| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| apiVersion: v1 |
| kind: Namespace |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| control-plane: controller-manager |
| name: hugegraph-computer-operator-system |
| --- |
| apiVersion: storage.k8s.io/v1 |
| kind: StorageClass |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-local-storage |
| namespace: system |
| provisioner: kubernetes.io/no-provisioner |
| volumeBindingMode: WaitForFirstConsumer |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-controller-manager |
| namespace: hugegraph-computer-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: Role |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-leader-election-role |
| namespace: hugegraph-computer-operator-system |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| verbs: |
| - get |
| - list |
| - watch |
| - create |
| - update |
| - patch |
| - delete |
| - apiGroups: |
| - coordination.k8s.io |
| resources: |
| - leases |
| verbs: |
| - get |
| - list |
| - watch |
| - create |
| - update |
| - patch |
| - delete |
| - apiGroups: |
| - "" |
| resources: |
| - events |
| verbs: |
| - create |
| - patch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| creationTimestamp: null |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-manager-role |
| rules: |
| - apiGroups: |
| - apps |
| resources: |
| - deployments |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - apps |
| resources: |
| - deployments/status |
| verbs: |
| - get |
| - apiGroups: |
| - apps |
| resources: |
| - statefulsets |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - apps |
| resources: |
| - statefulsets/status |
| verbs: |
| - get |
| - apiGroups: |
| - batch |
| resources: |
| - jobs |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - batch |
| resources: |
| - jobs/status |
| verbs: |
| - get |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - events |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - events/status |
| verbs: |
| - get |
| - apiGroups: |
| - "" |
| resources: |
| - namespaces |
| verbs: |
| - create |
| - get |
| - update |
| - apiGroups: |
| - "" |
| resources: |
| - pods |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - pods/log |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - pods/status |
| verbs: |
| - get |
| - apiGroups: |
| - "" |
| resources: |
| - secrets |
| verbs: |
| - get |
| - apiGroups: |
| - "" |
| resources: |
| - services |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - services/status |
| verbs: |
| - get |
| - apiGroups: |
| - extensions |
| resources: |
| - ingresses |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - extensions |
| resources: |
| - ingresses/status |
| verbs: |
| - get |
| - apiGroups: |
| - operator.hugegraph.apache.org |
| resources: |
| - hugegraphcomputerjobs |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - operator.hugegraph.apache.org |
| resources: |
| - hugegraphcomputerjobs/finalizers |
| verbs: |
| - update |
| - apiGroups: |
| - operator.hugegraph.apache.org |
| resources: |
| - hugegraphcomputerjobs/status |
| verbs: |
| - get |
| - patch |
| - update |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-metrics-reader |
| rules: |
| - nonResourceURLs: |
| - /metrics |
| verbs: |
| - get |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-proxy-role |
| rules: |
| - apiGroups: |
| - authentication.k8s.io |
| resources: |
| - tokenreviews |
| verbs: |
| - create |
| - apiGroups: |
| - authorization.k8s.io |
| resources: |
| - subjectaccessreviews |
| verbs: |
| - create |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-leader-election-rolebinding |
| namespace: hugegraph-computer-operator-system |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: hugegraph-computer-operator-leader-election-role |
| subjects: |
| - kind: ServiceAccount |
| name: hugegraph-computer-operator-controller-manager |
| namespace: hugegraph-computer-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-manager-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: hugegraph-computer-operator-manager-role |
| subjects: |
| - kind: ServiceAccount |
| name: hugegraph-computer-operator-controller-manager |
| namespace: hugegraph-computer-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-proxy-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: hugegraph-computer-operator-proxy-role |
| subjects: |
| - kind: ServiceAccount |
| name: hugegraph-computer-operator-controller-manager |
| namespace: hugegraph-computer-operator-system |
| --- |
| apiVersion: v1 |
| data: |
| controller_manager_config.yaml: | |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 |
| kind: ControllerManagerConfig |
| health: |
| healthProbeBindAddress: :9892 |
| metrics: |
| bindAddress: 127.0.0.1:8080 |
| webhook: |
| port: 9443 |
| leaderElection: |
| leaderElect: true |
| resourceName: 11f2b593.hugegraph.apache.org |
| kind: ConfigMap |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-manager-config |
| namespace: hugegraph-computer-operator-system |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-controller-manager-metrics-service |
| namespace: hugegraph-computer-operator-system |
| spec: |
| ports: |
| - name: https |
| port: 8443 |
| protocol: TCP |
| targetPort: https |
| selector: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| control-plane: controller-manager |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| annotations: |
| service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-etcd |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-etcd |
| name: hugegraph-computer-operator-etcd |
| namespace: hugegraph-computer-operator-system |
| spec: |
| clusterIP: None |
| ports: |
| - name: client |
| port: 2379 |
| protocol: TCP |
| targetPort: 2379 |
| - name: peer |
| port: 2380 |
| protocol: TCP |
| targetPort: 2380 |
| selector: |
| app.kubernetes.io/name: hugegraph-computer-operator-etcd |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-etcd |
| sessionAffinity: None |
| type: ClusterIP |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| annotations: |
| service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-minio |
| name: hugegraph-computer-operator-minio |
| namespace: hugegraph-computer-operator-system |
| spec: |
| clusterIP: None |
| ports: |
| - name: client |
| port: 9000 |
| protocol: TCP |
| targetPort: 9090 |
| selector: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-minio |
| sessionAffinity: None |
| type: ClusterIP |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: hugegraph-computer-operator-webhook-service |
| namespace: hugegraph-computer-operator-system |
| spec: |
| ports: |
| - port: 443 |
| protocol: TCP |
| targetPort: 9443 |
| selector: |
| control-plane: controller-manager |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| control-plane: controller-manager |
| name: hugegraph-computer-operator-controller-manager |
| namespace: hugegraph-computer-operator-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| control-plane: controller-manager |
| template: |
| metadata: |
| annotations: |
| kubectl.kubernetes.io/default-container: manager |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator |
| app.kubernetes.io/version: v1 |
| control-plane: controller-manager |
| spec: |
| containers: |
| - args: |
| - --leader-elect |
| command: |
| - /manager |
| image: hugegraph/hugegraph-computer-operator-manager:latest |
| livenessProbe: |
| httpGet: |
| path: /health |
| port: 9892 |
| initialDelaySeconds: 15 |
| periodSeconds: 20 |
| name: manager |
| ports: |
| - containerPort: 9443 |
| name: webhook-server |
| protocol: TCP |
| readinessProbe: |
| httpGet: |
| path: /ready |
| port: 9892 |
| initialDelaySeconds: 5 |
| periodSeconds: 10 |
| resources: |
| limits: |
| cpu: 500m |
| memory: 256Mi |
| requests: |
| cpu: 10m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| volumeMounts: |
| - mountPath: /tmp/k8s-webhook-server/serving-certs |
| name: cert |
| readOnly: true |
| - args: [] |
| command: |
| - java |
| - -jar |
| - hugegraph-computer-operator.jar |
| env: |
| - name: PROBE_PORT |
| value: "9892" |
| - name: WATCH_NAMESPACE |
| value: hugegraph-computer-operator-system |
| - name: RECONCILER_COUNT |
| value: "6" |
| - name: INTERNAL_ETCD_URL |
| value: http://hugegraph-computer-operator-etcd.hugegraph-computer-operator-system:2379 |
| - name: INTERNAL_MINIO_URL |
| value: http://hugegraph-computer-operator-minio.hugegraph-computer-operator-system:9000 |
| - name: LOG_LEVEL |
| value: INFO |
| - name: AUTO_DESTROY_POD |
| value: "true" |
| image: hugegraph/hugegraph-computer-operator:latest |
| imagePullPolicy: Always |
| name: controller |
| resources: |
| limits: |
| cpu: 1000m |
| memory: 512Mi |
| requests: |
| cpu: 250m |
| memory: 512Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| serviceAccountName: hugegraph-computer-operator-controller-manager |
| terminationGracePeriodSeconds: 10 |
| volumes: |
| - name: cert |
| secret: |
| defaultMode: 420 |
| secretName: webhook-server-cert |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-etcd |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-etcd |
| namespace: hugegraph-computer-operator-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: hugegraph-computer-operator-etcd |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-etcd |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-etcd |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-etcd |
| spec: |
| containers: |
| - command: |
| - /bin/sh |
| - -ec |
| - | |
| HOSTNAME=$(hostname) |
| etcd --name ${HOSTNAME} \ |
| --data-dir /var/etcd/data \ |
| --initial-advertise-peer-urls http://${HOSTNAME}.hugegraph-computer-operator-etcd.hugegraph-computer-operator-system:2380 \ |
| --listen-peer-urls http://0.0.0.0:2380 \ |
| --listen-client-urls http://0.0.0.0:2379 \ |
| --advertise-client-urls http://${HOSTNAME}.hugegraph-computer-operator-etcd.hugegraph-computer-operator-system:2379 \ |
| --initial-cluster ${HOSTNAME}=http://${HOSTNAME}.hugegraph-computer-operator-etcd.hugegraph-computer-operator-system:2380 \ |
| --initial-cluster-state new |
| image: quay.io/coreos/etcd:v3.5.0 |
| livenessProbe: |
| exec: |
| command: |
| - /bin/sh |
| - -ec |
| - ETCDCTL_API=3 etcdctl endpoint status |
| failureThreshold: 3 |
| initialDelaySeconds: 10 |
| periodSeconds: 60 |
| successThreshold: 1 |
| timeoutSeconds: 10 |
| name: hugegraph-computer-operator-etcd |
| ports: |
| - containerPort: 2379 |
| name: client |
| - containerPort: 2380 |
| name: peer |
| readinessProbe: |
| exec: |
| command: |
| - /bin/sh |
| - -ec |
| - ETCDCTL_API=3 etcdctl endpoint status |
| failureThreshold: 3 |
| initialDelaySeconds: 1 |
| periodSeconds: 5 |
| successThreshold: 1 |
| timeoutSeconds: 5 |
| hostname: hugegraph-computer-operator-etcd-0 |
| subdomain: hugegraph-computer-operator-etcd |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| name: hugegraph-computer-operator-minio |
| namespace: hugegraph-computer-operator-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-minio |
| template: |
| metadata: |
| labels: |
| app.kubernetes.io/name: hugegraph-computer-operator-minio |
| app.kubernetes.io/version: v1 |
| service.app: hugegraph-computer-operator-minio |
| spec: |
| containers: |
| - args: |
| - minio server /data --console-address :9090 |
| command: |
| - /bin/bash |
| - -c |
| env: |
| - name: MINIO_ACCESS_KEY |
| value: minioadmin |
| - name: MINIO_SECRET_KEY |
| value: minioadmin |
| image: quay.io/minio/minio:RELEASE.2023-10-16T04-13-43Z |
| livenessProbe: |
| failureThreshold: 3 |
| httpGet: |
| path: /minio/health/live |
| port: 9000 |
| scheme: HTTP |
| initialDelaySeconds: 120 |
| periodSeconds: 30 |
| successThreshold: 1 |
| timeoutSeconds: 10 |
| name: hugegraph-computer-operator-minio |
| ports: |
| - containerPort: 9090 |
| name: client |
| readinessProbe: |
| failureThreshold: 3 |
| httpGet: |
| path: /minio/health/ready |
| port: 9000 |
| scheme: HTTP |
| initialDelaySeconds: 120 |
| periodSeconds: 15 |
| successThreshold: 1 |
| timeoutSeconds: 10 |
| volumeMounts: |
| - mountPath: /data |
| name: localvolume |
| hostname: hugegraph-computer-operator-minio-0 |
| subdomain: hugegraph-computer-operator-minio |
| volumes: |
| - hostPath: |
| path: /mnt/disk1/data |
| type: DirectoryOrCreate |
| name: localvolume |
| --- |
| apiVersion: cert-manager.io/v1 |
| kind: Certificate |
| metadata: |
| name: hugegraph-computer-operator-serving-cert |
| namespace: hugegraph-computer-operator-system |
| spec: |
| dnsNames: |
| - hugegraph-computer-operator-webhook-service.hugegraph-computer-operator-system.svc |
| - hugegraph-computer-operator-webhook-service.hugegraph-computer-operator-system.svc.cluster.local |
| issuerRef: |
| kind: Issuer |
| name: hugegraph-computer-operator-selfsigned-issuer |
| secretName: webhook-server-cert |
| --- |
| apiVersion: cert-manager.io/v1 |
| kind: Issuer |
| metadata: |
| name: hugegraph-computer-operator-selfsigned-issuer |
| namespace: hugegraph-computer-operator-system |
| spec: |
| selfSigned: {} |
| --- |
| apiVersion: admissionregistration.k8s.io/v1 |
| kind: MutatingWebhookConfiguration |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: hugegraph-computer-operator-system/hugegraph-computer-operator-serving-cert |
| name: hugegraph-computer-operator-mutating-webhook-configuration |
| webhooks: |
| - admissionReviewVersions: |
| - v1 |
| clientConfig: |
| service: |
| name: hugegraph-computer-operator-webhook-service |
| namespace: hugegraph-computer-operator-system |
| path: /mutate-operator-hugegraph-apache-org-v1-hugegraphcomputerjob |
| failurePolicy: Fail |
| name: mhugegraphcomputerjob.kb.io |
| rules: |
| - apiGroups: |
| - operator.hugegraph.apache.org |
| apiVersions: |
| - v1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - hugegraphcomputerjobs |
| sideEffects: None |
| --- |
| apiVersion: admissionregistration.k8s.io/v1 |
| kind: ValidatingWebhookConfiguration |
| metadata: |
| annotations: |
| cert-manager.io/inject-ca-from: hugegraph-computer-operator-system/hugegraph-computer-operator-serving-cert |
| name: hugegraph-computer-operator-validating-webhook-configuration |
| webhooks: |
| - admissionReviewVersions: |
| - v1 |
| clientConfig: |
| service: |
| name: hugegraph-computer-operator-webhook-service |
| namespace: hugegraph-computer-operator-system |
| path: /validate-operator-hugegraph-apache-org-v1-hugegraphcomputerjob |
| failurePolicy: Fail |
| name: vhugegraphcomputerjob.kb.io |
| rules: |
| - apiGroups: |
| - operator.hugegraph.apache.org |
| apiVersions: |
| - v1 |
| operations: |
| - CREATE |
| - UPDATE |
| resources: |
| - hugegraphcomputerjobs |
| sideEffects: None |
