQEQVWhURiVs3b4qOoZfXO3USHeGFWEBET/nPf/6DLZs2iY6hF8+ankZ55/PTWEBEj1GpVPho1myUlZWJjqKXNm3bio6gFRYQ0WO2bNqEPy5dEh1Db61atRYdQSssIKK/paenY1VkpOgYkmjVhgVEZDLUajXmzP4QhQWFoqPorVq1aqhXr57oGFphAREB+NeWrTh54oToGJJo1bo1FAqF6BhaYQGRxbt29SqWL1smOoZkWgS2EB1BaywgsmglJSWYNmUqiouLRUeRzGsBAaIjaI0FRBZtyaLF+POPP0THkIyNjQ0aN2kiOobWWEBksaIPHsT3//qX6BiSaty4MRwcHETH0BoLiCzStWvXMGf2h6JjSK5ZwGuiI1QKC4gsjlKpxNiRo0z6scrP07yF6ZyABlhAZGHKysowacJEJCcni44ii+bNm4uOUCksILIocz+ag1OJiaJjyKJatWrwqV1bdIxKYQGRxVj5+Qrs3rVLdAzZtAgMFB2h0lhAZBE2btiAr9esER1DVqZ2/gdgAZEF2LxxE5YuXiI6huyatzCt8z8AC4jM3OaNm7Bk0SLRMWRnY2ODJk2bio5RaTaiAxDJQa1W45+ffWbSj9SpjMaNGxv9AvQVYQGR2SkoKMDMadNxJDZWdBSDCTDBwy+ABURmJiU5BePGjMGVy5dFRzEoU7wCBvAcEJmRA/v34+3gYIsrH8A0r4ABHAGRGbh//z4WfPop9kXtFR1FiBoeHvDy8hIdQycsIDJpPyckYN7HHyMzI1N0FGFMaQGyp7GAyCRlZWVh+bJlFjvqeVygiZ7/AVhAZGJKS0uxdfNmfLnqC7Ocza4LUz3/A7CAyESo1Wocio7B58uXm/wjk6Vkb2+PRo0bi46hMxYQGb3Ek4mIXLkSv128KDqK0XktIAB2dnaiY+iMBURGK+lcEr6IjMTpU6dERzFabduZxiOYn4cFREalvLwcvyT8jG/WrcP5pCTRcYxe6zZtREfQCwuIjEJhQSH2//QTNm7YgOvXr4uOYxLs7OwQYGIrID6NBURC5eTkYPu2bdi6ZSuUeXmi45iU1wICTOoJGBVhAZHBqdVqnEo8hR92bEfckaMoLS0VHckkmfr5H4AFRAaUk5ODPbt248cffsDNGzdExzF5pn7+B2ABkcxUKhVOnjiB3bt2cbQjIUdHR5OdAf84FhDJ4srly9i3dy+idu9Bdna26Dhmp1Xr1rC3txcdQ28sIJJMeno6Du4/gH17o3D5L8tbEsOQXu/cSXQESbCASC95d/IQe/gw9kZF4cL581Cr1aIjWYROnVhAZKGys7NxJDYWMQejce7sWZSXl4uOZFFq1qwJv/r1RceQBAuItJKeno4jh2Pxc0I8zpw5A1WZSnQki2Uuh18AC4g0uHXzJuLj4nEoJoaHV0akU6fOoiNIhgVET/jj0iXEHo7FkdhYXLt6VXQceoqtrS3ad+wgOoZkWEAWTqVS4cL5CzgSG4sjhw8jLS1NdCTSoG27dqhSpYroGJJhAVkglUqFixcu4lBMNA5FxyArK0t0JNLSWz17io4gKRaQhSguLsapk4mIiYlG/NE43L9/X3QkqiQrKyt06dZVdAxJsYDMmFKpRHxcHI7ExiLxxEkUFxeLjkR6CGzZEu7u7qJjSIoFZGaKi4vxc3wC9kbtwYnjJzj3yoyY2+EXwAIyCyUlJTh5/ARiYqJxJDYWhQWFoiORxBQKBbr3eFN0DMmxgEzU4yeS9//0E/LucDEvc9asWTOTffqpJiwgE6JWq3Hh/Hkc2H8Ah6KjkZubKzoSGcibb70lOoIsWEAm4MrlyzgUE4N9e/dxIS8LZGVlheC+IaJjyIIFZKRSklNwYP9+HDxwgHckW7iOr7+OmjVrio4hCxaQEUlLS8PR2COce0VP6D9ggOgIslGo+VMu1L179/DT3n3Ys3s3/rh0SXQcMjKubm449esZk376qSYcAQly4fx57Ni+HYeiY3iDID1XcEiw2ZYPwAIyuPNJSfjm66+REJ8gOgqZAHM+/AJYQAZzPikJkSsjcOb0adFRyES82qgRXm3USHQMWbGAZKZUKvHPpZ9h965dPKlMlTIodLDoCLLjSWgZHYqOwfxPPuENg1Rprm5uOJF4Eo5OTqKjyIojIBnczszER7M/xPFjx0RHIRM19P2hZl8+AEdAkos9fBgffzQHyjzOzSLdODg44PipRFStWlV0FNlxBCSRgoICLJq/ALt37RIdhUxcv3fesYjyAVhAkrh27RomjhuPK5f5NFDSj5WVFUaMHCk6hsFYiQ5g6n7atw99g4JZPiSJN3v0QF3fuqJjGAxHQDpSqVRYtmQpNm3cKDoKmQkrKyuMHT9OdAyDYgHpoKiwEFMmT0b80TjRUciMBIUEo0nTpqJjGBSvglVS1u3bGD1yFCeOkqRsbW1xJD4OPrVri45iUBwBVUJKcgqGhIYiIyNDdBQyM0OHDbO48gE4AtJacnIy3hscituZmaKjkJl5+eWXEX/sF7i6uoqOYnC8CqaF69evI2zQYJYPyWLCBxMtsnwAjoBeKCU5BYP690dOTo7oKGSGfH19ER172KzX/NGEIyAN8u7kYeTw4SwfkoVCocCCxYsstnwAFtBzFRUVYVR4OFJSUkRHITM1YNBAtO/QQXQMoXgIVgFVWRnGjh6DnxO4aqExcXFxQbm63Cye/Orl5YWDhw+hSpUqoqMIxRFQBSJXRrB8jIy1tTW+27wJjRs3ER1Fb1ZWVlgRGWHx5QOwgJ6REBePb9atEx2DnvL+8OEIbNkSd+8qRUfR2+gxY9C6TRvRMYwCC+gxqbduYeb06Vw61cg4OTth/ITxAACl8q7QLI6OjlAoFDp/vk3btpg6fZqEiUwbC+hvpaWlmDh+Au7eFfsDTs8aNDgUrm5uAIC7SnEjoBoeHvg1KQldunXV6fOeNT3x5ZrVsLbhBIT/YgH9LXLlSs7vMlIDBw0EACjz8vDgwQNhOQYMHAAnZye89NJLlf6so5MT1n37LapVqyZDMtPFAgJw7uw5fLd+g+gYVIHXAgLgV78+gIePrhbF2toa/Qc+LMJ7lRwlW1tbI/KLVRY3010bFl9Ad+/exbTJk6FSqURHoQr0e6ffoz+np6cLy9H5jX+gVq1aAID79+9r/TmFQoFFS5agW/fuckUzaRZdQOXl5Zg5fTpntxspOzs79A4KevR16q1bwrKEhoU9+vOdO9o9cEChUGD+ooUY8PchJD3LogtozVerkRAXLzoGPUeXbl2fmKR55coVITm8vb3RqXPnR19rMynZ2toaCxYvQth778kZzeRZ7On4kydOYvWXX4qOQRr0e+fdJ76+/JeYdbcHDh4EK6uHv6sLCgqQn5+v8f12dnZYERGBXn16GyKeSbPIArp29SomT5zI8z5GrFq1aujUudOjr9VqNa4KGAE5Ojpi4OD/f0Ry5gtGPzVq1MBXa9cgsGVLuaOZBYs7BMvOzkb4sOG838fIBYeEwOax+2WSk5NfOPKQQ/+BA554RldmxvMLqGWrlth38ADLpxIsagRUWFCIUSPCkZqaKjoKaaBQKDBw8KAnvvfbxYsGz2FjY4PwUaOe+N7t288WkI2NDT6YPBljx43lTYaVZDH/Wg/vdB7Pmw1NQKfOnVG/QYMnvvf7xd8MnqNPcNCjS+//9fQJ6FatW2Pep5+gUePGhoxmNvQuoKysLNxIuYGSkpJHN2i5vOQCBwdHODs7obq7O9zd3fWaP6OvsrIyfDB+Ao4fOyYsA2kvfNSzTwb99ddfDZpBoVBg9Jixz3w/M/M2AMDf3x8zZs/CP954w6C5zE2lCygrKwvRBw7g2C/HcPHCBRQUFLzwM7a2tvDw9ISXlxd86/nCz88P9Rs0QD0/P9SqVUvWclKpVJg2ZQrijh6VbR8knUaNGz+zSNftzEyDn4B+o2sXNHyl4TPft7W1wcrISASFBD+6Mka603pBMmVeHlZ8/jmidu9BSUmJZAEcnZzg5+f3dynVh2+9eqhfvz7q1K0LW1tbvbZ97949fDRrNmIPH5YoLclt6/fbnimgPbt3Y/aMmQbLoFAosHPPbjRv0cJg+7RUWo2Ajh87hg9nzkJWVpbkAYoKC/HHpUvPnJuxtrFGbZ/a8KtfH371/VDPzw+1a9eBp6cHPDw9n7uObmlpKS7/9Rfijh7Fjzt+kCWzXKxtrOHi7AJra2s4u7g88VppaQmKCotQXl5eqakApiQ4JKTCJUoNvThcr969WT4G8sIR0KaNG/HZ4iUoLy83VCatuLq64qUqVeDk5AhbWzuUlpagIL8AmZmZKCsrEx3vuV5++WW84u8P/1f90aBhQ3h6esLT0xPV3d1RvXp1rQ9HS0pKoMzLw528PCjz8pCbm4u8O3eQk5ODtLQ0pKelIyMjAxnp6SgtLZX5b6U/n9q1sT/64DMzzYuLi9E6MNBgy7A6ODggNj7umZPPJA+NI6BVERFY/eVXhspSKUqlEkqBa8Noq3adOmjfoT06dOiIgBbNUbNmTUm2a2dnhxoeHqjh4aHxfWq1GtnZ2UhPS0NGegYyMtIfFVR6+sM/K/O0m9skF3d3d2zcsrnCZS5Onjhh0DWgR44exfIxoOeOgPbuicLM6dMNncfkKRQKtGzVCkEhwejUuTO8vb1FR3qhwoJCpKamIjU1FWmpqUhLS31YUqlpSE9PR25urmwjYH9/f3z19Vr4+vpW+PrE8eNxOOaQLPt+mmdNTxyNj4ejk5NB9kcaRkAXzp+HtY01VGWcrqCN6tWrY3BYKN4dMMDkfoM6OTuh4SsNK7zqAzxcNSA3Nxe5ubnIun0buTm5yM7ORnZWFnJzc6FUKqFSlaGwsAilpaUoLi5+YuEwe3t7ODg4wM7ODm5V3eDm6oaq1aqibl1fBPcNgYODQ4X7zc3NRfzROFn+zhWZOXs2y8fANJ4DupFyA5/Om4uTJ04aMpNJqVevHsZNmIDeQX0s+gFzctjw7XosW7rUIPtq2aolduzcKfR+NUuk1WX4Q9ExmP/JJ8jNzTVEJpPg5eWF8RMnov+A/rz9XiY9unXHtatXZd+Po5MTDkRHo65vXdn3RU/S6k6qnr17ITY+7ok1USxVDQ8PLFi0EPHHfsGg0MEsH5mcO3vOIOUDAHPnzWP5CKL1rZyurq5Yv/E7jBj57G3ylsDRyQnTZ85AwrFfEDZkiN43SZJmP2zfbpD9dOna5ZmJr2Q4Oj2aefeuXfjk47mS3hFtzN7q1RMfz5sn2SV00uzmjRvo3rWr7BdAqlatipgjsahevbqs+6Hn02kyy7v9+2Pbju1wd3eXOo9R8fPzw5Zt27B67VqWjwF9vWatQa6+Lv5sKctHMJ1n07UIDMTe/fvRtJn5PWrE0dERsz78ENGxh9Gh47NTA0g+qamp2BsVJft+ho8YgTd79JB9P6SZXtN5PWt6YsfOnQgbMsRsZgZ3fL0jYmIPY/TYMU+syEeGsW7tWtmn0rRr3x4fzvlI1n2QdnQ6B1SR33/7DXPnfIz//PvfUmzO4NyqumHOx3Px9mPPoSLDSktLQ7d/vCHr3LU6detgd9ReuFV1k20fpD3Jhi2vBQRg3/6f8PG8uY+e420qQt7ui9i4OJaPYJ8v+6es5VO1alVs3LyF5WNEJBsBPS4/Px8fzZ6NQ9ExUm9aUrXr1MHCxYvQ8fXXRUexeEnnkjB4wADI8OMI4OFtFNu2f4/XAgJk2T7pRpaTHC4uLkY9CdPGxgZhQ97DjJkzOffHCJSXl2PJooWylY+DgwO+3bCe5WOEZCmgnxMSsOHb9XJsWm+BLVti0ZIlz514SYa3e+cuXPofeR4W4ODggG82bEC79u1l2T7pR/JDsMyMTAT17oU8LZ+fbShVqlTBzA9nY+CgQWZzxc4c3L17F2926SrLPEMXFxd8s2E92rRtK/m2SRqSjoBUZWWYMukDoyofhUKBPkFBmDNvrtnfOGmKli5aLEv5VKtWDd9t3oQmTc3vPjVzImkBRa6MQNK5JCk3qZemzZpizty5aNW6tegoVIFTiYmI2rNH8u36+vrim+82oF69epJvm6Ql2SHYiePHET5suFGsHe3l5YXps2YiOCSE67sYqYKCAvR6swfS0tIk3W6Xrl0Q8cUXcHlqUX8yTpKMgHJycjBr+gzh5VOrVi0MDw/H4LBQ2NvbC81Cmi3/bJmk5WNtY40JEydi4qRJPMdnQvQuIJVKhUkTJiI7O1uKPDqp36ABRo0ZjZC+fTl9wgScSkzEDgmX2/D29kbEF6vQIjBQsm2SYej9f+u369bhrIEfm/tfHTp2wIiRI9Gpc2ceapkIpVKJWTOkGS0rFAqEDRmCWbNnw8mZ93OZIr0KKDk52eCP7bG2tkafoCCMGjsG/v7+Bt036e+TuXORmZGp93Ze8X8F8xcu5AUGE6dzAanVasz9aM4TTz+Qk62tLfr264ex48ahTt06BtknSWtf1F7EHIzWaxuurq6YPHUqQsNCuRyuGdD5v+CuH3fi1zNnpMxSISdnJwwcNBgjRoZzUTATduXyZSz49FOdP+/i4oIRI8MxPDy8wgcYkmnS6TJ8UWEhOnXsKOsNh25V3TD0/WEY8v5QuLq6yrYfkl9KcgpCBw5EVlZWpT9bvXp1vDd0KN4bOoQ/B2ZIpxHQrp27ZCsfbx8fjAgPR/+BA+Do6CjLPshw0tPTMTQsrNLlE9C8OQaFDkZwSAift2bGdCqgw4ekfVSutbU1Or/xD4SGhaFT5868j8NMZGVlYWhoGNLT07V6f61atdCzdy+8278/6jdoIHM6MgY6FdDly5f13rFCocBrAQHoExSEXn16o0aNGnpvk4xH3p08vP/eEKSkpGh8n6+vL7r3eBM9evZEs2bNeDuFhdGpgNzd3aHMq/whmJeXF9q0a4sOHTqifccOLB0zdf/+fQwbOhRXHvtFVaVKFXj7+MDHxwfePj5o1KgRApo35xVNC6fTSegzp09j9Zdf4ffff0dRYSEAwNnZGTY2NnBxcYF7jRrw8PCAZ01PePv4wN/fH682asSTiBYiJycH2VlZcHFxgbOLCxwdHXk+jyoky5KsRETa4NleIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJMz/AbUnAlX5uNt8AAAAAElFTkSuQmCC 153 | mediatype: image/png 154 | install: 155 | spec: 156 | deployments: null 157 | strategy: "" 158 | installModes: 159 | - supported: true 160 | type: OwnNamespace 161 | - supported: true 162 | type: SingleNamespace 163 | - supported: true 164 | type: MultiNamespace 165 | - supported: true 166 | type: AllNamespaces 167 | keywords: 168 | - mariadb 169 | - mysql 170 | - operator 171 | - mariadb-operator 172 | - database 173 | - maxscale 174 | links: 175 | - name: GitHub 176 | url: https://github.com/mariadb-operator/mariadb-operator 177 | maintainers: 178 | - email: mariadb-operator@proton.me 179 | name: mmontes11 180 | maturity: alpha 181 | minKubeVersion: 1.16.0 182 | provider: 183 | name: mariadb-operator 184 | url: https://github.com/mariadb-operator/mariadb-operator 185 | version: 0.0.0 186 | -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_externalmariadbs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: externalmariadbs.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: ExternalMariaDB 12 | listKind: ExternalMariaDBList 13 | plural: externalmariadbs 14 | shortNames: 15 | - emdb 16 | singular: externalmariadb 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Ready")].status 21 | name: Ready 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Ready")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .metadata.creationTimestamp 27 | name: Age 28 | type: date 29 | name: v1alpha1 30 | schema: 31 | openAPIV3Schema: 32 | description: ExternalMariaDB is the Schema for the external MariaDBs API. 33 | It is used to define external MariaDB server. 34 | properties: 35 | apiVersion: 36 | description: |- 37 | APIVersion defines the versioned schema of this representation of an object. 38 | Servers should convert recognized schemas to the latest internal value, and 39 | may reject unrecognized values. 40 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 41 | type: string 42 | kind: 43 | description: |- 44 | Kind is a string value representing the REST resource this object represents. 45 | Servers may infer this from the endpoint the client submits requests to. 46 | Cannot be updated. 47 | In CamelCase. 48 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 49 | type: string 50 | metadata: 51 | type: object 52 | spec: 53 | description: ExternalMariaDBSpec defines the desired state of an External 54 | MariaDB 55 | properties: 56 | connection: 57 | description: Connection defines a template to configure a Connection 58 | for the external MariaDB. 59 | properties: 60 | healthCheck: 61 | description: HealthCheck to be used in the Connection. 62 | properties: 63 | interval: 64 | description: Interval used to perform health checks. 65 | type: string 66 | retryInterval: 67 | description: RetryInterval is the interval used to perform 68 | health check retries. 69 | type: string 70 | type: object 71 | params: 72 | additionalProperties: 73 | type: string 74 | description: Params to be used in the Connection. 75 | type: object 76 | port: 77 | description: Port to connect to. If not provided, it defaults 78 | to the MariaDB port or to the first MaxScale listener. 79 | format: int32 80 | type: integer 81 | secretName: 82 | description: SecretName to be used in the Connection. 83 | type: string 84 | secretTemplate: 85 | description: SecretTemplate to be used in the Connection. 86 | properties: 87 | databaseKey: 88 | description: DatabaseKey to be used in the Secret. 89 | type: string 90 | format: 91 | description: Format to be used in the Secret. 92 | type: string 93 | hostKey: 94 | description: HostKey to be used in the Secret. 95 | type: string 96 | key: 97 | description: Key to be used in the Secret. 98 | type: string 99 | metadata: 100 | description: Metadata to be added to the Secret object. 101 | properties: 102 | annotations: 103 | additionalProperties: 104 | type: string 105 | description: Annotations to be added to children resources. 106 | type: object 107 | labels: 108 | additionalProperties: 109 | type: string 110 | description: Labels to be added to children resources. 111 | type: object 112 | type: object 113 | passwordKey: 114 | description: PasswordKey to be used in the Secret. 115 | type: string 116 | portKey: 117 | description: PortKey to be used in the Secret. 118 | type: string 119 | usernameKey: 120 | description: UsernameKey to be used in the Secret. 121 | type: string 122 | type: object 123 | serviceName: 124 | description: ServiceName to be used in the Connection. 125 | type: string 126 | type: object 127 | host: 128 | description: Hostname of the external MariaDB. 129 | type: string 130 | image: 131 | description: |- 132 | Image name to be used to perform operations on the external MariaDB, for example, for taking backups. 133 | The supported format is `:`. Only MariaDB official images are supported. 134 | If not provided, the MariaDB image version be inferred by the operator in runtime. The default MariaDB image will be used in this case, 135 | type: string 136 | imagePullPolicy: 137 | description: ImagePullPolicy is the image pull policy. One of `Always`, 138 | `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. 139 | enum: 140 | - Always 141 | - Never 142 | - IfNotPresent 143 | type: string 144 | imagePullSecrets: 145 | description: ImagePullSecrets is the list of pull Secrets to be used 146 | to pull the image. 147 | items: 148 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.' 149 | properties: 150 | name: 151 | default: "" 152 | type: string 153 | type: object 154 | type: array 155 | inheritMetadata: 156 | description: InheritMetadata defines the metadata to be inherited 157 | by children resources. 158 | properties: 159 | annotations: 160 | additionalProperties: 161 | type: string 162 | description: Annotations to be added to children resources. 163 | type: object 164 | labels: 165 | additionalProperties: 166 | type: string 167 | description: Labels to be added to children resources. 168 | type: object 169 | type: object 170 | passwordSecretKeyRef: 171 | description: PasswordSecretKeyRef is a reference to the password to 172 | connect to the external MariaDB. 173 | properties: 174 | key: 175 | type: string 176 | name: 177 | default: "" 178 | type: string 179 | required: 180 | - key 181 | type: object 182 | x-kubernetes-map-type: atomic 183 | port: 184 | default: 3306 185 | description: Port of the external MariaDB. 186 | format: int32 187 | type: integer 188 | tls: 189 | description: TLS defines the PKI to be used with the external MariaDB. 190 | properties: 191 | clientCASecretRef: 192 | description: |- 193 | ClientCASecretRef is a reference to a Secret containing the client certificate authority keypair. It is used to establish trust and issue client certificates. 194 | One of: 195 | - Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates. 196 | - Secret containing only the 'ca.crt' in order to establish trust. In this case, either clientCertSecretRef or clientCertIssuerRef fields must be provided. 197 | If not provided, a self-signed CA will be provisioned to issue the client certificate. 198 | properties: 199 | name: 200 | default: "" 201 | type: string 202 | type: object 203 | clientCertIssuerRef: 204 | description: |- 205 | ClientCertIssuerRef is a reference to a cert-manager issuer object used to issue the client certificate. cert-manager must be installed previously in the cluster. 206 | It is mutually exclusive with clientCertSecretRef. 207 | By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via clientCASecretRef. 208 | properties: 209 | group: 210 | description: Group of the resource being referred to. 211 | type: string 212 | kind: 213 | description: Kind of the resource being referred to. 214 | type: string 215 | name: 216 | description: Name of the resource being referred to. 217 | type: string 218 | required: 219 | - name 220 | type: object 221 | clientCertSecretRef: 222 | description: |- 223 | ClientCertSecretRef is a reference to a TLS Secret containing the client certificate. 224 | It is mutually exclusive with clientCertIssuerRef. 225 | properties: 226 | name: 227 | default: "" 228 | type: string 229 | type: object 230 | enabled: 231 | description: |- 232 | Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance. 233 | It is enabled by default. 234 | type: boolean 235 | galeraSSTEnabled: 236 | description: |- 237 | GaleraSSTEnabled determines whether Galera SST connections should use TLS. 238 | It disabled by default. 239 | type: boolean 240 | mutual: 241 | description: |- 242 | Mutual specifies whether TLS must be mutual between server and client for external connections. 243 | When set to false, the client certificate will not be sent during the TLS handshake. 244 | It is enabled by default. 245 | type: boolean 246 | required: 247 | description: |- 248 | Required specifies whether TLS must be enforced for all connections. 249 | User TLS requirements take precedence over this. 250 | It disabled by default. 251 | type: boolean 252 | serverCASecretRef: 253 | description: |- 254 | ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates. 255 | One of: 256 | - Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates. 257 | - Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided. 258 | If not provided, a self-signed CA will be provisioned to issue the server certificate. 259 | properties: 260 | name: 261 | default: "" 262 | type: string 263 | type: object 264 | serverCertIssuerRef: 265 | description: |- 266 | ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster. 267 | It is mutually exclusive with serverCertSecretRef. 268 | By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef. 269 | properties: 270 | group: 271 | description: Group of the resource being referred to. 272 | type: string 273 | kind: 274 | description: Kind of the resource being referred to. 275 | type: string 276 | name: 277 | description: Name of the resource being referred to. 278 | type: string 279 | required: 280 | - name 281 | type: object 282 | serverCertSecretRef: 283 | description: |- 284 | ServerCertSecretRef is a reference to a TLS Secret containing the server certificate. 285 | It is mutually exclusive with serverCertIssuerRef. 286 | properties: 287 | name: 288 | default: "" 289 | type: string 290 | type: object 291 | type: object 292 | username: 293 | description: Username is the username to connect to the external MariaDB. 294 | type: string 295 | required: 296 | - host 297 | - username 298 | type: object 299 | status: 300 | description: ExternalMariaDBStatus defines the observed state of MariaDB 301 | properties: 302 | conditions: 303 | description: Conditions for the ExternalMariadb object. 304 | items: 305 | description: Condition contains details for one aspect of the current 306 | state of this API Resource. 307 | properties: 308 | lastTransitionTime: 309 | description: |- 310 | lastTransitionTime is the last time the condition transitioned from one status to another. 311 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 312 | format: date-time 313 | type: string 314 | message: 315 | description: |- 316 | message is a human readable message indicating details about the transition. 317 | This may be an empty string. 318 | maxLength: 32768 319 | type: string 320 | observedGeneration: 321 | description: |- 322 | observedGeneration represents the .metadata.generation that the condition was set based upon. 323 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 324 | with respect to the current state of the instance. 325 | format: int64 326 | minimum: 0 327 | type: integer 328 | reason: 329 | description: |- 330 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 331 | Producers of specific condition types may define expected values and meanings for this field, 332 | and whether the values are considered a guaranteed API. 333 | The value should be a CamelCase string. 334 | This field may not be empty. 335 | maxLength: 1024 336 | minLength: 1 337 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 338 | type: string 339 | status: 340 | description: status of the condition, one of True, False, Unknown. 341 | enum: 342 | - "True" 343 | - "False" 344 | - Unknown 345 | type: string 346 | type: 347 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 348 | maxLength: 316 349 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 350 | type: string 351 | required: 352 | - lastTransitionTime 353 | - message 354 | - reason 355 | - status 356 | - type 357 | type: object 358 | type: array 359 | isGaleraEnabled: 360 | description: IsGaleraEnabled indicates that the external MariaDb has 361 | Galera enabled. 362 | type: boolean 363 | version: 364 | description: Version of the external MariaDB server. 365 | type: string 366 | type: object 367 | required: 368 | - spec 369 | type: object 370 | served: true 371 | storage: true 372 | subresources: 373 | status: {} 374 | status: 375 | acceptedNames: 376 | kind: "" 377 | plural: "" 378 | conditions: null 379 | storedVersions: null 380 | -------------------------------------------------------------------------------- /bundle/manifests/k8s.mariadb.com_sqljobs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.20.0 6 | creationTimestamp: null 7 | name: sqljobs.k8s.mariadb.com 8 | spec: 9 | group: k8s.mariadb.com 10 | names: 11 | kind: SqlJob 12 | listKind: SqlJobList 13 | plural: sqljobs 14 | shortNames: 15 | - smdb 16 | singular: sqljob 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=="Complete")].status 21 | name: Complete 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=="Complete")].message 24 | name: Status 25 | type: string 26 | - jsonPath: .spec.mariaDbRef.name 27 | name: MariaDB 28 | type: string 29 | - jsonPath: .metadata.creationTimestamp 30 | name: Age 31 | type: date 32 | name: v1alpha1 33 | schema: 34 | openAPIV3Schema: 35 | description: SqlJob is the Schema for the sqljobs API. It is used to run sql 36 | scripts as jobs. 37 | properties: 38 | apiVersion: 39 | description: |- 40 | APIVersion defines the versioned schema of this representation of an object. 41 | Servers should convert recognized schemas to the latest internal value, and 42 | may reject unrecognized values. 43 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 44 | type: string 45 | kind: 46 | description: |- 47 | Kind is a string value representing the REST resource this object represents. 48 | Servers may infer this from the endpoint the client submits requests to. 49 | Cannot be updated. 50 | In CamelCase. 51 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 52 | type: string 53 | metadata: 54 | type: object 55 | spec: 56 | description: SqlJobSpec defines the desired state of SqlJob 57 | properties: 58 | affinity: 59 | description: Affinity to be used in the Pod. 60 | properties: 61 | antiAffinityEnabled: 62 | description: |- 63 | AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. 64 | Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. 65 | type: boolean 66 | nodeAffinity: 67 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeaffinity-v1-core' 68 | properties: 69 | preferredDuringSchedulingIgnoredDuringExecution: 70 | items: 71 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#preferredschedulingterm-v1-core' 72 | properties: 73 | preference: 74 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core' 75 | properties: 76 | matchExpressions: 77 | items: 78 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core' 79 | properties: 80 | key: 81 | type: string 82 | operator: 83 | description: |- 84 | A node selector operator is the set of operators that can be used in 85 | a node selector requirement. 86 | type: string 87 | values: 88 | items: 89 | type: string 90 | type: array 91 | x-kubernetes-list-type: atomic 92 | required: 93 | - key 94 | - operator 95 | type: object 96 | type: array 97 | x-kubernetes-list-type: atomic 98 | matchFields: 99 | items: 100 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core' 101 | properties: 102 | key: 103 | type: string 104 | operator: 105 | description: |- 106 | A node selector operator is the set of operators that can be used in 107 | a node selector requirement. 108 | type: string 109 | values: 110 | items: 111 | type: string 112 | type: array 113 | x-kubernetes-list-type: atomic 114 | required: 115 | - key 116 | - operator 117 | type: object 118 | type: array 119 | x-kubernetes-list-type: atomic 120 | type: object 121 | weight: 122 | format: int32 123 | type: integer 124 | required: 125 | - preference 126 | - weight 127 | type: object 128 | type: array 129 | x-kubernetes-list-type: atomic 130 | requiredDuringSchedulingIgnoredDuringExecution: 131 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselector-v1-core' 132 | properties: 133 | nodeSelectorTerms: 134 | items: 135 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorterm-v1-core' 136 | properties: 137 | matchExpressions: 138 | items: 139 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core' 140 | properties: 141 | key: 142 | type: string 143 | operator: 144 | description: |- 145 | A node selector operator is the set of operators that can be used in 146 | a node selector requirement. 147 | type: string 148 | values: 149 | items: 150 | type: string 151 | type: array 152 | x-kubernetes-list-type: atomic 153 | required: 154 | - key 155 | - operator 156 | type: object 157 | type: array 158 | x-kubernetes-list-type: atomic 159 | matchFields: 160 | items: 161 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#nodeselectorrequirement-v1-core' 162 | properties: 163 | key: 164 | type: string 165 | operator: 166 | description: |- 167 | A node selector operator is the set of operators that can be used in 168 | a node selector requirement. 169 | type: string 170 | values: 171 | items: 172 | type: string 173 | type: array 174 | x-kubernetes-list-type: atomic 175 | required: 176 | - key 177 | - operator 178 | type: object 179 | type: array 180 | x-kubernetes-list-type: atomic 181 | type: object 182 | type: array 183 | x-kubernetes-list-type: atomic 184 | required: 185 | - nodeSelectorTerms 186 | type: object 187 | type: object 188 | podAntiAffinity: 189 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podantiaffinity-v1-core.' 190 | properties: 191 | preferredDuringSchedulingIgnoredDuringExecution: 192 | items: 193 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#weightedpodaffinityterm-v1-core.' 194 | properties: 195 | podAffinityTerm: 196 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.' 197 | properties: 198 | labelSelector: 199 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta' 200 | properties: 201 | matchExpressions: 202 | items: 203 | description: 'Refer to the Kubernetes docs: 204 | https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta' 205 | properties: 206 | key: 207 | type: string 208 | operator: 209 | description: A label selector operator 210 | is the set of operators that can be 211 | used in a selector requirement. 212 | type: string 213 | values: 214 | items: 215 | type: string 216 | type: array 217 | x-kubernetes-list-type: atomic 218 | required: 219 | - key 220 | - operator 221 | type: object 222 | type: array 223 | x-kubernetes-list-type: atomic 224 | matchLabels: 225 | additionalProperties: 226 | type: string 227 | type: object 228 | type: object 229 | topologyKey: 230 | type: string 231 | required: 232 | - topologyKey 233 | type: object 234 | weight: 235 | format: int32 236 | type: integer 237 | required: 238 | - podAffinityTerm 239 | - weight 240 | type: object 241 | type: array 242 | x-kubernetes-list-type: atomic 243 | requiredDuringSchedulingIgnoredDuringExecution: 244 | items: 245 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#podaffinityterm-v1-core.' 246 | properties: 247 | labelSelector: 248 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselector-v1-meta' 249 | properties: 250 | matchExpressions: 251 | items: 252 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#labelselectorrequirement-v1-meta' 253 | properties: 254 | key: 255 | type: string 256 | operator: 257 | description: A label selector operator is 258 | the set of operators that can be used in 259 | a selector requirement. 260 | type: string 261 | values: 262 | items: 263 | type: string 264 | type: array 265 | x-kubernetes-list-type: atomic 266 | required: 267 | - key 268 | - operator 269 | type: object 270 | type: array 271 | x-kubernetes-list-type: atomic 272 | matchLabels: 273 | additionalProperties: 274 | type: string 275 | type: object 276 | type: object 277 | topologyKey: 278 | type: string 279 | required: 280 | - topologyKey 281 | type: object 282 | type: array 283 | x-kubernetes-list-type: atomic 284 | type: object 285 | type: object 286 | args: 287 | description: Args to be used in the Container. 288 | items: 289 | type: string 290 | type: array 291 | backoffLimit: 292 | default: 5 293 | description: BackoffLimit defines the maximum number of attempts to 294 | successfully execute a SqlJob. 295 | format: int32 296 | type: integer 297 | database: 298 | description: Username to be used when executing the SqlJob. 299 | type: string 300 | dependsOn: 301 | description: DependsOn defines dependencies with other SqlJob objectecs. 302 | items: 303 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.' 304 | properties: 305 | name: 306 | default: "" 307 | type: string 308 | type: object 309 | type: array 310 | failedJobsHistoryLimit: 311 | description: FailedJobsHistoryLimit defines the maximum number of 312 | failed Jobs to be displayed. 313 | format: int32 314 | minimum: 0 315 | type: integer 316 | imagePullSecrets: 317 | description: ImagePullSecrets is the list of pull Secrets to be used 318 | to pull the image. 319 | items: 320 | description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core.' 321 | properties: 322 | name: 323 | default: "" 324 | type: string 325 | type: object 326 | type: array 327 | inheritMetadata: 328 | description: InheritMetadata defines the metadata to be inherited 329 | by children resources. 330 | properties: 331 | annotations: 332 | additionalProperties: 333 | type: string 334 | description: Annotations to be added to children resources. 335 | type: object 336 | labels: 337 | additionalProperties: 338 | type: string 339 | description: Labels to be added to children resources. 340 | type: object 341 | type: object 342 | mariaDbRef: 343 | description: MariaDBRef is a reference to a MariaDB object. 344 | properties: 345 | kind: 346 | description: Kind of the referent. 347 | type: string 348 | name: 349 | type: string 350 | namespace: 351 | type: string 352 | waitForIt: 353 | default: true 354 | description: WaitForIt indicates whether the controller using 355 | this reference should wait for MariaDB to be ready. 356 | type: boolean 357 | type: object 358 | nodeSelector: 359 | additionalProperties: 360 | type: string 361 | description: NodeSelector to be used in the Pod. 362 | type: object 363 | passwordSecretKeyRef: 364 | description: UserPasswordSecretKeyRef is a reference to the impersonated 365 | user's password to be used when executing the SqlJob. 366 | properties: 367 | key: 368 | type: string 369 | name: 370 | default: "" 371 | type: string 372 | required: 373 | - key 374 | type: object 375 | x-kubernetes-map-type: atomic 376 | podMetadata: 377 | description: PodMetadata defines extra metadata for the Pod. 378 | properties: 379 | annotations: 380 | additionalProperties: 381 | type: string 382 | description: Annotations to be added to children resources. 383 | type: object 384 | labels: 385 | additionalProperties: 386 | type: string 387 | description: Labels to be added to children resources. 388 | type: object 389 | type: object 390 | podSecurityContext: 391 | description: SecurityContext holds pod-level security attributes and 392 | common container settings. 393 | properties: 394 | appArmorProfile: 395 | description: AppArmorProfile defines a pod or container's AppArmor 396 | settings. 397 | properties: 398 | localhostProfile: 399 | description: |- 400 | localhostProfile indicates a profile loaded on the node that should be used. 401 | The profile must be preconfigured on the node to work. 402 | Must match the loaded name of the profile. 403 | Must be set if and only if type is "Localhost". 404 | type: string 405 | type: 406 | description: |- 407 | type indicates which kind of AppArmor profile will be applied. 408 | Valid options are: 409 | Localhost - a profile pre-loaded on the node. 410 | RuntimeDefault - the container runtime's default profile. 411 | Unconfined - no AppArmor enforcement. 412 | type: string 413 | required: 414 | - type 415 | type: object 416 | fsGroup: 417 | format: int64 418 | type: integer 419 | fsGroupChangePolicy: 420 | description: |- 421 | PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume 422 | when volume is mounted. 423 | type: string 424 | runAsGroup: 425 | format: int64 426 | type: integer 427 | runAsNonRoot: 428 | type: boolean 429 | runAsUser: 430 | format: int64 431 | type: integer 432 | seLinuxOptions: 433 | description: SELinuxOptions are the labels to be applied to the 434 | container 435 | properties: 436 | level: 437 | description: Level is SELinux level label that applies to 438 | the container. 439 | type: string 440 | role: 441 | description: Role is a SELinux role label that applies to 442 | the container. 443 | type: string 444 | type: 445 | description: Type is a SELinux type label that applies to 446 | the container. 447 | type: string 448 | user: 449 | description: User is a SELinux user label that applies to 450 | the container. 451 | type: string 452 | type: object 453 | seccompProfile: 454 | description: |- 455 | SeccompProfile defines a pod/container's seccomp profile settings. 456 | Only one profile source may be set. 457 | properties: 458 | localhostProfile: 459 | description: |- 460 | localhostProfile indicates a profile defined in a file on the node should be used. 461 | The profile must be preconfigured on the node to work. 462 | Must be a descending path, relative to the kubelet's configured seccomp profile location. 463 | Must be set if type is "Localhost". Must NOT be set for any other type. 464 | type: string 465 | type: 466 | description: |- 467 | type indicates which kind of seccomp profile will be applied. 468 | Valid options are: 469 | 470 | Localhost - a profile defined in a file on the node should be used. 471 | RuntimeDefault - the container runtime default profile should be used. 472 | Unconfined - no profile should be applied. 473 | type: string 474 | required: 475 | - type 476 | type: object 477 | supplementalGroups: 478 | items: 479 | format: int64 480 | type: integer 481 | type: array 482 | x-kubernetes-list-type: atomic 483 | type: object 484 | priorityClassName: 485 | description: PriorityClassName to be used in the Pod. 486 | type: string 487 | resources: 488 | description: Resources describes the compute resource requirements. 489 | properties: 490 | limits: 491 | additionalProperties: 492 | anyOf: 493 | - type: integer 494 | - type: string 495 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 496 | x-kubernetes-int-or-string: true 497 | description: ResourceList is a set of (resource name, quantity) 498 | pairs. 499 | type: object 500 | requests: 501 | additionalProperties: 502 | anyOf: 503 | - type: integer 504 | - type: string 505 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 506 | x-kubernetes-int-or-string: true 507 | description: ResourceList is a set of (resource name, quantity) 508 | pairs. 509 | type: object 510 | type: object 511 | restartPolicy: 512 | default: OnFailure 513 | description: RestartPolicy to be added to the SqlJob Pod. 514 | enum: 515 | - Always 516 | - OnFailure 517 | - Never 518 | type: string 519 | schedule: 520 | description: Schedule defines when the SqlJob will be executed. 521 | properties: 522 | cron: 523 | description: Cron is a cron expression that defines the schedule. 524 | type: string 525 | suspend: 526 | default: false 527 | description: Suspend defines whether the schedule is active or 528 | not. 529 | type: boolean 530 | required: 531 | - cron 532 | type: object 533 | securityContext: 534 | description: SecurityContext holds security configuration that will 535 | be applied to a container. 536 | properties: 537 | allowPrivilegeEscalation: 538 | type: boolean 539 | capabilities: 540 | description: Adds and removes POSIX capabilities from running 541 | containers. 542 | properties: 543 | add: 544 | description: Added capabilities 545 | items: 546 | description: Capability represent POSIX capabilities type 547 | type: string 548 | type: array 549 | x-kubernetes-list-type: atomic 550 | drop: 551 | description: Removed capabilities 552 | items: 553 | description: Capability represent POSIX capabilities type 554 | type: string 555 | type: array 556 | x-kubernetes-list-type: atomic 557 | type: object 558 | privileged: 559 | type: boolean 560 | readOnlyRootFilesystem: 561 | type: boolean 562 | runAsGroup: 563 | format: int64 564 | type: integer 565 | runAsNonRoot: 566 | type: boolean 567 | runAsUser: 568 | format: int64 569 | type: integer 570 | type: object 571 | serviceAccountName: 572 | description: ServiceAccountName is the name of the ServiceAccount 573 | to be used by the Pods. 574 | type: string 575 | sql: 576 | description: Sql is the script to be executed by the SqlJob. 577 | type: string 578 | sqlConfigMapKeyRef: 579 | description: |- 580 | SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script. 581 | It is defaulted to a ConfigMap with the contents of the Sql field. 582 | properties: 583 | key: 584 | type: string 585 | name: 586 | default: "" 587 | type: string 588 | required: 589 | - key 590 | type: object 591 | x-kubernetes-map-type: atomic 592 | successfulJobsHistoryLimit: 593 | description: SuccessfulJobsHistoryLimit defines the maximum number 594 | of successful Jobs to be displayed. 595 | format: int32 596 | minimum: 0 597 | type: integer 598 | timeZone: 599 | description: TimeZone defines the timezone associated with the cron 600 | expression. 601 | type: string 602 | tlsCASecretRef: 603 | description: |- 604 | TLSCACertSecretRef is a reference toa CA Secret used to establish trust when executing the SqlJob. 605 | If not provided, the CA bundle provided by the referred MariaDB is used. 606 | properties: 607 | name: 608 | default: "" 609 | type: string 610 | type: object 611 | tlsClientCertSecretRef: 612 | description: |- 613 | TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when executing the SqlJob. 614 | If not provided, the client certificate provided by the referred MariaDB is used. 615 | properties: 616 | name: 617 | default: "" 618 | type: string 619 | type: object 620 | tolerations: 621 | description: Tolerations to be used in the Pod. 622 | items: 623 | description: |- 624 | The pod this Toleration is attached to tolerates any taint that matches 625 | the triple using the matching operator . 626 | properties: 627 | effect: 628 | description: |- 629 | Effect indicates the taint effect to match. Empty means match all taint effects. 630 | When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 631 | type: string 632 | key: 633 | description: |- 634 | Key is the taint key that the toleration applies to. Empty means match all taint keys. 635 | If the key is empty, operator must be Exists; this combination means to match all values and all keys. 636 | type: string 637 | operator: 638 | description: |- 639 | Operator represents a key's relationship to the value. 640 | Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. 641 | Exists is equivalent to wildcard for value, so that a pod can 642 | tolerate all taints of a particular category. 643 | Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). 644 | type: string 645 | tolerationSeconds: 646 | description: |- 647 | TolerationSeconds represents the period of time the toleration (which must be 648 | of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 649 | it is not set, which means tolerate the taint forever (do not evict). Zero and 650 | negative values will be treated as 0 (evict immediately) by the system. 651 | format: int64 652 | type: integer 653 | value: 654 | description: |- 655 | Value is the taint value the toleration matches to. 656 | If the operator is Exists, the value should be empty, otherwise just a regular string. 657 | type: string 658 | type: object 659 | type: array 660 | username: 661 | description: Username to be impersonated when executing the SqlJob. 662 | type: string 663 | required: 664 | - mariaDbRef 665 | - passwordSecretKeyRef 666 | - username 667 | type: object 668 | status: 669 | description: SqlJobStatus defines the observed state of SqlJob 670 | properties: 671 | conditions: 672 | description: Conditions for the SqlJob object. 673 | items: 674 | description: Condition contains details for one aspect of the current 675 | state of this API Resource. 676 | properties: 677 | lastTransitionTime: 678 | description: |- 679 | lastTransitionTime is the last time the condition transitioned from one status to another. 680 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 681 | format: date-time 682 | type: string 683 | message: 684 | description: |- 685 | message is a human readable message indicating details about the transition. 686 | This may be an empty string. 687 | maxLength: 32768 688 | type: string 689 | observedGeneration: 690 | description: |- 691 | observedGeneration represents the .metadata.generation that the condition was set based upon. 692 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 693 | with respect to the current state of the instance. 694 | format: int64 695 | minimum: 0 696 | type: integer 697 | reason: 698 | description: |- 699 | reason contains a programmatic identifier indicating the reason for the condition's last transition. 700 | Producers of specific condition types may define expected values and meanings for this field, 701 | and whether the values are considered a guaranteed API. 702 | The value should be a CamelCase string. 703 | This field may not be empty. 704 | maxLength: 1024 705 | minLength: 1 706 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 707 | type: string 708 | status: 709 | description: status of the condition, one of True, False, Unknown. 710 | enum: 711 | - "True" 712 | - "False" 713 | - Unknown 714 | type: string 715 | type: 716 | description: type of condition in CamelCase or in foo.example.com/CamelCase. 717 | maxLength: 316 718 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 719 | type: string 720 | required: 721 | - lastTransitionTime 722 | - message 723 | - reason 724 | - status 725 | - type 726 | type: object 727 | type: array 728 | type: object 729 | type: object 730 | served: true 731 | storage: true 732 | subresources: 733 | status: {} 734 | status: 735 | acceptedNames: 736 | kind: "" 737 | plural: "" 738 | conditions: null 739 | storedVersions: null 740 | --------------------------------------------------------------------------------