controller 0.59.0

Tembo Operator for Postgres
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kubernetes.io/metadata.name: coredb-operator
  name: coredb-operator

---
# Scoped service account
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredb-controller
  namespace: coredb-operator
automountServiceAccountToken: true

---
# Access for the service account
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: control-cdb
rules:
  - apiGroups: ["coredb.io"]
    resources: ["coredbs", "coredbs/status"]
    verbs: ["get", "list", "watch", "patch", "update"]
  - apiGroups: ["events.k8s.io"]
    resources: ["events"]
    verbs: ["create"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "patch"]
  - apiGroups: ["apps"]
    resources: ["statefulsets"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: [""]
    resources: ["services", "secrets", "pods", "pods/exec", "namespaces/status", "serviceaccounts", "secrets", "configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["roles", "rolebindings"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
---
# Binding the role to the account in coredb-operator ns
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: coredb-controller-binding
subjects:
- kind: ServiceAccount
  namespace: coredb-operator
  name: coredb-controller
roleRef:
  kind: ClusterRole
  name: control-cdb
  apiGroup: rbac.authorization.k8s.io

---
# Expose the http port of the service
apiVersion: v1
kind: Service
metadata:
  name: coredb-controller
  namespace: coredb-operator
  labels:
    app: coredb-controller
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: coredb-controller

---
# Main deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredb-controller
  namespace: coredb-operator
  labels:
    app: coredb-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: coredb-controller
  template:
    metadata:
      labels:
        app: coredb-controller
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
    spec:
      serviceAccountName: coredb-controller
      containers:
      - name: coredb-controller
        image: quay.io/coredb/coredb-operator:latest
        imagePullPolicy: Always
        resources:
          limits:
            cpu: 200m
            memory: 256Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        env:
        # We are pointing to tempo or grafana tracing agent's otlp grpc receiver port
        - name: OPENTELEMETRY_ENDPOINT_URL
          value: "https://10.96.239.210:8080"
        - name: RUST_LOG
          value: "info,kube=debug,controller=debug"
        - name: ENABLE_BACKUP
          value: "false"
        readinessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 5
          periodSeconds: 5