From 4f28db114a9f3095e975bfbe01b4a7d21907a9d8 Mon Sep 17 00:00:00 2001 From: Harold Cheng Date: Thu, 14 Nov 2024 13:47:33 +0800 Subject: [PATCH 1/2] patroni's policy rules --- .../templates/componentdefinition-12.yaml | 39 +++++++++++++++++++ .../templates/componentdefinition-14.yaml | 39 +++++++++++++++++++ .../templates/componentdefinition-15.yaml | 39 +++++++++++++++++++ .../templates/componentdefinition-16.yaml | 39 +++++++++++++++++++ 4 files changed, 156 insertions(+) diff --git a/addons/postgresql/templates/componentdefinition-12.yaml b/addons/postgresql/templates/componentdefinition-12.yaml index 7869f598a..043bbc6b1 100644 --- a/addons/postgresql/templates/componentdefinition-12.yaml +++ b/addons/postgresql/templates/componentdefinition-12.yaml @@ -224,6 +224,45 @@ spec: value: $(POSTGRES_PASSWORD) targetPodSelector: Role matchingKey: primary + policyRules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - patch + - update + - create + - list + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch runtime: securityContext: runAsUser: 0 diff --git a/addons/postgresql/templates/componentdefinition-14.yaml b/addons/postgresql/templates/componentdefinition-14.yaml index 6aadc8c13..5c8841ed0 100644 --- a/addons/postgresql/templates/componentdefinition-14.yaml +++ b/addons/postgresql/templates/componentdefinition-14.yaml @@ -224,6 +224,45 @@ spec: value: $(POSTGRES_PASSWORD) targetPodSelector: Role matchingKey: primary + policyRules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - patch + - update + - create + - list + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch runtime: securityContext: runAsUser: 0 diff --git a/addons/postgresql/templates/componentdefinition-15.yaml b/addons/postgresql/templates/componentdefinition-15.yaml index 0fff058c5..882953809 100644 --- a/addons/postgresql/templates/componentdefinition-15.yaml +++ b/addons/postgresql/templates/componentdefinition-15.yaml @@ -224,6 +224,45 @@ spec: value: $(POSTGRES_PASSWORD) targetPodSelector: Role matchingKey: primary + policyRules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - patch + - update + - create + - list + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch runtime: securityContext: runAsUser: 0 diff --git a/addons/postgresql/templates/componentdefinition-16.yaml b/addons/postgresql/templates/componentdefinition-16.yaml index 22b063012..9a9a15d97 100644 --- a/addons/postgresql/templates/componentdefinition-16.yaml +++ b/addons/postgresql/templates/componentdefinition-16.yaml @@ -224,6 +224,45 @@ spec: value: $(POSTGRES_PASSWORD) targetPodSelector: Role matchingKey: primary + policyRules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - patch + - update + - create + - list + - watch + # delete is required only for 'patronictl remove' + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch runtime: securityContext: runAsUser: 0 From e9b7c410dfb388eeed816894a37d550e1debdd7a Mon Sep 17 00:00:00 2001 From: Harold Cheng Date: Thu, 14 Nov 2024 13:39:13 +0800 Subject: [PATCH 2/2] chore: remove manually managed rbac --- .../apecloud-mysql/templates/rbac.yaml | 1 - .../templates/cluster.yaml | 1 - .../apecloud-postgresql/templates/rbac.yaml | 1 - .../clickhouse/templates/_helpers.tpl | 10 --- addons-cluster/clickhouse/templates/rbac.yaml | 1 - addons-cluster/clickhouse/values.yaml | 3 - .../elasticsearch/templates/_helpers.tpl | 7 -- .../templates/cluster-multi-node.yaml | 1 - .../templates/cluster-single-node.yaml | 1 - addons-cluster/elasticsearch/values.yaml | 1 - addons-cluster/kafka/templates/_helpers.tpl | 7 -- addons-cluster/kafka/templates/cluster.yaml | 3 - addons-cluster/kafka/templates/rbac.yaml | 1 - addons-cluster/kblib/templates/_rbac.tpl | 71 ------------------- addons-cluster/kblib/values.schema.json | 6 -- addons-cluster/kblib/values.yaml | 4 -- addons-cluster/loki/templates/_helpers.tpl | 11 --- addons-cluster/mariadb/templates/rbac.yaml | 1 - addons-cluster/minio/templates/cluster.yaml | 1 - addons-cluster/mogdb/templates/cluster.yaml | 1 - addons-cluster/mogdb/templates/rbac.yaml | 29 -------- addons-cluster/mongodb/templates/cluster.yaml | 1 - addons-cluster/mongodb/templates/rbac.yaml | 1 - addons-cluster/mongodb/values.yaml | 3 +- addons-cluster/mysql/values.yaml | 1 - .../opensearch/templates/_helpers.tpl | 7 -- .../polardbx/templates/_helpers.tpl | 11 --- addons-cluster/pulsar/templates/_helpers.tpl | 8 --- addons-cluster/qdrant/templates/_helpers.tpl | 7 -- addons-cluster/qdrant/templates/cluster.yaml | 1 - addons-cluster/qdrant/templates/rbac.yaml | 1 - addons-cluster/qdrant/values.yaml | 1 - .../rabbitmq/templates/cluster.yaml | 1 - addons-cluster/rabbitmq/templates/rbac.yaml | 1 - addons-cluster/rabbitmq/values.yaml | 2 +- addons-cluster/redis/templates/_helpers.tpl | 3 - addons-cluster/redis/templates/rbac.yaml | 1 - addons-cluster/redis/values.yaml | 1 - .../risingwave/templates/_helpers.tpl | 7 -- .../risingwave/templates/cluster.yaml | 5 -- addons-cluster/risingwave/values.yaml | 6 -- .../starrocks-ce/templates/_helpers.tpl | 11 --- .../starrocks-ce/templates/cluster.yaml | 2 - .../tdengine/templates/cluster.yaml | 1 - addons-cluster/tidb/templates/_helpers.tpl | 7 -- addons-cluster/tidb/templates/cluster.yaml | 3 - addons-cluster/tidb/templates/rbac.yaml | 1 - addons-cluster/tidb/values.yaml | 1 - .../vanilla-postgresql/templates/rbac.yaml | 1 - .../victoria-metrics/templates/_helpers.tpl | 11 --- .../weaviate/templates/_helpers.tpl | 7 -- .../zookeeper/templates/cluster.yaml | 1 - addons/opensearch/templates/_helpers.tpl | 11 --- addons/orchestrator/templates/_helpers.tpl | 11 --- addons/polardbx/templates/_helpers.tpl | 2 +- addons/tdengine/templates/_helpers.tpl | 2 +- examples/apecloud-postgresql/cluster.yaml | 1 - examples/ggml/cluster.yaml | 1 - examples/greptimedb/cluster.yaml | 1 - examples/influxdb/cluster.yaml | 1 - .../cluster-2x-ext-zk-svc-descriptor.yaml | 1 - examples/mariadb/cluster.yaml | 1 - examples/minio/cluster.yaml | 1 - examples/mogdb/cluster.yaml | 1 - examples/mogdb/restore.yaml | 1 - examples/nebula/cluster.yaml | 1 - examples/neon/cluster.yaml | 1 - examples/opensearch/cluster.yaml | 2 - examples/orchestrator/cluster-shareend.yaml | 1 - examples/orioledb/cluster.yaml | 2 - examples/qdrant/cluster.yaml | 2 +- examples/rabbitmq/cluster.yaml | 2 +- examples/risingwave/cluster.yaml | 2 - examples/starrocks/cluster.yaml | 2 +- examples/tdengine/cluster.yaml | 1 - examples/tidb/cluster.yaml | 1 - examples/weaviate/cluster-cmpd.yaml | 1 - examples/weaviate/cluster.yaml | 1 - 78 files changed, 7 insertions(+), 324 deletions(-) delete mode 100644 addons-cluster/apecloud-mysql/templates/rbac.yaml delete mode 100644 addons-cluster/apecloud-postgresql/templates/rbac.yaml delete mode 100644 addons-cluster/clickhouse/templates/rbac.yaml delete mode 100644 addons-cluster/kafka/templates/rbac.yaml delete mode 100644 addons-cluster/kblib/templates/_rbac.tpl delete mode 100644 addons-cluster/mariadb/templates/rbac.yaml delete mode 100644 addons-cluster/mogdb/templates/rbac.yaml delete mode 100644 addons-cluster/mongodb/templates/rbac.yaml delete mode 100644 addons-cluster/qdrant/templates/rbac.yaml delete mode 100644 addons-cluster/rabbitmq/templates/rbac.yaml delete mode 100644 addons-cluster/redis/templates/rbac.yaml delete mode 100644 addons-cluster/tidb/templates/rbac.yaml delete mode 100644 addons-cluster/vanilla-postgresql/templates/rbac.yaml diff --git a/addons-cluster/apecloud-mysql/templates/rbac.yaml b/addons-cluster/apecloud-mysql/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/apecloud-mysql/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/apecloud-postgresql/templates/cluster.yaml b/addons-cluster/apecloud-postgresql/templates/cluster.yaml index a32c29e3b..c3f180de1 100644 --- a/addons-cluster/apecloud-postgresql/templates/cluster.yaml +++ b/addons-cluster/apecloud-postgresql/templates/cluster.yaml @@ -15,4 +15,3 @@ spec: {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} replicas: {{ include "apecloud-postgresql-cluster.replicas" . }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} diff --git a/addons-cluster/apecloud-postgresql/templates/rbac.yaml b/addons-cluster/apecloud-postgresql/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/apecloud-postgresql/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/clickhouse/templates/_helpers.tpl b/addons-cluster/clickhouse/templates/_helpers.tpl index eed1c9e8c..c2db23056 100644 --- a/addons-cluster/clickhouse/templates/_helpers.tpl +++ b/addons-cluster/clickhouse/templates/_helpers.tpl @@ -54,13 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ .Release.Name }} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "clickhouse-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} - {{/* TLS file */}} @@ -88,7 +81,6 @@ Define clickhouse componentSpec with ComponentDefinition. replicas: {{ $.Values.replicas | default 2 }} disableExporter: {{ $.Values.disableExporter | default "false" }} serviceVersion: {{ $.Values.version }} - serviceAccountName: {{ include "clickhouse-cluster.serviceAccountName" $ }} systemAccounts: - name: admin passwordConfig: @@ -158,7 +150,6 @@ Define clickhouse shardingComponentSpec with ComponentDefinition. replicas: {{ $.Values.replicas | default 2 }} disableExporter: {{ $.Values.disableExporter | default "false" }} serviceVersion: {{ $.Values.version }} - serviceAccountName: {{ include "clickhouse-cluster.serviceAccountName" $ }} systemAccounts: - name: admin passwordConfig: @@ -185,7 +176,6 @@ Define clickhouse componentSpec with compatible ComponentDefinition API replicas: {{ $.Values.replicas | default 2 }} disableExporter: {{ $.Values.disableExporter | default "false" }} serviceVersion: {{ $.Values.version }} - serviceAccountName: {{ include "clickhouse-cluster.serviceAccountName" $ }} {{- with $.Values.tolerations }} tolerations: {{ .| toYaml | nindent 4 }} {{- end }} diff --git a/addons-cluster/clickhouse/templates/rbac.yaml b/addons-cluster/clickhouse/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/clickhouse/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/clickhouse/values.yaml b/addons-cluster/clickhouse/values.yaml index cb84f6f8d..fd5610098 100644 --- a/addons-cluster/clickhouse/values.yaml +++ b/addons-cluster/clickhouse/values.yaml @@ -68,6 +68,3 @@ extra: ## Define Cluster termination policy. ## Options: DoNotTerminate, Halt, Delete, WipeOut. terminationPolicy: DoNotTerminate - - ## If true, RBAC resources will be created - rbacEnabled: false \ No newline at end of file diff --git a/addons-cluster/elasticsearch/templates/_helpers.tpl b/addons-cluster/elasticsearch/templates/_helpers.tpl index 0548f4d95..7645f2209 100644 --- a/addons-cluster/elasticsearch/templates/_helpers.tpl +++ b/addons-cluster/elasticsearch/templates/_helpers.tpl @@ -54,13 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ include "elasticsearch-cluster.fullname" .}} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "elasticsearch-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} - {{- define "elasticsearch-cluster.replicaCount" }} {{- if eq .Values.mode "single-node" }} replicas: 1 diff --git a/addons-cluster/elasticsearch/templates/cluster-multi-node.yaml b/addons-cluster/elasticsearch/templates/cluster-multi-node.yaml index a7c705307..660a72dca 100644 --- a/addons-cluster/elasticsearch/templates/cluster-multi-node.yaml +++ b/addons-cluster/elasticsearch/templates/cluster-multi-node.yaml @@ -13,7 +13,6 @@ spec: - name: mdit componentDef: elasticsearch-{{ include "elasticsearch.majorVersion" . }} serviceVersion: {{ include "elasticsearch.version" . }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "elasticsearch-cluster.schedulingPolicy" . | indent 6 }} {{- include "elasticsearch-cluster.replicaCount" . | indent 6 }} {{- include "kblib.componentMonitor" . | indent 6 }} diff --git a/addons-cluster/elasticsearch/templates/cluster-single-node.yaml b/addons-cluster/elasticsearch/templates/cluster-single-node.yaml index 5ec9e7dbb..60f0a2386 100644 --- a/addons-cluster/elasticsearch/templates/cluster-single-node.yaml +++ b/addons-cluster/elasticsearch/templates/cluster-single-node.yaml @@ -13,7 +13,6 @@ spec: - name: mdit componentDef: elasticsearch-{{ include "elasticsearch.majorVersion" . }} serviceVersion: {{ include "elasticsearch.version" . }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "elasticsearch-cluster.schedulingPolicy" . | indent 6 }} {{- include "elasticsearch-cluster.replicaCount" . | indent 6 }} {{- include "kblib.componentMonitor" . | indent 6 }} diff --git a/addons-cluster/elasticsearch/values.yaml b/addons-cluster/elasticsearch/values.yaml index 58d1510a3..0f90e062c 100644 --- a/addons-cluster/elasticsearch/values.yaml +++ b/addons-cluster/elasticsearch/values.yaml @@ -29,5 +29,4 @@ fullnameOverride: "" ## customized default values to override kblib chart's values extra: terminationPolicy: Delete - rbacEnabled: true disableExporter: false diff --git a/addons-cluster/kafka/templates/_helpers.tpl b/addons-cluster/kafka/templates/_helpers.tpl index 96bbadffc..2a82960de 100644 --- a/addons-cluster/kafka/templates/_helpers.tpl +++ b/addons-cluster/kafka/templates/_helpers.tpl @@ -54,13 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ include "kafka-cluster.fullname" .}} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "kafka-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} - {{/* Define kafka broker component name */}} diff --git a/addons-cluster/kafka/templates/cluster.yaml b/addons-cluster/kafka/templates/cluster.yaml index c11c44e66..4c785a4f9 100644 --- a/addons-cluster/kafka/templates/cluster.yaml +++ b/addons-cluster/kafka/templates/cluster.yaml @@ -21,7 +21,6 @@ spec: name: KubeBlocks {{- end }} replicas: {{ .Values.replicas }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} services: - name: advertised-listener {{- if .Values.nodePortEnabled }} @@ -71,7 +70,6 @@ spec: name: KubeBlocks {{- end }} replicas: {{ .Values.brokerReplicas }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} services: - name: advertised-listener {{- if .Values.nodePortEnabled }} @@ -120,7 +118,6 @@ spec: name: KubeBlocks {{- end }} replicas: {{ .Values.controllerReplicas }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentResources" . | indent 6 }} {{- if .Values.storageEnable }} volumeClaimTemplates: diff --git a/addons-cluster/kafka/templates/rbac.yaml b/addons-cluster/kafka/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/kafka/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/kblib/templates/_rbac.tpl b/addons-cluster/kblib/templates/_rbac.tpl deleted file mode 100644 index 3ccd11f08..000000000 --- a/addons-cluster/kblib/templates/_rbac.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Define the service account name -*/}} -{{- define "kblib.serviceAccountName" -}} -{{- if .Values.extra.rbacEnabled }} -{{- printf "kb-%s" (include "kblib.clusterName" .) }} -{{- else }} -{{- "" }} -{{- end }} -{{- end }} - -{{/* -Define the role name -*/}} -{{- define "kblib.roleName" -}} -{{- printf "kb-%s" (include "kblib.clusterName" .) }} -{{- end }} - -{{/* -Define the rolebinding name -*/}} -{{- define "kblib.roleBindingName" -}} -{{- printf "kb-%s" (include "kblib.clusterName" .) }} -{{- end }} - -{{/* -Define the service account -*/}} -{{- define "kblib.serviceAccount" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kblib.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kblib.clusterLabels" . | nindent 4 }} -{{- end }} - -{{/* -Define the rolebinding -*/}} -{{- define "kblib.roleBinding" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kblib.roleBindingName" . }} - labels: - {{- include "kblib.clusterLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeblocks-cluster-pod-role -subjects: - - kind: ServiceAccount - name: {{ include "kblib.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} - -{{/* -Define the whole rbac -*/}} -{{- define "kblib.rbac" }} -{{- if .Values.extra.rbacEnabled }} ---- -{{- include "kblib.serviceAccount" . }} ---- -{{- include "kblib.roleBinding" . }} -{{- else }} -{{- "" }} -{{- end }} -{{- end }} diff --git a/addons-cluster/kblib/values.schema.json b/addons-cluster/kblib/values.schema.json index 3392eb618..1fa11e787 100644 --- a/addons-cluster/kblib/values.schema.json +++ b/addons-cluster/kblib/values.schema.json @@ -19,12 +19,6 @@ "Delete", "WipeOut" ] - }, - "rbacEnabled": { - "title": "RBAC Enabled", - "description": "Specify whether rbac resources will be created by client, otherwise KubeBlocks server will try to create rbac resources.", - "type": "boolean", - "default": false } } } diff --git a/addons-cluster/kblib/values.yaml b/addons-cluster/kblib/values.yaml index 461e00d33..29463dd30 100644 --- a/addons-cluster/kblib/values.yaml +++ b/addons-cluster/kblib/values.yaml @@ -6,7 +6,3 @@ disableExporter: true ## @param terminationPolicy terminationPolicy: Delete - -## @param rbacEnabled if true, rbac resources will be created -## -rbacEnabled: false diff --git a/addons-cluster/loki/templates/_helpers.tpl b/addons-cluster/loki/templates/_helpers.tpl index e999ddfa9..0bc0cb6cb 100644 --- a/addons-cluster/loki/templates/_helpers.tpl +++ b/addons-cluster/loki/templates/_helpers.tpl @@ -50,17 +50,6 @@ app.kubernetes.io/name: {{ include "loki-cluster.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "loki-cluster.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "loki-cluster.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{- define "clustername" -}} {{ include "loki-cluster.fullname" .}} {{- end}} diff --git a/addons-cluster/mariadb/templates/rbac.yaml b/addons-cluster/mariadb/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/mariadb/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/minio/templates/cluster.yaml b/addons-cluster/minio/templates/cluster.yaml index 450260a6b..da6cbd18f 100644 --- a/addons-cluster/minio/templates/cluster.yaml +++ b/addons-cluster/minio/templates/cluster.yaml @@ -13,7 +13,6 @@ spec: env: - name: MINIO_BUCKETS value: {{ .Values.buckets }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentMonitor" . | indent 6 }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} diff --git a/addons-cluster/mogdb/templates/cluster.yaml b/addons-cluster/mogdb/templates/cluster.yaml index 480ed8408..facb8eb93 100644 --- a/addons-cluster/mogdb/templates/cluster.yaml +++ b/addons-cluster/mogdb/templates/cluster.yaml @@ -12,6 +12,5 @@ spec: serviceVersion: {{ .Values.version | quote}} {{- include "kblib.componentMonitor" . | indent 6 }} {{- include "mogdb-cluster.replicaCount" . | indent 6 }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} diff --git a/addons-cluster/mogdb/templates/rbac.yaml b/addons-cluster/mogdb/templates/rbac.yaml deleted file mode 100644 index 36fef80f1..000000000 --- a/addons-cluster/mogdb/templates/rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- include "kblib.rbac" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ printf "%s-switchover-role" (include "kblib.clusterName" .) }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kblib.clusterLabels" . | nindent 4 }} - app.kubernetes.io/required-by: pod -rules: - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ printf "%s-switchover" (include "kblib.clusterName" .) }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kblib.clusterLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ printf "%s-switchover-role" (include "kblib.clusterName" .) }} -subjects: - - kind: ServiceAccount - name: {{ printf "kb-%s" (include "kblib.clusterName" .) }} \ No newline at end of file diff --git a/addons-cluster/mongodb/templates/cluster.yaml b/addons-cluster/mongodb/templates/cluster.yaml index 4f8892e90..6993370fa 100644 --- a/addons-cluster/mongodb/templates/cluster.yaml +++ b/addons-cluster/mongodb/templates/cluster.yaml @@ -16,6 +16,5 @@ spec: - name: mongodb serviceVersion: {{ .Values.version }} {{- include "mongodb-cluster.replicaCount" . | indent 6 }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} diff --git a/addons-cluster/mongodb/templates/rbac.yaml b/addons-cluster/mongodb/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/mongodb/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/mongodb/values.yaml b/addons-cluster/mongodb/values.yaml index 72be38cce..1e8657041 100644 --- a/addons-cluster/mongodb/values.yaml +++ b/addons-cluster/mongodb/values.yaml @@ -31,6 +31,5 @@ storage: 20 hostnetwork: "enabled" -## @param extra.rbacEnabled if true, create rbac extra: - terminationPolicy: Delete \ No newline at end of file + terminationPolicy: Delete diff --git a/addons-cluster/mysql/values.yaml b/addons-cluster/mysql/values.yaml index a134382e2..5f2c50c3a 100644 --- a/addons-cluster/mysql/values.yaml +++ b/addons-cluster/mysql/values.yaml @@ -38,7 +38,6 @@ proxysql: cpu: 1 memory: 1 -## @param extra.rbacEnabled if true, create rbac extra: terminationPolicy: Delete diff --git a/addons-cluster/opensearch/templates/_helpers.tpl b/addons-cluster/opensearch/templates/_helpers.tpl index f27b863ef..17ae3e10c 100644 --- a/addons-cluster/opensearch/templates/_helpers.tpl +++ b/addons-cluster/opensearch/templates/_helpers.tpl @@ -53,10 +53,3 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "clustername" -}} {{ include "opensearch-cluster.fullname" .}} {{- end}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "opensearch-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} diff --git a/addons-cluster/polardbx/templates/_helpers.tpl b/addons-cluster/polardbx/templates/_helpers.tpl index d23cd372e..2c713a9e4 100644 --- a/addons-cluster/polardbx/templates/_helpers.tpl +++ b/addons-cluster/polardbx/templates/_helpers.tpl @@ -49,14 +49,3 @@ Selector labels app.kubernetes.io/name: {{ include "polardbx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "polardbx.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "polardbx.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/addons-cluster/pulsar/templates/_helpers.tpl b/addons-cluster/pulsar/templates/_helpers.tpl index 262554686..3bd20ccbc 100644 --- a/addons-cluster/pulsar/templates/_helpers.tpl +++ b/addons-cluster/pulsar/templates/_helpers.tpl @@ -54,14 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ include "pulsar-cluster.fullname" .}} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "pulsar-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} - - {{/* Pulsar broker FQDN */}} diff --git a/addons-cluster/qdrant/templates/_helpers.tpl b/addons-cluster/qdrant/templates/_helpers.tpl index c35ecbf49..418033a8b 100644 --- a/addons-cluster/qdrant/templates/_helpers.tpl +++ b/addons-cluster/qdrant/templates/_helpers.tpl @@ -54,13 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ include "qdrant.fullname" .}} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "qdrant.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} - {{- define "qdrant.version" }} {{- trimPrefix "qdrant-" .Values.version }} {{- end }} diff --git a/addons-cluster/qdrant/templates/cluster.yaml b/addons-cluster/qdrant/templates/cluster.yaml index c74a5573b..45a21be3f 100644 --- a/addons-cluster/qdrant/templates/cluster.yaml +++ b/addons-cluster/qdrant/templates/cluster.yaml @@ -12,7 +12,6 @@ spec: - name: qdrant componentDef: qdrant serviceVersion: {{ include "qdrant.version" . }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentMonitor" . | indent 6 }} replicas: {{ .Values.replicas | default 1 }} {{- include "kblib.componentResources" . | indent 6 }} diff --git a/addons-cluster/qdrant/templates/rbac.yaml b/addons-cluster/qdrant/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/qdrant/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/qdrant/values.yaml b/addons-cluster/qdrant/values.yaml index 7ee1abd54..352ae2914 100644 --- a/addons-cluster/qdrant/values.yaml +++ b/addons-cluster/qdrant/values.yaml @@ -28,4 +28,3 @@ storage: 20 ## customized default values to override kblib chart's values extra: terminationPolicy: Delete - rbacEnabled: true diff --git a/addons-cluster/rabbitmq/templates/cluster.yaml b/addons-cluster/rabbitmq/templates/cluster.yaml index 61bca4c81..f97a5a04b 100644 --- a/addons-cluster/rabbitmq/templates/cluster.yaml +++ b/addons-cluster/rabbitmq/templates/cluster.yaml @@ -11,6 +11,5 @@ spec: componentDef: rabbitmq serviceVersion: {{ .Values.version }} {{- include "rabbitmq-cluster.replicaCount" . | indent 6 }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} diff --git a/addons-cluster/rabbitmq/templates/rbac.yaml b/addons-cluster/rabbitmq/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/rabbitmq/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/rabbitmq/values.yaml b/addons-cluster/rabbitmq/values.yaml index 44fa58996..e10961cec 100644 --- a/addons-cluster/rabbitmq/values.yaml +++ b/addons-cluster/rabbitmq/values.yaml @@ -30,4 +30,4 @@ requests: storage: 20 extra: - terminationPolicy: Delete \ No newline at end of file + terminationPolicy: Delete diff --git a/addons-cluster/redis/templates/_helpers.tpl b/addons-cluster/redis/templates/_helpers.tpl index 2cde8cf72..7ccb41019 100644 --- a/addons-cluster/redis/templates/_helpers.tpl +++ b/addons-cluster/redis/templates/_helpers.tpl @@ -66,7 +66,6 @@ Define redis ComponentSpec with ComponentDefinition. value: {{ .Values.sentinel.customMasterName }} {{- end }} serviceVersion: {{ .Values.version }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- if and .Values.customSecretName .Values.customSecretNamespace }} systemAccounts: - name: default @@ -91,7 +90,6 @@ Define redis sentinel ComponentSpec with ComponentDefinition. podService: true {{- end }} serviceVersion: {{ .Values.version }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- if and .Values.sentinel.customSecretName .Values.sentinel.customSecretNamespace }} systemAccounts: - name: default @@ -122,7 +120,6 @@ Define redis twemproxy ComponentSpec with ComponentDefinition. */}} {{- define "redis-cluster.twemproxyComponentSpec" }} - name: redis-twemproxy - serviceAccountName: {{ include "kblib.serviceAccountName" . }} replicas: {{ .Values.twemproxy.replicas }} resources: limits: diff --git a/addons-cluster/redis/templates/rbac.yaml b/addons-cluster/redis/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/redis/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/redis/values.yaml b/addons-cluster/redis/values.yaml index f48c7437e..a8eb6484d 100644 --- a/addons-cluster/redis/values.yaml +++ b/addons-cluster/redis/values.yaml @@ -89,7 +89,6 @@ redisCluster: customSecretNamespace: "" extra: - rbacEnabled: true disableExporter: true prometheus: diff --git a/addons-cluster/risingwave/templates/_helpers.tpl b/addons-cluster/risingwave/templates/_helpers.tpl index 66c3a899b..4bc50b0eb 100644 --- a/addons-cluster/risingwave/templates/_helpers.tpl +++ b/addons-cluster/risingwave/templates/_helpers.tpl @@ -54,13 +54,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{ include "risingwave-cluster.fullname" .}} {{- end}} -{{/* -Create the name of the service account to use -*/}} -{{- define "risingwave-cluster.serviceAccountName" -}} -{{- default .Values.risingwave.stateStore.s3.authentication.serviceAccountName .Values.serviceAccount.name }} -{{- end }} - {{/* Create the hummock option */}} diff --git a/addons-cluster/risingwave/templates/cluster.yaml b/addons-cluster/risingwave/templates/cluster.yaml index 773cf3fba..209a9e612 100644 --- a/addons-cluster/risingwave/templates/cluster.yaml +++ b/addons-cluster/risingwave/templates/cluster.yaml @@ -13,7 +13,6 @@ spec: replicas: {{ .Values.risingwave.frontend.replicas }} env: {{- include "risingwave-cluster.envs" . | nindent 6 }} - serviceAccountName: {{ include "risingwave-cluster.serviceAccountName" . }} {{- with .Values.risingwave.frontend.resources }} resources: {{- if .limits }} @@ -32,7 +31,6 @@ spec: replicas: {{ .Values.risingwave.meta.replicas }} env: {{- include "risingwave-cluster.envs" . | nindent 6 }} - serviceAccountName: {{ include "risingwave-cluster.serviceAccountName" . }} {{- with .Values.risingwave.meta.resources }} resources: {{- if .limits }} @@ -51,7 +49,6 @@ spec: replicas: {{ .Values.risingwave.compute.replicas }} env: {{- include "risingwave-cluster.envs" . | nindent 6 }} - serviceAccountName: {{ include "risingwave-cluster.serviceAccountName" . }} {{- with .Values.risingwave.compute.resources }} resources: {{- if .limits }} @@ -70,7 +67,6 @@ spec: replicas: {{ .Values.risingwave.compactor.replicas }} env: {{- include "risingwave-cluster.envs" . | nindent 6 }} - serviceAccountName: {{ include "risingwave-cluster.serviceAccountName" . }} {{- with .Values.risingwave.compactor.resources }} resources: {{- if .limits }} @@ -89,7 +85,6 @@ spec: replicas: {{ .Values.risingwave.connector.replicas }} env: {{- include "risingwave-cluster.envs" . | nindent 6 }} - serviceAccountName: {{ include "risingwave-cluster.serviceAccountName" . }} {{- with .Values.risingwave.connector.resources }} resources: {{- if .limits }} diff --git a/addons-cluster/risingwave/values.yaml b/addons-cluster/risingwave/values.yaml index ce94814c3..d7c18aabb 100644 --- a/addons-cluster/risingwave/values.yaml +++ b/addons-cluster/risingwave/values.yaml @@ -6,12 +6,6 @@ fullnameOverride: "" ## terminationPolicy: Delete -serviceAccount: - ## @param serviceAccount.name is the name of the service account to use. - ## Used by all RisingWave component pods. - ## - name: "" - ## RisingWave Configuration ## risingwave: diff --git a/addons-cluster/starrocks-ce/templates/_helpers.tpl b/addons-cluster/starrocks-ce/templates/_helpers.tpl index d858bced4..e10a022ec 100644 --- a/addons-cluster/starrocks-ce/templates/_helpers.tpl +++ b/addons-cluster/starrocks-ce/templates/_helpers.tpl @@ -50,17 +50,6 @@ app.kubernetes.io/name: {{ include "starrocks-cluster.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "starrocks-cluster.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "starrocks-cluster.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{- define "starrocks-release.name" }} {{- default .Values.srrelease "starrocks-ce" }} {{- end }} diff --git a/addons-cluster/starrocks-ce/templates/cluster.yaml b/addons-cluster/starrocks-ce/templates/cluster.yaml index e58a143f9..405b78ac5 100644 --- a/addons-cluster/starrocks-ce/templates/cluster.yaml +++ b/addons-cluster/starrocks-ce/templates/cluster.yaml @@ -11,13 +11,11 @@ spec: componentSpecs: - name: fe {{- include "kblib.componentMonitor" . | indent 6 }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} serviceVersion: {{ include "starrocks.version" . }} replicas: {{ .Values.replicas | default 1 }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} - name: be - serviceAccountName: {{ include "kblib.serviceAccountName" . }} serviceVersion: {{ include "starrocks.version" . }} replicas: {{ index .Values.beReplicas | default 1 }} resources: diff --git a/addons-cluster/tdengine/templates/cluster.yaml b/addons-cluster/tdengine/templates/cluster.yaml index e8b6ce6fa..f6ae40b76 100644 --- a/addons-cluster/tdengine/templates/cluster.yaml +++ b/addons-cluster/tdengine/templates/cluster.yaml @@ -11,6 +11,5 @@ spec: componentDef: tdengine {{- include "kblib.componentMonitor" . | indent 6 }} {{- include "tdengine-cluster.replicaCount" . | indent 6 }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} {{- include "kblib.componentResources" . | indent 6 }} {{- include "kblib.componentStorages" . | indent 6 }} diff --git a/addons-cluster/tidb/templates/_helpers.tpl b/addons-cluster/tidb/templates/_helpers.tpl index e06bf7a78..1ae744b0f 100644 --- a/addons-cluster/tidb/templates/_helpers.tpl +++ b/addons-cluster/tidb/templates/_helpers.tpl @@ -51,10 +51,3 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "clustername" -}} {{ include "tidb-cluster.fullname" .}} {{- end}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "tidb-cluster.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "clustername" .)) .Values.serviceAccount.name }} -{{- end }} diff --git a/addons-cluster/tidb/templates/cluster.yaml b/addons-cluster/tidb/templates/cluster.yaml index 9d57e38ba..633bf5e9e 100644 --- a/addons-cluster/tidb/templates/cluster.yaml +++ b/addons-cluster/tidb/templates/cluster.yaml @@ -11,7 +11,6 @@ spec: componentSpecs: {{- with $.Values.pd }} - name: tidb-pd - serviceAccountName: {{ include "tidb-cluster.serviceAccountName" $ }} serviceVersion: {{ default $.Chart.AppVersion $.Values.appVersionOverride }} disableExporter: false replicas: {{ .replicas | default 3 }} @@ -39,7 +38,6 @@ spec: {{- end }} {{- with $.Values.tikv }} - name: tikv - serviceAccountName: {{ include "tidb-cluster.serviceAccountName" $ }} serviceVersion: {{ default $.Chart.AppVersion $.Values.appVersionOverride }} disableExporter: false replicas: {{ .replicas | default 3 }} @@ -67,7 +65,6 @@ spec: {{- end }} {{- with $.Values.tidb }} - name: tidb - serviceAccountName: {{ include "tidb-cluster.serviceAccountName" $ }} serviceVersion: {{ default $.Chart.AppVersion $.Values.appVersionOverride }} disableExporter: false replicas: {{ .replicas | default 2 }} diff --git a/addons-cluster/tidb/templates/rbac.yaml b/addons-cluster/tidb/templates/rbac.yaml deleted file mode 100644 index fee43950f..000000000 --- a/addons-cluster/tidb/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} diff --git a/addons-cluster/tidb/values.yaml b/addons-cluster/tidb/values.yaml index 915709367..4baa25c01 100644 --- a/addons-cluster/tidb/values.yaml +++ b/addons-cluster/tidb/values.yaml @@ -53,6 +53,5 @@ serviceAccount: name: "" extra: - rbacEnabled: true # @param terminationPolicy define Cluster termination policy. One of DoNotTerminate, Halt, Delete, WipeOut. terminationPolicy: Delete diff --git a/addons-cluster/vanilla-postgresql/templates/rbac.yaml b/addons-cluster/vanilla-postgresql/templates/rbac.yaml deleted file mode 100644 index 08875e8bf..000000000 --- a/addons-cluster/vanilla-postgresql/templates/rbac.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "kblib.rbac" . }} \ No newline at end of file diff --git a/addons-cluster/victoria-metrics/templates/_helpers.tpl b/addons-cluster/victoria-metrics/templates/_helpers.tpl index 873873483..e564a38df 100644 --- a/addons-cluster/victoria-metrics/templates/_helpers.tpl +++ b/addons-cluster/victoria-metrics/templates/_helpers.tpl @@ -50,17 +50,6 @@ app.kubernetes.io/name: {{ include "victoria-metrics-cluster.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "victoria-metrics-cluster.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "victoria-metrics-cluster.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{- define "clustername" -}} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- end}} \ No newline at end of file diff --git a/addons-cluster/weaviate/templates/_helpers.tpl b/addons-cluster/weaviate/templates/_helpers.tpl index b287a44b5..823c3290f 100644 --- a/addons-cluster/weaviate/templates/_helpers.tpl +++ b/addons-cluster/weaviate/templates/_helpers.tpl @@ -49,10 +49,3 @@ Selector labels app.kubernetes.io/name: {{ include "weaviate.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "weaviate.serviceAccountName" -}} -{{- default (printf "kb-%s" (include "kblib.clusterName" .)) .Values.serviceAccount.name }} -{{- end }} diff --git a/addons-cluster/zookeeper/templates/cluster.yaml b/addons-cluster/zookeeper/templates/cluster.yaml index 01ad5742e..1d98be092 100644 --- a/addons-cluster/zookeeper/templates/cluster.yaml +++ b/addons-cluster/zookeeper/templates/cluster.yaml @@ -12,7 +12,6 @@ spec: ## TODO: use regex pattern when cluster validation supported componentDef: zookeeper replicas: {{ .Values.replicas }} - serviceAccountName: {{ include "kblib.serviceAccountName" . }} serviceVersion: {{ .Values.version }} {{- include "kblib.componentMonitor" . | indent 6 }} {{- include "kblib.componentResources" . | indent 6 }} diff --git a/addons/opensearch/templates/_helpers.tpl b/addons/opensearch/templates/_helpers.tpl index f22265690..566a7cc55 100644 --- a/addons/opensearch/templates/_helpers.tpl +++ b/addons/opensearch/templates/_helpers.tpl @@ -50,17 +50,6 @@ app.kubernetes.io/name: {{ include "opensearch.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "opensearch.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "opensearch.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{/* Define image */}} diff --git a/addons/orchestrator/templates/_helpers.tpl b/addons/orchestrator/templates/_helpers.tpl index 3bc185d8d..0632d4aec 100644 --- a/addons/orchestrator/templates/_helpers.tpl +++ b/addons/orchestrator/templates/_helpers.tpl @@ -64,17 +64,6 @@ API version annotation kubeblocks.io/crd-api-version: apps.kubeblocks.io/v1 {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "orchestrator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "orchestrator.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{/* Define mysql component definition name diff --git a/addons/polardbx/templates/_helpers.tpl b/addons/polardbx/templates/_helpers.tpl index 73f13afe9..6c358fbfe 100644 --- a/addons/polardbx/templates/_helpers.tpl +++ b/addons/polardbx/templates/_helpers.tpl @@ -154,4 +154,4 @@ Define polardbx gms component definition regex pattern */}} {{- define "polardbx-gms.cmpdRegexPattern" -}} ^polardbx-gms- -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/tdengine/templates/_helpers.tpl b/addons/tdengine/templates/_helpers.tpl index 232b5a6c4..dc8bbcf92 100644 --- a/addons/tdengine/templates/_helpers.tpl +++ b/addons/tdengine/templates/_helpers.tpl @@ -105,4 +105,4 @@ Define tdengine component metrice configuration name */}} {{- define "tdengine.metricsConfiguration" -}} tdengine-metrics-configuration-template -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/examples/apecloud-postgresql/cluster.yaml b/examples/apecloud-postgresql/cluster.yaml index 7dafbf4f2..a76a5f9f4 100644 --- a/examples/apecloud-postgresql/cluster.yaml +++ b/examples/apecloud-postgresql/cluster.yaml @@ -18,7 +18,6 @@ spec: componentSpecs: - name: postgresql componentDef: apecloud-postgresql14 - serviceAccountName: kb-ac-postgresql-cluster replicas: 3 resources: limits: diff --git a/examples/ggml/cluster.yaml b/examples/ggml/cluster.yaml index 9dd71c0b1..d8022ff33 100644 --- a/examples/ggml/cluster.yaml +++ b/examples/ggml/cluster.yaml @@ -18,7 +18,6 @@ spec: componentSpecs: - name: ggml componentDefRef: ggml - serviceAccountName: kb-ggml-cluster replicas: 1 resources: limits: diff --git a/examples/greptimedb/cluster.yaml b/examples/greptimedb/cluster.yaml index cac17c2f2..39cd8e630 100644 --- a/examples/greptimedb/cluster.yaml +++ b/examples/greptimedb/cluster.yaml @@ -18,7 +18,6 @@ spec: componentSpecs: - name: frontend componentDef: greptimedb-frontend - serviceAccountName: kb-greptimedb-cluster replicas: 1 resources: limits: diff --git a/examples/influxdb/cluster.yaml b/examples/influxdb/cluster.yaml index 523799927..1db321506 100644 --- a/examples/influxdb/cluster.yaml +++ b/examples/influxdb/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: influxdb componentDef: influxdb - serviceAccountName: kb-influxdb-cluster replicas: 1 resources: limits: diff --git a/examples/kafka/cluster-2x-ext-zk-svc-descriptor.yaml b/examples/kafka/cluster-2x-ext-zk-svc-descriptor.yaml index ad88471d9..41c193146 100644 --- a/examples/kafka/cluster-2x-ext-zk-svc-descriptor.yaml +++ b/examples/kafka/cluster-2x-ext-zk-svc-descriptor.yaml @@ -36,7 +36,6 @@ spec: serviceDescriptor: kafka-cluster-zookeeper-service tls: false replicas: 3 - serviceAccountName: kb-kafka-cluster env: - name: KB_BROKER_DIRECT_POD_ACCESS value: 'true' diff --git a/examples/mariadb/cluster.yaml b/examples/mariadb/cluster.yaml index 88828db58..ffc722b9f 100644 --- a/examples/mariadb/cluster.yaml +++ b/examples/mariadb/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: mariadb componentDef: mariadb - serviceAccountName: kb-mariadb-cluster replicas: 1 resources: limits: diff --git a/examples/minio/cluster.yaml b/examples/minio/cluster.yaml index c4799eca9..18e23185e 100644 --- a/examples/minio/cluster.yaml +++ b/examples/minio/cluster.yaml @@ -18,7 +18,6 @@ spec: componentSpecs: - name: minio componentDefRef: minio - serviceAccountName: kb-minio-cluster replicas: 1 resources: limits: diff --git a/examples/mogdb/cluster.yaml b/examples/mogdb/cluster.yaml index cbfc614e9..846f5a866 100644 --- a/examples/mogdb/cluster.yaml +++ b/examples/mogdb/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: mogdb componentDef: mogdb-5 - serviceAccountName: kb-mogdb-cluster replicas: 2 resources: limits: diff --git a/examples/mogdb/restore.yaml b/examples/mogdb/restore.yaml index e2ddcf8d7..bb8a3222d 100644 --- a/examples/mogdb/restore.yaml +++ b/examples/mogdb/restore.yaml @@ -18,7 +18,6 @@ spec: componentSpecs: - name: mogdb componentDef: mogdb-5 - serviceAccountName: kb-mogdb-cluster replicas: 2 resources: limits: diff --git a/examples/nebula/cluster.yaml b/examples/nebula/cluster.yaml index f252fcb95..66b466a14 100644 --- a/examples/nebula/cluster.yaml +++ b/examples/nebula/cluster.yaml @@ -17,7 +17,6 @@ spec: - name: nebula-console componentDef: nebula-console disableExporter: true - serviceAccountName: kb-nebula-cluster replicas: 2 resources: limits: diff --git a/examples/neon/cluster.yaml b/examples/neon/cluster.yaml index aa5833b91..ea63f2fcc 100644 --- a/examples/neon/cluster.yaml +++ b/examples/neon/cluster.yaml @@ -20,7 +20,6 @@ spec: componentSpecs: - name: neon-broker replicas: 1 - serviceAccountName: kb-neon-cluster resources: limits: cpu: "1" diff --git a/examples/opensearch/cluster.yaml b/examples/opensearch/cluster.yaml index 432c8fe9c..6a2ffd2cc 100644 --- a/examples/opensearch/cluster.yaml +++ b/examples/opensearch/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: opensearch componentDef: opensearch-1.0.0-alpha.0 - serviceAccountName: kb-opensearch-cluster replicas: 1 resources: limits: @@ -35,7 +34,6 @@ spec: storage: 20Gi - name: dashboard componentDef: opensearch-dashboard-1.0.0-alpha.0 - serviceAccountName: kb-opensearch-cluster replicas: 1 resources: limits: diff --git a/examples/orchestrator/cluster-shareend.yaml b/examples/orchestrator/cluster-shareend.yaml index 6ad8a4bd3..677761067 100644 --- a/examples/orchestrator/cluster-shareend.yaml +++ b/examples/orchestrator/cluster-shareend.yaml @@ -58,7 +58,6 @@ spec: - name: mysql componentDef: apecloud-mysql disableExporter: true - serviceAccountName: kb-mysqlo-cluster replicas: 3 resources: limits: diff --git a/examples/orioledb/cluster.yaml b/examples/orioledb/cluster.yaml index 4303fbf7a..212841308 100644 --- a/examples/orioledb/cluster.yaml +++ b/examples/orioledb/cluster.yaml @@ -22,7 +22,6 @@ spec: - name: etcdService cluster: etcdo-cluster namespace: default - serviceAccountName: kb-orioledb-cluster replicas: 1 resources: limits: @@ -60,7 +59,6 @@ spec: requests: cpu: '0.5' memory: 0.5Gi - serviceAccountName: kb-etcdo-cluster volumeClaimTemplates: - name: data spec: diff --git a/examples/qdrant/cluster.yaml b/examples/qdrant/cluster.yaml index 677aae47e..72bd2d12a 100644 --- a/examples/qdrant/cluster.yaml +++ b/examples/qdrant/cluster.yaml @@ -52,4 +52,4 @@ spec: resources: requests: # Set the storage size as needed - storage: 20Gi \ No newline at end of file + storage: 20Gi diff --git a/examples/rabbitmq/cluster.yaml b/examples/rabbitmq/cluster.yaml index 97599150e..8b255b513 100644 --- a/examples/rabbitmq/cluster.yaml +++ b/examples/rabbitmq/cluster.yaml @@ -89,4 +89,4 @@ roleRef: subjects: - kind: ServiceAccount name: kb-rabbitmq-cluster - namespace: default \ No newline at end of file + namespace: default diff --git a/examples/risingwave/cluster.yaml b/examples/risingwave/cluster.yaml index 2060a1111..1c3835502 100644 --- a/examples/risingwave/cluster.yaml +++ b/examples/risingwave/cluster.yaml @@ -23,7 +23,6 @@ spec: componentSpecs: - name: frontend componentDef: risingwave-frontend - serviceAccountName: kb-risingwave-cluster replicas: 1 resources: limits: @@ -92,7 +91,6 @@ spec: requests: cpu: "0.5" memory: "0.5Gi" - serviceAccountName: kb-etcdr-cluster volumeClaimTemplates: - name: data spec: diff --git a/examples/starrocks/cluster.yaml b/examples/starrocks/cluster.yaml index 0ac0d890a..dc1259bd2 100644 --- a/examples/starrocks/cluster.yaml +++ b/examples/starrocks/cluster.yaml @@ -78,4 +78,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi \ No newline at end of file + storage: 20Gi diff --git a/examples/tdengine/cluster.yaml b/examples/tdengine/cluster.yaml index 159f82a97..4c458fd20 100644 --- a/examples/tdengine/cluster.yaml +++ b/examples/tdengine/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: tdengine componentDef: tdengine - serviceAccountName: kb-tdengine-cluster replicas: 3 resources: limits: diff --git a/examples/tidb/cluster.yaml b/examples/tidb/cluster.yaml index e9eb6999d..7b1a6dbae 100644 --- a/examples/tidb/cluster.yaml +++ b/examples/tidb/cluster.yaml @@ -16,7 +16,6 @@ spec: componentSpecs: - name: pd componentDef: tidb-pd-7 - serviceAccountName: kb-tidb-cluster replicas: 1 resources: limits: diff --git a/examples/weaviate/cluster-cmpd.yaml b/examples/weaviate/cluster-cmpd.yaml index dfde888c3..d3bd3d693 100644 --- a/examples/weaviate/cluster-cmpd.yaml +++ b/examples/weaviate/cluster-cmpd.yaml @@ -19,7 +19,6 @@ spec: # Determines whether the metrics exporter needs to be published to the service endpoint. disableExporter: true # Specifies the name of the ServiceAccount required by the running Component. - serviceAccountName: kb-weaviate-cluster # Each component supports running multiple replicas to provide high availability and persistence. This field can be used to specify the desired number of replicas. replicas: 1 # Specifies the resources required by the Component. It allows defining the CPU, memory requirements and limits for the Component's containers. diff --git a/examples/weaviate/cluster.yaml b/examples/weaviate/cluster.yaml index 00ffc9c72..a408773a7 100644 --- a/examples/weaviate/cluster.yaml +++ b/examples/weaviate/cluster.yaml @@ -17,7 +17,6 @@ spec: - name: weaviate componentDef: weaviate disableExporter: true - serviceAccountName: kb-weaviate-cluster replicas: 2 resources: limits: