apiVersion: v1 kind: ServiceAccount metadata: name: cockroachdb namespace: cockroachdb labels: app: cockroachdb --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cockroachdb namespace: cockroachdb labels: app: cockroachdb rules: - apiGroups: - "" resources: - secrets verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cockroachdb namespace: cockroachdb labels: app: cockroachdb roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: cockroachdb subjects: - kind: ServiceAccount name: cockroachdb namespace: default --- apiVersion: v1 kind: Service metadata: # This service is meant to be used by clients of the database. It exposes a ClusterIP that will # automatically load balance connections to the different database pods. name: cockroachdb-public namespace: cockroachdb labels: app: cockroachdb spec: ports: # The main port, served by gRPC, serves Postgres-flavor SQL, internode # traffic and the cli. - port: 26257 targetPort: 26257 name: grpc # The secondary port serves the UI as well as health and debug endpoints. - port: 8080 targetPort: 8080 name: http selector: app: cockroachdb --- apiVersion: v1 kind: Service metadata: # This service only exists to create DNS entries for each pod in the stateful # set such that they can resolve each other's IP addresses. It does not # create a load-balanced ClusterIP and should not be used directly by clients # in most circumstances. name: cockroachdb namespace: cockroachdb labels: app: cockroachdb annotations: # Use this annotation in addition to the actual publishNotReadyAddresses # field below because the annotation will stop being respected soon but the # field is broken in some versions of Kubernetes: # https://github.com/kubernetes/kubernetes/issues/58662 service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" # Enable automatic monitoring of all instances when Prometheus is running in the cluster. prometheus.io/scrape: "true" prometheus.io/path: "_status/vars" prometheus.io/port: "8080" spec: ports: - port: 26257 targetPort: 26257 name: grpc - port: 8080 targetPort: 8080 name: http # We want all pods in the StatefulSet to have their addresses published for # the sake of the other CockroachDB pods even before they're ready, since they # have to be able to talk to each other in order to become ready. publishNotReadyAddresses: true clusterIP: None selector: app: cockroachdb --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cockroachdb-budget namespace: cockroachdb labels: app: cockroachdb spec: selector: matchLabels: app: cockroachdb maxUnavailable: 1 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: cockroachdb namespace: cockroachdb spec: serviceName: "cockroachdb" replicas: 3 selector: matchLabels: app: cockroachdb template: metadata: labels: app: cockroachdb spec: serviceAccountName: cockroachdb affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - cockroachdb topologyKey: kubernetes.io/hostname containers: - name: cockroachdb image: cockroachdb/cockroach:v24.1.2 imagePullPolicy: IfNotPresent # TODO: Change these to appropriate values for the hardware that you're running. You can see # the resources that can be allocated on each of your Kubernetes nodes by running: # kubectl describe nodes # Note that requests and limits should have identical values. resources: requests: cpu: "2" memory: "2Gi" limits: cpu: "2" memory: "2Gi" ports: - containerPort: 26257 name: grpc - containerPort: 8080 name: http # We recommend that you do not configure a liveness probe on a production environment, as this can impact the availability of production databases. # livenessProbe: # httpGet: # path: "/health" # port: http # scheme: HTTPS # initialDelaySeconds: 30 # periodSeconds: 5 readinessProbe: httpGet: path: "/health?ready=1" port: http scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 5 failureThreshold: 2 volumeMounts: - name: datadir mountPath: /cockroach/cockroach-data - name: certs mountPath: /cockroach/cockroach-certs env: - name: COCKROACH_CHANNEL value: kubernetes-secure - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu divisor: "1" - name: MEMORY_LIMIT_MIB valueFrom: resourceFieldRef: resource: limits.memory divisor: "1Mi" command: - "/bin/bash" - "-ecx" # The use of qualified `hostname -f` is crucial: # Other nodes aren't able to look up the unqualified hostname. - exec /cockroach/cockroach start --logtostderr --certs-dir /cockroach/cockroach-certs --advertise-host $(hostname -f) --http-addr 0.0.0.0 --join cockroachdb-0.cockroachdb,cockroachdb-1.cockroachdb,cockroachdb-2.cockroachdb --cache $(expr $MEMORY_LIMIT_MIB / 4)MiB --max-sql-memory $(expr $MEMORY_LIMIT_MIB / 4)MiB # No pre-stop hook is required, a SIGTERM plus some time is all that's # needed for graceful shutdown of a node. terminationGracePeriodSeconds: 60 volumes: - name: datadir persistentVolumeClaim: claimName: datadir - name: certs secret: secretName: cockroachdb.node defaultMode: 256 podManagementPolicy: Parallel updateStrategy: type: RollingUpdate volumeClaimTemplates: - metadata: name: datadir spec: accessModes: - "ReadWriteOnce" resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolume metadata: name: datadir-cockroachdb-0 spec: storageClassName: "" capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain mountOptions: - hard - nfsvers=4.1 nfs: server: 192.168.2.110 path: /mnt/nfs_share/cockroachdb/0 readOnly: false --- apiVersion: v1 kind: PersistentVolume metadata: name: datadir-cockroachdb-1 spec: storageClassName: "" capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain mountOptions: - hard - nfsvers=4.1 nfs: server: 192.168.2.110 path: /mnt/nfs_share/cockroachdb/1 readOnly: false --- apiVersion: v1 kind: PersistentVolume metadata: name: datadir-cockroachdb-2 spec: storageClassName: "" capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain mountOptions: - hard - nfsvers=4.1 nfs: server: 192.168.2.110 path: /mnt/nfs_share/cockroachdb/2 readOnly: false --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: datadir-cockroachdb-0 namespace: cockroachdb spec: storageClassName: nfs-client volumeName: datadir-cockroachdb-0 accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: datadir-cockroachdb-1 namespace: cockroachdb spec: storageClassName: nfs-client volumeName: datadir-cockroachdb-1 accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: datadir-cockroachdb-2 namespace: cockroachdb spec: storageClassName: nfs-client volumeName: datadir-cockroachdb-2 accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 1Gi