## storage/crd.yaml apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: arangolocalstorages.storage.arangodb.com spec: group: storage.arangodb.com names: kind: ArangoLocalStorage listKind: ArangoLocalStorageList plural: arangolocalstorages shortNames: - arangostorage singular: arangolocalstorage scope: Cluster version: v1alpha --- ## storage/rbac.yaml ## Cluster role granting access to ArangoLocalStorage resources. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: arango-storages rules: - apiGroups: ["storage.arangodb.com"] resources: ["arangolocalstorages"] verbs: ["*"] --- ## Cluster role granting access to all resources needed by the ArangoLocalStorage operator. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: arango-storage-operator rules: - apiGroups: ["storage.arangodb.com"] resources: ["arangolocalstorages"] verbs: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get"] - apiGroups: [""] resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] verbs: ["*"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "update"] - apiGroups: [""] resources: ["secrets"] verbs: ["get"] - apiGroups: [""] resources: ["namespaces", "nodes"] verbs: ["get", "list"] - apiGroups: ["apps"] resources: ["daemonsets"] verbs: ["*"] - apiGroups: ["apps"] resources: ["deployments", "replicasets"] verbs: ["get"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["*"] --- ## Bind the cluster role granting access to ArangoLocalStorage resources ## to the default service account of the configured namespace. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: arango-storages namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: arango-storages subjects: - kind: ServiceAccount name: default namespace: default --- ## Bind the cluster role granting access to all resources needed by ## the ArangoLocalStorage operator to the default service account ## the is being used to run the operator deployment. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: arango-storage-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: arango-storage-operator subjects: - kind: ServiceAccount name: arango-storage-operator namespace: kube-system --- ## storage/deployment.yaml ## Service accounts apiVersion: v1 kind: ServiceAccount metadata: namespace: kube-system name: arango-storage-operator --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: arango-storage-operator namespace: kube-system spec: replicas: 2 strategy: type: Recreate template: metadata: labels: name: arango-storage-operator app: arango-storage-operator spec: serviceAccountName: arango-storage-operator containers: - name: operator imagePullPolicy: IfNotPresent image: arangodb/kube-arangodb@sha256:d69506723c7af8dceacf130137ae542bc04dd076c0d211ca6a0ed0df9a64fe27 args: - --operator.storage env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP ports: - name: metrics containerPort: 8528 livenessProbe: httpGet: path: /health port: 8528 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /ready/storage port: 8528 scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationSeconds: 5 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationSeconds: 5 --- ## storage/service.yaml apiVersion: v1 kind: Service metadata: name: arango-storage-operator namespace: kube-system labels: name: arango-storage-operator app: arango-storage-operator spec: ports: - name: server port: 8528 protocol: TCP targetPort: 8528 selector: name: arango-storage-operator app: arango-storage-operator role: leader type: ClusterIP