Created
March 20, 2025 22:15
-
-
Save cloudnull/700cf2611e65a4581d510fb10d66c55c to your computer and use it in GitHub Desktop.
genestack hyperconvered application example manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Create the namespace for the demo DBaaS instance | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| labels: | |
| kubernetes.io/metadata.name: 1708f792c27b7a9fd42080b5721dd1dd | |
| pod-security.kubernetes.io/audit: privileged | |
| pod-security.kubernetes.io/audit-version: latest | |
| pod-security.kubernetes.io/enforce: privileged | |
| pod-security.kubernetes.io/enforce-version: latest | |
| pod-security.kubernetes.io/warn: privileged | |
| pod-security.kubernetes.io/warn-version: latest | |
| name: 1708f792c27b7a9fd42080b5721dd1dd | |
| --- | |
| # Create the secret that will be used with the Database. This secret will contain the root password for the Database | |
| # the password will be base64 encoded and set to "secrete" and "supersecrete" respectively. | |
| # * password will be used with the "wordpress" user | |
| # * root-password will be used with the "root" user | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: db1-password | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| type: Opaque | |
| data: | |
| password: c2VjcmV0ZQ== | |
| root-password: c3VwZXJTZWNyZXRl | |
| --- | |
| # Create the VIP for the namespace used with the DBaaS instance. This VIP will be used for the DBaaS instance. | |
| # The VIP will be used for the LoadBalancer service. | |
| apiVersion: kubeovn.io/v1 | |
| kind: Vip | |
| metadata: | |
| name: vip-db1-service | |
| spec: | |
| subnet: subnet-1708f792c27b7a9fd42080b5721dd1dd-db1 | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| type: "switch_lb_vip" | |
| v4ip: "240.0.0.200" | |
| --- | |
| # Create the VIP for the namespace used with the DBaaS instance. This VIP will be used for the DBaaS instance. | |
| # The VIP will be used for the LoadBalancer service. | |
| apiVersion: kubeovn.io/v1 | |
| kind: Vip | |
| metadata: | |
| name: vip-db1-service-primary | |
| spec: | |
| subnet: subnet-1708f792c27b7a9fd42080b5721dd1dd-db1 | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| type: "switch_lb_vip" | |
| v4ip: "240.0.0.201" | |
| --- | |
| # Create the VIP for the namespace used with the DBaaS instance. This VIP will be used for the DBaaS instance. | |
| # The VIP will be used for the LoadBalancer service. | |
| apiVersion: kubeovn.io/v1 | |
| kind: Vip | |
| metadata: | |
| name: vip-db1-service-secondary | |
| spec: | |
| subnet: subnet-1708f792c27b7a9fd42080b5721dd1dd-db1 | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| type: "switch_lb_vip" | |
| v4ip: "240.0.0.202" | |
| --- | |
| # Create the LoadBalancer rule for the namespace used with the DBaaS instance. This rule will be used for the DBaaS instance. | |
| # The rule will be used for the LoadBalancer service. | |
| apiVersion: kubeovn.io/v1 | |
| kind: SwitchLBRule | |
| metadata: | |
| name: db1 | |
| spec: | |
| vip: "240.0.0.200" | |
| sessionAffinity: ClientIP | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| selector: | |
| - "app.kubernetes.io/name: mariadb" | |
| - "app.kubernetes.io/instance: db1" | |
| ports: | |
| - name: mariadb | |
| port: 3306 | |
| targetPort: 3306 | |
| protocol: TCP | |
| --- | |
| # Create the subnet for the namespace used with the DBaaS instance. This is a class D network and will be used for the DBaaS instance. | |
| # The class D network will ensure that there's no possible overlap with other networks. | |
| kind: Subnet | |
| apiVersion: kubeovn.io/v1 | |
| metadata: | |
| name: subnet-1708f792c27b7a9fd42080b5721dd1dd-db1 | |
| spec: | |
| vpc: neutron-ee30d873-5b4d-453b-8412-db5098362c01 | |
| cidrBlock: 240.0.0.0/24 | |
| default: false | |
| enableLb: true | |
| disableGatewayCheck: false | |
| gatewayNode: "" | |
| gatewayType: distributed | |
| natOutgoing: false | |
| excludeIps: | |
| - 240.0.0.1 | |
| - 240.0.0.100 | |
| - 240.0.0.101 | |
| - 240.0.0.102 | |
| gateway: 240.0.0.1 | |
| private: false | |
| protocol: IPv4 | |
| provider: ovn | |
| --- | |
| # Create the secret that will be used with the Longhorn storage class. This secret will contain the encryption key for the storage class. | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: longhorn-crypto | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| stringData: | |
| CRYPTO_KEY_VALUE: "SuperSecrete" # Be sure to replace this with your own passphrase | |
| CRYPTO_KEY_PROVIDER: "secret" | |
| CRYPTO_KEY_CIPHER: "aes-xts-plain64" | |
| CRYPTO_KEY_HASH: "sha256" | |
| CRYPTO_KEY_SIZE: "256" | |
| CRYPTO_PBKDF: "argon2i" | |
| --- | |
| # Create the Longhorn storage class that will be used with the DBaaS instance. This storage class will be encrypted. | |
| # This storage class is bound to the secrete created above. | |
| kind: StorageClass | |
| apiVersion: storage.k8s.io/v1 | |
| metadata: | |
| name: 1708f792c27b7a9fd42080b5721dd1dd-general-encrypted | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| provisioner: driver.longhorn.io | |
| allowVolumeExpansion: true | |
| reclaimPolicy: Delete | |
| volumeBindingMode: Immediate | |
| parameters: | |
| numberOfReplicas: "2" | |
| dataLocality: "best-effort" | |
| staleReplicaTimeout: "2880" | |
| fromBackup: "" | |
| fsType: "ext4" | |
| encrypted: "true" | |
| csi.storage.k8s.io/provisioner-secret-name: "longhorn-crypto" | |
| csi.storage.k8s.io/provisioner-secret-namespace: "1708f792c27b7a9fd42080b5721dd1dd" | |
| csi.storage.k8s.io/node-publish-secret-name: "longhorn-crypto" | |
| csi.storage.k8s.io/node-publish-secret-namespace: "1708f792c27b7a9fd42080b5721dd1dd" | |
| csi.storage.k8s.io/node-stage-secret-name: "longhorn-crypto" | |
| csi.storage.k8s.io/node-stage-secret-namespace: "1708f792c27b7a9fd42080b5721dd1dd" | |
| --- | |
| # Create the DBaaS instance. This instance will be created with a MariaDB image and will be created with a single replica. | |
| # The instance will be created with a 10Gi volume and will be created with a LoadBalancer service. | |
| # The instance will be created with a custom my.cnf file. | |
| # The instance will be created with a custom database and user. | |
| # The instance will be created with a custom grant. | |
| # The instance will be created with a custom subnet. | |
| # The instance will be created with a custom storage class. | |
| # The instance will be created with a custom affinity. | |
| # The instance will be created with a custom update strategy. | |
| # The instance will be created with a custom service. | |
| # The instance will be created with a custom primary service. | |
| # The instance will be created with a custom secondary service. | |
| # The instance will be created with a custom pod metadata. | |
| # The instance will be created with a custom replication. | |
| # The instance will be created with a custom username. | |
| # The instance will be created with a custom image. | |
| apiVersion: k8s.mariadb.com/v1alpha1 | |
| kind: MariaDB | |
| metadata: | |
| name: db1 | |
| namespace: 1708f792c27b7a9fd42080b5721dd1dd | |
| spec: | |
| rootPasswordSecretKeyRef: | |
| name: db1-password | |
| key: root-password | |
| generate: false | |
| username: mariadb | |
| database: mariadb | |
| image: docker-registry1.mariadb.com/library/mariadb:11.4.3 | |
| affinity: | |
| nodeAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| nodeSelectorTerms: | |
| - matchExpressions: | |
| - key: node-role.kubernetes.io/worker | |
| operator: In | |
| values: | |
| - worker | |
| podMetadata: | |
| annotations: | |
| ovn.kubernetes.io/logical_switch: subnet-1708f792c27b7a9fd42080b5721dd1dd-db1 | |
| ovn.kubernetes.io/ip_pool: 240.0.0.100,240.0.0.101,240.0.0.102 | |
| storage: | |
| size: 10Gi | |
| storageClassName: 1708f792c27b7a9fd42080b5721dd1dd-general-encrypted | |
| resizeInUseVolumes: true | |
| waitForVolumeResize: true | |
| volumeClaimTemplate: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 10Gi | |
| storageClassName: 1708f792c27b7a9fd42080b5721dd1dd-general-encrypted | |
| replicas: 1 | |
| replication: | |
| enabled: false | |
| service: | |
| type: ClusterIP | |
| metadata: | |
| annotations: | |
| ovn.kubernetes.io/vpc: neutron-ee30d873-5b4d-453b-8412-db5098362c01 | |
| # ovn.kubernetes.io/switch_lb_vip: "240.0.0.200" | |
| primaryService: | |
| type: ClusterIP | |
| metadata: | |
| annotations: | |
| ovn.kubernetes.io/vpc: neutron-ee30d873-5b4d-453b-8412-db5098362c01 | |
| # ovn.kubernetes.io/switch_lb_vip: "240.0.0.201" | |
| secondaryService: | |
| type: ClusterIP | |
| metadata: | |
| annotations: | |
| ovn.kubernetes.io/vpc: neutron-ee30d873-5b4d-453b-8412-db5098362c01 | |
| # ovn.kubernetes.io/switch_lb_vip: "240.0.0.202" | |
| updateStrategy: | |
| type: RollingUpdate | |
| myCnf: | | |
| [mariadb] | |
| bind-address=0.0.0.0 | |
| default_storage_engine=InnoDB | |
| binlog_format=ROW | |
| innodb_autoinc_lock_mode=2 | |
| max_allowed_packet=256M | |
| max_connections=10240 | |
| open_files_limit=10240 | |
| max-connect-errors=1000000 | |
| innodb_rollback_on_timeout=1 | |
| performance_schema=ON | |
| innodb_log_buffer_size=33554432 | |
| innodb_flush_log_at_trx_commit=1 | |
| ignore-db-dirs=lost+found | |
| skip-name-resolve | |
| innodb_buffer_pool_size=4G | |
| innodb_doublewrite=0 | |
| innodb_file_per_table=1 | |
| innodb_flush_method=O_DIRECT | |
| innodb_io_capacity=500 | |
| innodb_log_file_size=1G | |
| innodb_old_blocks_time=1000 | |
| innodb_read_io_threads=8 | |
| innodb_write_io_threads=8 | |
| wait_timeout=3600 | |
| interactive_timeout=3600 | |
| net_read_timeout=360 | |
| net_write_timeout=360 | |
| sync_binlog=1 | |
| thread_cache_size=16 | |
| table_open_cache=2048 | |
| table_definition_cache=1024 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment