# Copyright 2021 The Cockroach Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: labels: control-plane: cockroach-operator name: cockroach-operator-system --- apiVersion: v1 kind: ServiceAccount metadata: labels: app: cockroach-operator name: cockroach-operator-sa namespace: cockroach-operator-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: cockroach-operator-role rules: - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations verbs: - get - patch - update - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - get - patch - update - apiGroups: - apps resources: - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - statefulsets/finalizers verbs: - get - list - watch - apiGroups: - apps resources: - statefulsets/scale verbs: - get - update - watch - apiGroups: - apps resources: - statefulsets/status verbs: - get - patch - update - apiGroups: - batch resources: - jobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - batch resources: - jobs/finalizers verbs: - get - list - watch - apiGroups: - batch resources: - jobs/status verbs: - get - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests verbs: - create - delete - get - list - patch - watch - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests/approval verbs: - update - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests/status verbs: - get - patch - update - apiGroups: - "" resources: - configmaps verbs: - get - apiGroups: - "" resources: - configmaps/status verbs: - get - apiGroups: - "" resources: - nodes verbs: - get - list - apiGroups: - "" resources: - pods verbs: - get - list - apiGroups: - "" resources: - pods/exec verbs: - create - apiGroups: - "" resources: - pods/log verbs: - get - apiGroups: - "" resources: - secrets verbs: - create - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - list - watch - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services/finalizers verbs: - get - list - watch - apiGroups: - "" resources: - services/status verbs: - get - patch - update - apiGroups: - crdb.cockroachlabs.com resources: - crdbclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - crdb.cockroachlabs.com resources: - crdbclusters/finalizers verbs: - update - apiGroups: - crdb.cockroachlabs.com resources: - crdbclusters/status verbs: - get - patch - update - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - policy resources: - poddisruptionbudgets/finalizers verbs: - get - list - watch - apiGroups: - policy resources: - poddisruptionbudgets/status verbs: - get - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - create - get - list - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles verbs: - create - get - list - watch - apiGroups: - security.openshift.io resources: - securitycontextconstraints verbs: - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cockroach-operator-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cockroach-operator-role subjects: - kind: ServiceAccount name: cockroach-operator-sa namespace: cockroach-operator-system --- apiVersion: v1 kind: Service metadata: labels: control-plane: cockroach-operator name: cockroach-operator-webhook-service namespace: cockroach-operator-system spec: ports: - port: 443 targetPort: 9443 selector: app: cockroach-operator --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: cockroach-operator name: cockroach-operator-manager namespace: cockroach-operator-system spec: replicas: 1 selector: matchLabels: app: cockroach-operator template: metadata: labels: app: cockroach-operator spec: containers: - args: - -zap-log-level - info env: - name: OPERATOR_NAME value: cockroachdb - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: cockroachdb/cockroach-operator:v2.4.0 imagePullPolicy: IfNotPresent name: cockroach-operator resources: requests: cpu: 10m memory: 32Mi serviceAccountName: cockroach-operator-sa --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null name: cockroach-operator-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: cockroach-operator-webhook-service namespace: cockroach-operator-system path: /mutate-crdb-cockroachlabs-com-v1alpha1-crdbcluster failurePolicy: Fail name: mcrdbcluster.kb.io rules: - apiGroups: - crdb.cockroachlabs.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - crdbclusters sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: creationTimestamp: null name: cockroach-operator-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: cockroach-operator-webhook-service namespace: cockroach-operator-system path: /validate-crdb-cockroachlabs-com-v1alpha1-crdbcluster failurePolicy: Fail name: vcrdbcluster.kb.io rules: - apiGroups: - crdb.cockroachlabs.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - crdbclusters sideEffects: None