fed: setup the br-federation-manager

Makefile

@@ -31,8 +31,9 @@ default: build
 docker-push: docker
  docker push "${DOCKER_REPO}/tidb-operator:${IMAGE_TAG}"
  docker push "${DOCKER_REPO}/tidb-backup-manager:${IMAGE_TAG}"
+ docker push "${DOCKER_REPO}/br-federation-manager:${IMAGE_TAG}"
 
-docker: operator-docker backup-docker
+docker: operator-docker backup-docker br-federation-docker
 
 ifeq ($(NO_BUILD),y)
 operator-docker:
@@ -46,7 +47,7 @@ else
  docker build --tag "${DOCKER_REPO}/tidb-operator:${IMAGE_TAG}" --build-arg=TARGETARCH=$(GOARCH) images/tidb-operator
 endif
 
-build: controller-manager scheduler discovery admission-webhook backup-manager
+build: controller-manager scheduler discovery admission-webhook backup-manager br-federation-manager
 
 controller-manager:
 ifeq ($(E2E),y)
@@ -83,6 +84,13 @@ else
  $(GO_BUILD) -ldflags '$(LDFLAGS)' -o images/tidb-backup-manager/bin/$(GOARCH)/tidb-backup-manager cmd/backup-manager/main.go
 endif
 
+br-federation-manager:
+ifeq ($(E2E),y)
+ $(GO_TEST) -ldflags '$(LDFLAGS)' -c -o images/br-federation-manager/bin/br-federation-manager ./cmd/br-federation-manager
+else
+ $(GO_BUILD) -ldflags '$(LDFLAGS)' -o images/br-federation-manager/bin/$(GOARCH)/br-federation-manager ./cmd/br-federation-manager
+endif
+
 ifeq ($(NO_BUILD),y)
 backup-docker:
  @echo "NO_BUILD=y, skip build for $@"
@@ -95,6 +103,18 @@ else
  docker build --tag "${DOCKER_REPO}/tidb-backup-manager:${IMAGE_TAG}" --build-arg=TARGETARCH=$(GOARCH) images/tidb-backup-manager
 endif
 
+ifeq ($(NO_BUILD),y)
+br-federation-docker:
+ @echo "NO_BUILD=y, skip build for $@"
+else
+br-federation-docker: br-federation-manager
+endif
+ifeq ($(E2E),y)
+ docker build --tag "${DOCKER_REPO}/br-federation-manager:${IMAGE_TAG}" -f images/br-federation-manager/Dockerfile.e2e images/br-federation-manager
+else
+ docker build --tag "${DOCKER_REPO}/br-federation-manager:${IMAGE_TAG}" --build-arg=TARGETARCH=$(GOARCH) images/br-federation-manager
+endif
+
 e2e-docker-push: e2e-docker
  docker push "${DOCKER_REPO}/tidb-operator-e2e:${IMAGE_TAG}"
 

charts/br-federation/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/br-federation/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+description: br-federation Helm chart for Kubernetes
+name: br-federation
+version: v1-canary
+appVersion: v1-canary
+home: https://github.com/pingcap/tidb-operator
+sources:
+ - https://github.com/pingcap/tidb-operator
+keywords:
+ - operator
+ - newsql
+ - htap
+ - database
+ - mysql
+ - raft
+maintainers:
+- name: csuzhangxc
+ email: zhangxuecheng@pingcap.com
+- name: WangLe1321
+ email: le.wang@pingcap.com

charts/br-federation/templates/NOTES.txt

@@ -0,0 +1,3 @@
+Make sure br-federation components are running:
+
+ kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}

charts/br-federation/templates/_helpers.tpl

@@ -0,0 +1,24 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "br-federation.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "helm-toolkit.utils.template" -}}
+{{- $name := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $last := base $context.Template.Name }}
+{{- $wtf := $context.Template.Name | replace $last $name -}}
+{{ include $wtf $context }}
+{{- end }}

charts/br-federation/templates/controller-manager-deployment.yaml

@@ -0,0 +1,125 @@
+{{- if (hasKey .Values.brFederationManager "create" | ternary .Values.brFederationManager.create true) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ {{- if eq .Values.appendReleaseSuffix true}}
+ name: br-federation-manager-{{.Release.Name }}
+ {{- else }}
+ name: br-federation-manager
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+spec:
+ replicas: {{ .Values.brFederationManager.replicas }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+{{- if .Values.brFederationManager.podAnnotations }}
+ annotations:
+{{ toYaml .Values.brFederationManager.podAnnotations | indent 8 }}
+{{ end }}
+ spec:
+ {{- if .Values.brFederationManager.serviceAccount }}
+ {{- if eq .Values.appendReleaseSuffix true}}
+ serviceAccount: {{ .Values.brFederationManager.serviceAccount }}-{{ .Release.Name }}
+ {{- else }}
+ serviceAccount: {{ .Values.brFederationManager.serviceAccount }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 6 }}
+ {{- end }}
+ containers:
+ - name: br-federation-manager
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.imagePullPolicy | default "IfNotPresent" }}
+ {{- if .Values.brFederationManager.resources }}
+ resources:
+{{ toYaml .Values.brFederationManager.resources | indent 12 }}
+ {{- end }}
+ livenessProbe:
+ tcpSocket:
+ port: 6060
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ failureThreshold: 10
+ command:
+ - /usr/local/bin/br-federation-manager
+ - -v={{ .Values.brFederationManager.logLevel }}
+ {{- if .Values.brFederationManager.workers }}
+ - -workers={{ .Values.brFederationManager.workers | default 5 }}
+ {{- end }}
+ {{- if .Values.brFederationManager.leaderLeaseDuration }}
+ - -leader-lease-duration={{ .Values.brFederationManager.leaderLeaseDuration }}
+ {{- end }}
+ {{- if .Values.brFederationManager.leaderRenewDeadline }}
+ - -leader-renew-deadline={{ .Values.brFederationManager.leaderRenewDeadline }}
+ {{- end }}
+ {{- if .Values.brFederationManager.leaderRetryPeriod }}
+ - -leader-retry-period={{ .Values.brFederationManager.leaderRetryPeriod }}
+ {{- end }}
+ {{- if .Values.brFederationManager.kubeClientQPS }}
+ - -kube-client-qps={{ .Values.brFederationManager.kubeClientQPS }}
+ {{- end }}
+ {{- if .Values.brFederationManager.kubeClientBurst }}
+ - -kube-client-burst={{ .Values.brFederationManager.kubeClientBurst }}
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: TZ
+ value: {{ .Values.timezone | default "UTC" }}
+ {{- if eq .Values.appendReleaseSuffix true}}
+ - name: HELM_RELEASE
+ value: {{ .Release.Name }}
+ {{- end }}
+ {{- with .Values.brFederationManager.env }}
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: federation-kubeconfig
+ mountPath: /etc/br-federation/federation-kubeconfig
+ readOnly: true
+ volumes:
+ - name: federation-kubeconfig
+ secret:
+ secretName: {{ .Values.brFederationManager.federationKubeconfigSecret }}
+ {{- with .Values.brFederationManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+
+ {{- with .Values.brFederationManager.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+
+ {{- with .Values.brFederationManager.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+
+ {{- if .Values.brFederationManager.priorityClassName }}
+ priorityClassName: {{ .Values.brFederationManager.priorityClassName }}
+ {{- end }}
+ {{- with .Values.brFederationManager.securityContext }}
+ securityContext:
+{{ toYaml . | indent 8 }}
+ {{- end}}
+{{- end }}

charts/br-federation/templates/controller-manager-rbac.yaml

@@ -0,0 +1,58 @@
+{{- if and .Values.rbac.create (hasKey .Values.brFederationManager "create" | ternary .Values.brFederationManager.create true) }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ {{- if eq .Values.appendReleaseSuffix true}}
+ name: {{ .Values.brFederationManager.serviceAccount }}-{{ .Release.Name }}
+ {{- else }}
+ name: {{ .Values.brFederationManager.serviceAccount }}
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}:br-federation-manager
+ labels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+rules:
+- apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["create", "get", "list", "watch", "update", "delete"]
+- apiGroups: ["federation.pingcap.com"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}:br-federation-manager
+ labels:
+ app.kubernetes.io/name: {{ template "chart.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: br-federation-manager
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+subjects:
+- kind: ServiceAccount
+ {{- if eq .Values.appendReleaseSuffix true}}
+ name: {{ .Values.brFederationManager.serviceAccount }}-{{ .Release.Name }}
+ {{- else }}
+ name: {{ .Values.brFederationManager.serviceAccount }}
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Release.Name }}:br-federation-manager
+ apiGroup: rbac.authorization.k8s.io
+{{- end }}

charts/br-federation/values.yaml

@@ -0,0 +1,77 @@
+# Default values for br-federation
+
+rbac:
+ create: true
+
+# timezone is the default system timzone
+timezone: UTC
+
+image: pingcap/br-federation-manager:v1.5.0-beta.1
+imagePullPolicy: IfNotPresent
+# imagePullSecrets: []
+
+appendReleaseSuffix: false
+
+brFederationManager:
+ create: true
+ # With rbac.create=false, the user is responsible for creating this account
+ # With rbac.create=true, this service account will be created
+ # Also see rbac.create
+ serviceAccount: br-federation-manager
+
+ # Secret name of the kubeconfig for the federation Kubernetes clusters
+ # The data item key is the cluster name, and the data item value is the base64 encoded kubeconfig
+ federationKubeconfigSecret: br-federation-kubeconfig
+
+ logLevel: 2
+ replicas: 1
+ resources:
+ requests:
+ cpu: 80m
+ memory: 50Mi
+ # REF: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+ # priorityClassName: system-cluster-critical
+
+
+ # REF: https://pkg.go.dev/k8s.io/client-go/tools/leaderelection#LeaderElectionConfig
+ ## leaderLeaseDuration is the duration that non-leader candidates will wait to force acquire leadership
+ # leaderLeaseDuration: 15s
+ ## leaderRenewDeadline is the duration that the acting master will retry refreshing leadership before giving up
+ # leaderRenewDeadline: 10s
+ ## leaderRetryPeriod is the duration the LeaderElector clients should wait between tries of actions
+ # leaderRetryPeriod: 2s
+
+ ## number of workers that are allowed to sync concurrently. default 5
+ # workers: 5
+
+ ## affinity defines pod scheduling rules,affinity default settings is empty.
+ ## please read the affinity document before set your scheduling rule:
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ affinity: {}
+ ## nodeSelector ensure pods only assigning to nodes which have each of the indicated key-value pairs as labels
+ ## ref:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ nodeSelector: {}
+ ## Tolerations are applied to pods, and allow pods to schedule onto nodes with matching taints.
+ ## refer to https://kubernetes.io/docs/concepts/configuration/taint-and-toleration
+ tolerations: []
+ ## Env define environments for the controller manager.
+ ## NOTE that the following env names is reserved: 
+ ## - NAMESPACE
+ ## - TZ
+ ## - HELM_RELEASE
+ env: []
+ # - name: AWS_REGION
+ # value: us-west-2
+ # SecurityContext is security config of this component, it will set template.spec.securityContext
+ # Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context
+ securityContext: {}
+ # runAsUser: 1000
+ # runAsGroup: 2000
+ # fsGroup: 2000
+ # PodAnnotations will set template.metadata.annotations
+ # Refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ podAnnotations: {}
+ ## KubeClientQPS indicates the maximum QPS to the kubenetes API server from client.
+ # kubeClientQPS: 5
+ ## Maximum burst for throttle.
+ # kubeClientBurst: 10