sombochea/kubernetes-installation
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add mysql cluster operator and rbac in sample

Browse Source
This commit is contained in:
Sambo Chea 2022-01-14 10:33:35 +07:00
parent e7e44fdee3
commit e103078eab
Signed by: sombochea
GPG Key ID: 3C7CF22A05D95490
4 changed files with 133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mysql/mysql-cluster.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
apiVersion: mysql.oracle.com/v2alpha1
kind: InnoDBCluster
metadata:
name: mysql-cluster
namespace: mysql
spec:
secretName: mysql-secret
instances: 3
router:
instances: 1

1
rbac/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
developer-user.yaml

74
rbac/README.md Normal file
View File

@ -0,0 +1,74 @@
# Create RBAC for specific namespace
- Apply RBAC for specific namespace
```shell
k apply -f access.yaml
```
- Get Details of RBAC
```shell
k describe sa developer -n developer-dev
```
- Get Token from RBAC
```shell
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d
```
- Get Certificate from RBAC
```shell
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}"
```
- Create kube config file
```yaml
apiVersion: v1
kind: Config
preferences: {}
cluster:
certificate-authority-data: PLACE CERTIFICATE HERE
server: https://YOUR_KUBERNETES_API_ENDPOINT
name: developer-cluster
users:
- name: developer
user:
as-user-extra: {}
client-key-data: PLACE CERTIFICATE HERE
token: PLACE USER TOKEN HERE
contexts:
- context:
cluster: kubernetes
namespace: developer-dev
user: developer
name: developer-dev
current-context: developer-dev
clusters:
- cluster:
certificate-authority-data: PLACE CERTIFICATE HERE
server: https://YOUR_KUBERNETES_API_ENDPOINT
name: developer-cluster
users:
- name: developer
user:
as-user-extra: {}
client-key-data: PLACE CERTIFICATE HERE
token: PLACE USER TOKEN HERE
contexts:
- context:
cluster: kubernetes
namespace: developer-dev
user: developer
name: developer-dev
current-context: developer-dev
```

43
rbac/access.yaml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app: developer-dev
name: developer-dev
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: developer
namespace: developer-dev
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: developer-full-access
namespace: developer-dev
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: developer-view
namespace: developer-dev
subjects:
- kind: ServiceAccount
name: developer
namespace: developer-dev
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: developer-full-access