# Source: doris-operator/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/name: serviceaccount app.kubernetes.io/instance: controller-doris-operator-sa app.kubernetes.io/component: rbac app.kubernetes.io/created-by: doris-operator app.kubernetes.io/part-of: doris-operator app.kubernetes.io/managed-by: Helm name: doris-operator namespace: zyly --- # Source: doris-operator/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: doris-operator rules: - apiGroups: - apps resources: - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - statefulsets/status verbs: - get - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - "" resources: - endpoints verbs: - get - list - watch - apiGroups: - "" resources: - pods verbs: - get - list - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - list - watch - update - patch - apiGroups: - "" resources: - secrets verbs: - get - list - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - doris.selectdb.com resources: - dorisclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - doris.selectdb.com resources: - dorisclusters/finalizers verbs: - update - apiGroups: - doris.selectdb.com resources: - dorisclusters/status verbs: - get - patch - update - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - create - delete - get - list - patch - update - watch --- # Source: doris-operator/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: clusterrolebinding app.kubernetes.io/instance: doris-operator-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: doris-operator app.kubernetes.io/part-of: doris-operator app.kubernetes.io/managed-by: Helm name: doris-operator-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: doris-operator subjects: - kind: ServiceAccount name: doris-operator namespace: zyly --- # Source: doris-operator/templates/leader-election-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: role app.kubernetes.io/instance: leader-election-role app.kubernetes.io/component: rbac app.kubernetes.io/created-by: doris-operator app.kubernetes.io/part-of: doris-operator app.kubernetes.io/managed-by: Helm name: leader-election-role namespace: zyly rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- # Source: doris-operator/templates/leader-election-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: rolebinding app.kubernetes.io/instance: leader-election-rolebinding app.kubernetes.io/component: rbac app.kubernetes.io/created-by: doris-operator app.kubernetes.io/part-of: doris-operator app.kubernetes.io/managed-by: Helm name: leader-election-rolebinding namespace: zyly roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: leader-election-role subjects: - kind: ServiceAccount name: doris-operator namespace: zyly --- # Source: doris-operator/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: doris-operator namespace: zyly labels: control-plane: doris-operator app.kubernetes.io/name: deployment app.kubernetes.io/instance: doris-operator app.kubernetes.io/component: doris-operator app.kubernetes.io/created-by: doris-operator app.kubernetes.io/part-of: doris-operator spec: selector: matchLabels: control-plane: doris-operator replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: doris-operator labels: control-plane: doris-operator spec: # TODO(user): Uncomment the following code to configure the nodeAffinity expression # according to the platforms which are supported by your solution. # It is considered best practice to support multiple architectures. You can # build your manager image using the makefile target docker-buildx. affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: doris-deploy operator: In values: - "true" securityContext: runAsNonRoot: true # TODO(user): For common cases that do not require escalating privileges # it is recommended to ensure that all your Pods/Containers are restrictive. # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted # Please uncomment the following code if your project does NOT have to work on old Kubernetes # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). # seccompProfile: # type: RuntimeDefault containers: - command: - /dorisoperator args: - --leader-elect image: 172.16.100.55:8033/cmii/doris.k8s-operator:1.3.1 name: dorisoperator securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: requests: cpu: 2 memory: 4Gi limits: cpu: 2 memory: 4Gi serviceAccountName: doris-operator terminationGracePeriodSeconds: 10