diff --git a/helm_charts/starrocks.yaml b/helm_charts/starrocks.yaml new file mode 100644 index 000000000..15fa8c36a --- /dev/null +++ b/helm_charts/starrocks.yaml @@ -0,0 +1,1189 @@ + +# This file is generated by scripts/create-parent-chart-values.sh. +# It just contains the values of the child charts. +# You can modify it manually if you want to change the values of the child charts. +# The values of the child charts are as follows: + +operator: + # Default values for operator. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + + global: + rbac: + # if set true, the clusterrole, clusterrolebinding, serviceaccount resources will be created for + # operator. If changed to false later, these resources will be deleted. + # Note: By default the operator will watch all namespaces, so it needs clusterrole, clusterrolebinding to access resources. + # If .Values.starrocksOperator.watchNamespace is set, the role and rolebinding will be created for the specified namespace. + create: true + serviceAccount: + name: "starrocks" + # Optional annotations to add to serviceaccount manifest + annotations: {} + # Optional labels to add to serviceaccount manifest + labels: {} + + # TimeZone is used to set the environment variable TZ for pod, with Asia/Shanghai as the default. + timeZone: America/Denver + + # set the nameOverride values for creating the same resources with parent chart. + # In version v1.7.1 or before, there is only one chart called kube-starrocks, and the chart name is the prefix + # of some resources created by the chart. + # In version v1.8.0, the kube-starrocks chart is split into two charts, and to keep backward compatibility, the + # nameOverride is used to set the prefix of the resources created by operator chart. + nameOverride: "kube-starrocks" + + starrocksOperator: + # If enabled, the operator releated resources will be created, including the operator deployment, service account, + # clusterrole, clusterrolebinding, and service account. + enabled: true + # annotations for starrocks operator. + annotations: {} + namespaceOverride: "" + image: + # image sliced by "repository:tag" + repository: starrocks/operator + tag: v1.9.8 + imagePullPolicy: Always + replicaCount: 1 + resources: + limits: + cpu: 500m + memory: 800Mi + requests: + cpu: 500m + memory: 400Mi + # By default, the operator will only set runAsNonRoot to true, allowPrivilegeEscalation to false, readOnlyRootFilesystem to true. + # You can customize the securityContext for operator pod, e.g. drop capabilities, seccompProfile, etc. + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + #capabilities: + # drop: + # - ALL + #seccompProfile: + # type: "RuntimeDefault" + # imagePullSecrets allows you to use secrets to pull images for pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # affinity for operator pod scheduling. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # If specified, it will restrict operator to watch resources in the specified namespace. And + # 1. You must deploy your StarRocks cluster to the specified namespace. + # 2. You can not assign multiple namespaces to watchNamespace field. + # Note: In most cases, you should not set this value. If your kubernetes cluster manages too many nodes, and + # operator watching all namespaces use too many memory resources, you can set this value. + # Defaults to all namespaces. + watchNamespace: "" + # Additional operator container environment variables + # You specify this manually like you would a raw deployment manifest. + # Ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ + # operator supports the following environment variables: + # KUBE_STARROCKS_UNSUPPORTED_ENVS: "XXX,YYY" # The environment variables that will not be passed to starrocks container. + env: [] + # setting log related parameter + log: + - --zap-time-encoding=iso8601 + - --zap-encoder=console + # if you want open debug log, open this option + # - --zap-log-level 4 + +starrocks: + # set the nameOverride values for creating the same resources with parent chart. + # In version v1.7.1 or before, there is only one chart called kube-starrocks, and the chart name is the prefix + # of some resources created by the chart. + # In version v1.8.0, the kube-starrocks chart is split into two charts, and to keep backward compatibility, the + # nameOverride is used to set the prefix of the resources created by starrocks chart. + nameOverride: "kube-starrocks" + + # This configuration is used to modify the root password during initial deployment. + # After deployment is completed, it won't take effect to modify the password here and to do a `helm upgrade`. + # It also supports providing secret name that contains password, using the password in the secret instead of the plaintext in the values.yaml. + # When both password and passwordSecret are set, only passwordSecret takes effect. + # Note: If you install StarRocks using helm install without setting the initPassword, then for subsequent upgrade deployments, + # you should also not set the initPassword. + # If you install StarRocks using helm install and set the initPassword, please always retain the configuration of initPassword. + initPassword: + enabled: false + password: "" + # The secret name that contains password, the key of the secret is "password", and you should create it first. + passwordSecret: "" + # The image of the initPassword job, if it is not set, the FE image will be used. + # see https://github.com/StarRocks/starrocks-kubernetes-operator/issues/453 for why we need to set the image. + image: "" + # The annotations for the Job, not including the annotations for the pod. + annotations: {} + + # TimeZone is used to set the environment variable TZ for pod, with Asia/Shanghai as the default. + timeZone: America/Denver + + # This configuration is used to integrate with external system DataDog. + # You can enable the integration by setting the enabled to true, e.g. datalog.log.enabled=true will enable datadog agent + # to collect the log. + datadog: + log: + enabled: false + # besides the attributes you added, chart will append "source" and "service" attributes to the log config. + # see https://docs.datadoghq.com/containers/kubernetes/log/?tab=operator for more details. + logConfig: '{}' # e.g. '{"app": "starrocks", "tags": ["aa", "bb"]}' + metrics: + enabled: false + profiling: + fe: false # change to 'true' to enable profiling on FE pods; + be: false # change to 'true' to enable profiling on BE pods; + cn: false # change to 'true' to enable profiling on CN pods; + env: "starrocks-default" # the default value for DD_ENV; + configMode: "service" # see https://docs.datadoghq.com/containers/cluster_agent/admission_controller/?tab=operator#configure-apm-and-dogstatsd-communication-mode + + # This configuration is used to integrate with external system Prometheus. + metrics: + serviceMonitor: + # Whether to expose metrics to Prometheus by ServiceMonitor. + # Note: make sure the prometheus operator is installed in your cluster. + # If prometheus is not installed by operator, you can add annotations on k8s service to expose metrics. + # see https://github.com/StarRocks/starrocks-kubernetes-operator/blob/main/doc/integration/integration-prometheus-grafana.md#51-turn-on-the-prometheus-metrics-scrape-by-adding-annotations for more details. + enabled: false + # Prometheus ServiceMonitor labels + labels: {} + # scraper: prometheus-operator + # Prometheus ServiceMonitor interval + interval: 15s + + # deploy a starrocks cluster + starrocksCluster: + # the name of starrockscluster cluster, if not set, the value of nameOverride fields will be used. + name: "" + # the namespace of starrockscluster cluster, if not set, the release namespace will be used. + namespace: "" + # annotations for starrocks cluster. + annotations: {} + # specify the cn deploy or not. + enabledBe: false + enabledCn: true + # componentValues field is used to define values for all starrocks cluster components, including starrocksFESpec, + # starrocksBeSpec, starrocksCnSpec, not including starrocksFeProxySpec. So that you do not need to modify them in + # their own spec. + # Note: + # 1. the values in their own spec will take precedence over the values in this field. + # 2. the values in their own spec will replace all the values in this field, not merge. + componentValues: + image: + tag: "3.3-latest" + # hostAliases allows adding entries to /etc/hosts inside the containers. + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "example.com" + # If runAsNonRoot is true, the container is run as non-root user. + # The userId will be set to 1000, and the groupID will be set to 1000. + runAsNonRoot: false + # schedulerName allows you to specify which scheduler will be used for your pods. + schedulerName: "" + # serviceAccount for access cloud service. + serviceAccount: "" + # imagePullSecrets allows you to use secrets to pull images for pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # tolerations for pod scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # topologySpreadConstraints for scheduling pods across failure-domains. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule|ScheduleAnyway + # labelSelector: + # matchLabels: + # foo: bar + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # kubernetes.io/arch: amd64 + # kubernetes.io/os: linux + # affinity for pod scheduling. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/component + # operator: In + # values: + # - fe + # - be + # - cn + # topologyKey: "kubernetes.io/hostname" + # the pod labels for user select or classify pods. + podLabels: {} + + # spec to deploy fe. + starrocksFESpec: + # number of replicas to deploy for a fe statefulset. + replicas: 1 + image: + # image sliced by "repository:tag" + repository: starrocks/fe-ubuntu + tag: "" + imagePullPolicy: IfNotPresent + # Specify the entrypoint for FE. + # By default, operator will use '/opt/starrocks/fe_entrypoint.sh' as command, and use '$(FE_SERVICE_NAME)' as args in container spec. + # If entrypoint is set, the command will be ["bash", "-c"], and the args will be filename of the entrypoint script. + # A configmap with name $cluster-fe-entrypoint-script will be created, and the script will be mounted to /etc/starrocks/entrypoint.sh + # Pod will be restarted if the entrypoint script is updated. + entrypoint: {} + # script: | + # #! /bin/bash + # echo "do something before start fe" + # exec /opt/starrocks/fe_entrypoint.sh $FE_SERVICE_NAME + # add annotations for fe pods. For example, if you want to config monitor for datadog, you can config the annotations. + annotations: {} + # If runAsNonRoot is true, the container is run as non-root user. + # The userId will be set to 1000, and the groupID will be set to 1000. + runAsNonRoot: false + # specify the service name and port config and serviceType + # the service type refer https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + service: + # the fe service type, only supported ClusterIP, NodePort, LoadBalancer + type: "ClusterIP" + # the loadBalancerIP for static ip config when the type=LoadBalancer and loadbalancerIp is not empty. + loadbalancerIP: "" + # add annotations for fe service. + annotations: {} + # config the service port for fe service. + # To assign a specific port or nodePort to a service, you should specify them by the corresponding name or + # containerPort in the service configuration. If both containerPort and name are specified, containerPort takes precedence. + # For fe, port name can be http, query, rpc, edit-log, and their default container port is 8030, 9030, 9020, 9010. + ports: [] + # e.g. specify a dedicated node port for fe service by containerPort. + # - nodePort: 30030 # The range of valid ports is 30000-32767 + # containerPort: 8030 # The port exported on the container + # specify the source IP ranges for the load balancer when the type=LoadBalancer. + loadBalancerSourceRanges: [] + # - 10.0.0.0/8 + # imagePullSecrets allows you to use secrets to pull images for pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # serviceAccount for fe access cloud service. + serviceAccount: "" + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # kubernetes.io/arch: amd64 + # kubernetes.io/os: linux + # the pod labels for user select or classify pods. + podLabels: {} + # hostAliases allows adding entries to /etc/hosts inside the containers + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "example.com" + # schedulerName allows you to specify which scheduler will be used for your pods. + schedulerName: "" + # Additional fe container environment variables. + # See https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ for how to define environment variables. + # Note: If you use slice to define environment variables, and if there are multiple values files, the values in the last values file will take effect. + # If you use map to define environment variables, the values in the values files will be merged. + # You can only use one of slice and map to define environment variables. + # In order to avoid different type of feEnvVars, we do not define the default value of feEnvVars, e.g. feEnvVars: [] or feEnvVars: {}. + #feEnvVars: + # define environment variables by slice. + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + # affinity for fe pod scheduling. + # Note: It will affect the scheduling of the init-password job. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/component + # operator: In + # values: + # - fe + # topologyKey: "kubernetes.io/hostname" + # Node tolerations for fe pod scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # Note: It will affect the scheduling of the init-password job. + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # topologySpreadConstraints for scheduling pods across failure-domains. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule|ScheduleAnyway + # labelSelector: + # matchLabels: + # foo: bar + # resources for fe pod. + resources: + requests: + cpu: 8 + memory: 32Gi + # If you want to remove one resource limit, e.g. cpu, you can it to cpu: "unlimited". + limits: + cpu: 8 + memory: 32Gi + # fe storageSpec for persistent metadata. + # Note: Once set, the following fields will not be allowed to be modified. + storageSpec: + # Specifies the name prefix of the volumes to mount. If left unspecified, + # `emptyDir` volumes will be used by default, which are ephemeral and data + # will be lost on pod restart. + # + # For persistent storage, specify a volume name prefix. + # For example, using `fe` as the name prefix would be appropriate. + name: "" + # The storageClassName represent the used storageclass name. if not set will use k8s cluster default storageclass. + # You must set name when you set storageClassName. + # Note: Because hostPath field is not supported here, hostPath is not allowed to be set in storageClassName. + storageClassName: "" + # the persistent volume size for data. + # fe container stop running if the disk free space which the fe meta directory residents, is less than 5Gi. + storageSize: 100Gi + # If storageMountPath is empty, the storageMountPath will be set to /opt/starrocks/fe/meta. + storageMountPath: "" + # Setting this parameter can persist log storage, and the mount path is /opt/starrocks/fe/log. + # If you set it to 0Gi, the related PVC will not be created, and the log will not be persisted. + logStorageSize: 5Gi + # mount emptyDir volumes if necessary. + # Note: please use storageSpec field for persistent metadata and log. + emptyDirs: [] + # e.g. mount an emptyDir volume to /tmp + # - name: tmp-data + # mountPath: /tmp + # mount hostPath volumes if necessary. + # Note: please use storageSpec field for persistent storage data and log. + hostPaths: [] + # e.g. mount a hostPath volume to /tmp + # - name: tmp-data + # hostPath: + # path: /tmp + # type: Directory + # mountPath: /tmp + # the config for start fe. the base information as follows. + config: | + LOG_DIR = ${STARROCKS_HOME}/log + DATE = "$(date +%Y%m%d-%H%M%S)" + JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true -Xmx8192m -XX:+UseG1GC -Xlog:gc*:${LOG_DIR}/fe.gc.log.$DATE:time" + http_port = 8030 + rpc_port = 9020 + query_port = 9030 + edit_log_port = 9010 + mysql_service_nio_enabled = true + sys_log_level = INFO + enable_iceberg_metadata_disk_cache = true + + # A map object for setting the config. When configyaml is set, to non-empty, the configs in configyaml will take + # precedence and values in config field will be discarded. + configyaml: {} + # mount secrets if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + secrets: [] + # e.g. mount my-secret to /etc/my-secret + # - name: my-secret + # mountPath: /etc/my-secret + # subPath: "" + # mount configmaps if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + configMaps: [] + # e.g. mount my-configmap to /etc/my-configmap + # - name: my-configmap + # mountPath: /etc/my-configmap + # subPath: "" + # terminationGracePeriodSeconds defines duration in seconds the FE pod needs to terminate gracefully. + # default value is 120 seconds + terminationGracePeriodSeconds: 120 + + # Please upgrade the CRD with v1.8.7 released version, if you want to use the following configuration. + # including: startupProbeFailureSeconds, livenessProbeFailureSeconds, readinessProbeFailureSeconds + + # StartupProbeFailureSeconds defines the total failure seconds of startup Probe. + # default value is 300 seconds + # You can set it to "0" to disable the probe. + startupProbeFailureSeconds: + # LivenessProbeFailureSeconds defines the total failure seconds of liveness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + livenessProbeFailureSeconds: + # ReadinessProbeFailureSeconds defines the total failure seconds of readiness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + readinessProbeFailureSeconds: + # Lifecycle describes actions that the management system should take in response to container lifecycle events. + # By default, Operator will add corresponding preStop hooks for different components. For example, the preStop + # script for the FE Component is /opt/starrocks/fe_prestop.sh, for the BE Component is /opt/starrocks/be_prestop.sh, + # and for the CN Component is /opt/starrocks/cn_prestop.sh. + # You can just set postStart hook. + lifecycle: {} + # postStart: + # exec: + # command: + # - /bin/sh + # - -c + # - echo "Hello, world!" + # Sidecars is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this field to launch helper containers that provide additional functionality to the main container. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to define sidecars. + sidecars: [] + # - name: sidecar-container + # image: busybox + # # If starrocksFESpec.storageSpec.name is fe or not set, you can mount the volume of meta like this. + # command: ['sh', '-c', 'echo "hello from the sidecar container" >/opt/starrocks/fe/meta/sidecar-data.txt && sleep 3600'] + # volumeMounts: + # - mountPath: /opt/starrocks/fe/meta + # name: fe-meta # append -meta to the end of the name of the starrocksFESpec.storageSpec.name + # initContainers is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this to launch helper containers that run before the main container starts. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to configure a container. + initContainers: [] + # - name: init-container + # image: busybox + # # If starrocksFESpec.storageSpec.name is fe or not set, you can mount the volume of meta like this. + # command: ['sh', '-c', 'echo "hello from the init container" >/opt/starrocks/fe/meta/init-data.txt'] + # volumeMounts: + # - mountPath: /opt/starrocks/fe/meta + # name: fe-meta # append -meta to the end of the name of the starrocksFESpec.storageSpec.name + + # spec for compute node, compute node provide compute function. + starrocksCnSpec: + # number of replicas to deploy for CN component. + # + # When autoscaling of the CN statefulset is used the `replicas` field is set to null + # by the operator, and autoscaling is controlled by Horizontal Pod Autoscaling (HPA). + # You should only uncomment and set the `replicas` field if autoscaling is disabled. + # replicas: 1 + image: + # image sliced by "repository:tag" + repository: starrocks/cn-ubuntu + tag: "" + imagePullPolicy: IfNotPresent + # Specify the entrypoint for CN. + # By default, operator will use '/opt/starrocks/cn_entrypoint.sh' as command, and use '$(FE_SERVICE_NAME)' as args in container spec. + # If entrypoint is set, the command will be ["bash", "-c"], and the args will be filename of the entrypoint script. + # A configmap with name $cluster-cn-entrypoint-script will be created, and the script will be mounted to /etc/starrocks/entrypoint.sh + # Pod will be restarted if the entrypoint script is updated. + entrypoint: {} + # script: | + # #! /bin/bash + # echo "do something before start cn" + # exec /opt/starrocks/cn_entrypoint.sh $FE_SERVICE_NAME + # serviceAccount for cn access cloud service. + serviceAccount: "" + # add annotations for cn pods. example, if you want to config monitor for datadog, you can config the annotations. + annotations: {} + # If runAsNonRoot is true, the container is run as non-root user. + # The userId will be set to 1000, and the groupID will be set to 1000. + runAsNonRoot: false + # add/drop capabilities for CN container. + capabilities: {} + # add: + # - PERFMON + # - SYS_PTRACE + # drop: + # - SYS_ADMIN + # specify the service name and port config and serviceType + # the service type refer https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + service: + # the cn service type, only supported ClusterIP, NodePort, LoadBalancer + type: "ClusterIP" + # the loadBalancerIP for static ip config when the type=LoadBalancer and loadBalancerIp is not empty. + loadbalancerIP: "" + # add annotations for cn service. + annotations: {} + # config the service port for cn service. + # To assign a specific port or nodePort to a service, you should specify them by the corresponding name or + # containerPort in the service configuration. If both containerPort and name are specified, containerPort takes precedence. + # For cn, port name can be webserver, heartbeat, brpc, thrift, and their default container port is 8040, 9050, 8060, 9060. + ports: [] + # e.g. specify a dedicated node port for cn service by containerPort. + # - nodePort: 30040 # The range of valid ports is 30000-32767 + # containerPort: 8040 # The port on the container to expose + # specify the source IP ranges for the load balancer when the type=LoadBalancer. + loadBalancerSourceRanges: [] + # - 10.0.0.0/8 + # imagePullSecrets allows you to use secrets for pulling images for your pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # kubernetes.io/arch: amd64 + # kubernetes.io/os: linux + # the pod labels for user select or classify pods. + podLabels: {} + ## hostAliases allows adding entries to /etc/hosts inside the containers + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "example.com" + # schedulerName allows you to specify which scheduler will be used for the pod + schedulerName: "" + # Additional cn container environment variables. + # See https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ for how to define environment variables. + # Note: If you use slice to define environment variables, and if there are multiple values files, the values in the last values file will take effect. + # If you use map to define environment variables, the values in the values files will be merged. + # You can only use one of slice and map to define environment variables. + # In order to avoid different type of cnEnvVars, we do not define the default value of cnEnvVars, e.g. cnEnvVars: [] or cnEnvVars: {}. + # cnEnvVars: + # define environment variables by slice. + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + # affinity for cn pod scheduling. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/component + # operator: In + # values: + # - cn + # topologyKey: "kubernetes.io/hostname" + # Node tolerations for cn pod scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # topologySpreadConstraints for scheduling pods across failure-domains. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule|ScheduleAnyway + # labelSelector: + # matchLabels: + # foo: bar + autoScalingPolicy: {} + # you can select different versions of HPA (Horizontal Pod Autoscaler) based on the Kubernetes version you are + # using to ensure compatibility and adaptability. the default version is v2beta2. + # version: v2beta2 + # maxReplicas: 10 + # minReplicas: 1 + # hpaPolicy: + # metrics: + # - type: Resource + # resource: + # name: memory + # target: + # averageUtilization: 30 + # type: Utilization + # - type: Resource + # resource: + # name: cpu + # target: + # averageUtilization: 30 + # type: Utilization + # behavior: + # scaleUp: + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 10 + # scaleDown: + # selectPolicy: Disabled + # define resources requests and limits for cn pods. + resources: + requests: + cpu: 8 + memory: 40Gi + # If you want to remove one resource limit, e.g. cpu, you can it to cpu: "unlimited". + limits: + cpu: 8 + memory: 40Gi + # specify storageclass name and request size. + # Note: Once set, the following fields will not be allowed to be modified. + storageSpec: + # Specifies the name prefix of the volumes to mount. If left unspecified, + # `emptyDir` volumes will be used, which are ephemeral, and only for log. + # The logs will be lost on pod restart when using emptyDir volumes. + # + # For persistent storage, specify a volume name prefix. + # For example, using `cn` as the name prefix would be appropriate. + name: "" + # The storageClassName represent the used storageclass name. if not set will use k8s cluster default storageclass. + # You must set name when you set storageClassName + # Note: Because hostPath field is not supported here, hostPath is not allowed to be set in storageClassName. + storageClassName: "" + # the storage size of per persistent volume for data. + storageSize: 100Gi + # the number of persistent volumes for data. + # if storageCount == 1 + # the storageMountPath field is used to specify the mount path of the persistent volume. If storageMountPath is empty, + # the storageMountPath will be set to /opt/starrocks/cn/storage. + # If storageMountPath is not /opt/starrocks/cn/storage, you must add in config the following configuration: storage_root_path = xxx. + # if storageCount > 1 + # the storageMountPath field is used to specify the prefix of mount path of the persistent volume. For example, if the + # storageMountPath is /opt/starrocks/cn/storage, the real mount path will be /opt/starrocks/cn/storage0, /opt/starrocks/cn/storage1, ... + # You must add in config the following configuration: storage_root_path = /opt/starrocks/cn/storage0;/opt/starrocks/cn/storage1;... + storageCount: 1 + # see the comment of storageCount for the usage of storageMountPath. + storageMountPath: "" + # the storage size of persistent volume for log, and the mount path is /opt/starrocks/cn/log. + # If you set it to 0Gi, the related PVC will not be created, and the log will not be persisted. + logStorageSize: 20Gi + # Setting this parameter can persist spill storage, and the mount path is /opt/starrocks/cn/spill. + # If you set it to 0Gi, the related PVC will not be created, and the spill will not be persisted. + # You need to add in be.conf spill_local_storage_dir=/opt/starrocks/cn/spill. + spillStorageSize: 0Gi + # mount emptyDir volumes if necessary. + # Note: please use storageSpec field for persistent storage data and log. + emptyDirs: [] + # e.g. mount an emptyDir volume to /tmp + # - name: tmp-data + # mountPath: /tmp + # mount hostPath volumes if necessary. + # Note: + # 1. please use storageSpec field for persistent storage data and log. + # 2. please use podAntiAffinity to avoid the pods are scheduled on the same node. + # 3. If you use hostPath to mount the volume of cache data, cache will be lost when the pod is restarted. + hostPaths: [] + # e.g. mount a hostPath volume to /tmp + # - name: tmp-data + # hostPath: + # path: /tmp + # type: Directory + # mountPath: /tmp + # the config start for cn, the base information as follows. + # From StarRocks 3.1, the official documentation use: + # 1. be_port instead of thrift_port, but the thrift_port is still supported. + # 2. be_http_port instead of webserver_port, but the webserver_port is still supported. + # In order to avoid the impact of the change on the user's deployment, we still use the old configuration. + config: | + sys_log_level = INFO + # ports for admin, web, heartbeat service + thrift_port = 9060 + webserver_port = 8040 + heartbeat_service_port = 9050 + brpc_port = 8060 + datacache_enable = true + datacache_mem_size = 80% + datacache_disk_size = 80% + datacache_auto_adjust_enable = true + starlet_use_star_cache = true + starlet_star_cache_disk_size_percent = 80 + lake_compaction_stream_buffer_size_bytes = 5000000000 + # A map object for setting the config. When configyaml is set, to non-empty, the configs in configyaml will take + # precedence and values in config field will be discarded. + configyaml: {} + # mount secrets if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + secrets: [] + # e.g. mount my-secret to /etc/my-secret + # - name: my-secret + # mountPath: /etc/my-secret + # subPath: "" + # mount configmaps if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + configMaps: [] + # e.g. mount my-configmap to /etc/my-configmap + # - name: my-configmap + # mountPath: /etc/my-configmap + # subPath: "" + # terminationGracePeriodSeconds defines duration in seconds the CN pod needs to terminate gracefully. + # default value is 120 seconds + terminationGracePeriodSeconds: 120 + + # Please upgrade the CRD with v1.8.7 released version, if you want to use the following configuration. + # including: startupProbeFailureSeconds, livenessProbeFailureSeconds, readinessProbeFailureSeconds + + # StartupProbeFailureSeconds defines the total failure seconds of startup Probe. + # default value is 300 seconds + # You can set it to "0" to disable the probe. + startupProbeFailureSeconds: + # LivenessProbeFailureSeconds defines the total failure seconds of liveness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + livenessProbeFailureSeconds: + # ReadinessProbeFailureSeconds defines the total failure seconds of readiness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + readinessProbeFailureSeconds: + # Lifecycle describes actions that the management system should take in response to container lifecycle events. + # By default, Operator will add corresponding preStop hooks for different components. For example, the preStop + # script for the FE Component is /opt/starrocks/fe_prestop.sh, for the BE Component is /opt/starrocks/be_prestop.sh, + # and for the CN Component is /opt/starrocks/cn_prestop.sh. + # You can just set postStart hook. + lifecycle: {} + # postStart: + # exec: + # command: + # - /bin/sh + # - -c + # - echo "Hello, world!" + # Sidecars is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this field to launch helper containers that provide additional functionality to the main container. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to configure a container. + sidecars: [] + # - name: sidecar-container + # image: busybox + # # If starrocksCnSpec.storageSpec.name is cn, you can mount the volume of cache data like this. + # # If starrocksCnSpec.storageSpec.name is not set, no default volume will be created, so you can not mount the volume of cache data like this. + # command: ['sh', '-c', 'echo "hello from the sidecar container" >/opt/starrocks/cn/storage/sidecar-data.txt && sleep 3600'] + # volumeMounts: + # - mountPath: /opt/starrocks/cn/storage + # name: cn-data # append -data to the end of the name of the starrocksCnSpec.storageSpec.name + # initContainers is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this to launch helper containers that run before the main container starts. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to configure a container. + initContainers: [] + # - name: init-container + # image: busybox + # # If starrocksCnSpec.storageSpec.name is cn, you can mount the volume of cache data like this. + # # If starrocksCnSpec.storageSpec.name is not set, no default volume will be created, so you can not mount the volume of cache data like this. + # command: ['sh', '-c', 'echo "hello from the init container" >/opt/starrocks/cn/storage/init-data.txt'] + # volumeMounts: + # - mountPath: /opt/starrocks/cn/storage + # name: cn-data # append -data to the end of the name of the starrocksCnSpec.storageSpec.name + + # spec for component be, provide storage and compute function. + starrocksBeSpec: + # number of replicas to deploy. + replicas: 1 + image: + # image sliced by "repository:tag" + repository: starrocks/be-ubuntu + tag: "" + imagePullPolicy: IfNotPresent + # Specify the entrypoint for BE. + # By default, operator will use '/opt/starrocks/be_entrypoint.sh' as command, and use '$(FE_SERVICE_NAME)' as args in container spec. + # If entrypoint is set, the command will be ["bash", "-c"], and the args will be filename of the entrypoint script. + # A configmap with name $cluster-be-entrypoint-script will be created, and the script will be mounted to /etc/starrocks/entrypoint.sh + # Pod will be restarted if the entrypoint script is updated. + entrypoint: {} + # script: | + # #! /bin/bash + # echo "do something before start BE" + # exec /opt/starrocks/be_entrypoint.sh $FE_SERVICE_NAME + # serviceAccount for be access cloud service. + serviceAccount: "" + # add annotations for be pods. example, if you want to config monitor for datadog, you can config the annotations. + annotations: {} + # If runAsNonRoot is true, the container is run as non-root user. + # The userId will be set to 1000, and the groupID will be set to 1000. + runAsNonRoot: false + # add/drop capabilities for BE container. + capabilities: {} + # add: + # - PERFMON + # - SYS_PTRACE + # drop: + # - SYS_ADMIN + # specify the service name and port config and serviceType + # the service type refer https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + service: + # the be service type, only supported ClusterIP, NodePort, LoadBalancer + type: "ClusterIP" + # the loadBalancerIP for static ip config when the type=LoadBalancer and loadbalancerIp is not empty. + loadbalancerIP: "" + # add annotations for be service. + annotations: {} + # config the service port for be service. + # To assign a specific port or nodePort to a service, you should specify them by the corresponding name or + # containerPort in the service configuration. If both containerPort and name are specified, containerPort takes precedence. + # For be, port name can be webserver, heartbeat, brpc, be, and their default container port is 8040, 9050, 8060, 9060. + ports: [] + # e.g. specify a dedicated node port for be service by containerPort. + # - nodePort: 30040 # The range of valid ports is 30000-32767 + # containerPort: 8040 # The port on the container to expose + # specify the source IP ranges for the load balancer when the type=LoadBalancer. + loadBalancerSourceRanges: [] + # - 10.0.0.0/8 + # imagePullSecrets allows you to use secrets to pull images for pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # kubernetes.io/arch: amd64 + # kubernetes.io/os: linux + # the pod labels for user select or classify pods. + podLabels: {} + ## hostAliases allows adding entries to /etc/hosts inside the containers + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "example.com" + # schedulerName allows you to specify which scheduler will be used for the pod + schedulerName: "" + # Additional be container environment variables. + # See https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ for how to define environment variables. + # Note: If you use slice to define environment variables, and if there are multiple values files, the values in the last values file will take effect. + # If you use map to define environment variables, the values in the values files will be merged. + # You can only use one of slice and map to define environment variables. + # In order to avoid different type of beEnvVars, we do not define the default value of beEnvVars, e.g. beEnvVars: [] or beEnvVars: {}. + # beEnvVars: + # define environment variables by slice. + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + # affinity for fe pod scheduling. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/component + # operator: In + # values: + # - be + # topologyKey: "kubernetes.io/hostname" + # Node tolerations for be pod scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + # topologySpreadConstraints for scheduling pods across failure-domains. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule|ScheduleAnyway + # labelSelector: + # matchLabels: + # foo: bar + # resources for be pod. + resources: + requests: + cpu: 16 + memory: 40Gi + # If you want to remove one resource limit, e.g. cpu, you can it to cpu: "unlimited". + limits: + cpu: 16 + memory: 40Gi + # be storageSpec for persistent storage. + # Note: Once set, the following fields will not be allowed to be modified. + storageSpec: + # Specifies the name prefix of the volumes to mount. If left unspecified, + # `emptyDir` volumes will be used by default, which are ephemeral and data + # will be lost on pod restart. + # + # For persistent storage, specify a volume name prefix. + # For example, using `be` as the name prefix would be appropriate. + name: "" + # The storageClassName represent the used storageclass name. if not set will use k8s cluster default storageclass. + # You must set name when you set storageClassName + # Note: Because hostPath field is not supported here, hostPath is not allowed to be set in storageClassName. + storageClassName: "" + # the storage size of per persistent volume for data. + storageSize: 200Gi + # the number of persistent volumes for data. + # if storageCount == 1 + # the storageMountPath field is used to specify the mount path of the persistent volume. If storageMountPath is empty, + # the storageMountPath will be set to /opt/starrocks/be/storage. + # If storageMountPath /opt/starrocks/be/storage, you must add in config the following configuration: storage_root_path = xxx. + # if storageCount > 1 + # the storageMountPath field is used to specify the prefix of mount path of the persistent volume. For example, if the + # storageMountPath is /opt/starrocks/be/storage, the real mount path will be /opt/starrocks/be/storage0, /opt/starrocks/be/storage1, ... + # You must add in config the following configuration: storage_root_path = /opt/starrocks/be/storage0;/opt/starrocks/be/storage1;... + storageCount: 1 + # see the comment of storageCount for the usage of storageMountPath. + storageMountPath: "" + # Setting this parameter can persist log storage, and the mount path is /opt/starrocks/be/log. + # If you set it to 0Gi, the related PVC will not be created, and the log will not be persisted. + logStorageSize: 20Gi + # Setting this parameter can persist spill storage, and the mount path is /opt/starrocks/be/spill. + # If you set it to 0Gi, the related PVC will not be created, and the spill will not be persisted. + # You need to add in be.conf spill_local_storage_dir=/opt/starrocks/be/spill. + spillStorageSize: 0Gi + # mount emptyDir volumes if necessary. + # Note: please use storageSpec field for persistent storage data and log. + emptyDirs: [] + # e.g. mount an emptyDir volume to /tmp + # - name: tmp-data + # mountPath: /tmp + # mount hostPath volumes if necessary. + # Note: please use storageSpec field for persistent storage data and log. + hostPaths: [] + # e.g. mount a hostPath volume to /tmp + # - name: tmp-data + # hostPath: + # path: /tmp + # type: Directory + # mountPath: /tmp + # the config for start be. the base information as follows. + # From StarRocks 3.1, the official documentation use: + # 1. be_http_port instead of webserver_port, but the webserver_port is still supported. + # In order to avoid the impact of the change on the user's deployment, we still use the old configuration. + config: | + be_port = 9060 + webserver_port = 8040 + heartbeat_service_port = 9050 + brpc_port = 8060 + sys_log_level = INFO + default_rowset_type = beta + datacache_enable = true + datacache_mem_size = 80% + datacache_disk_size = 80% + datacache_auto_adjust_enable = true + starlet_use_star_cache = true + starlet_star_cache_disk_size_percent = 80 + lake_compaction_stream_buffer_size_bytes = 5000000000 + # A map object for setting the config. When configyaml is set, to non-empty, the configs in configyaml will take + # precedence and values in config field will be discarded. + configyaml: {} + # mount secrets if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + secrets: [] + # e.g. mount my-secret to /etc/my-secret + # - name: my-secret + # mountPath: /etc/my-secret + # subPath: "" + # mount configmaps if necessary. + # see https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath for more details about subPath. + configMaps: [] + # e.g. mount my-configmap to /etc/my-configmap + # - name: my-configmap + # mountPath: /etc/my-configmap + # subPath: "" + # terminationGracePeriodSeconds defines duration in seconds the BE pod needs to terminate gracefully. + # default value is 120 seconds + terminationGracePeriodSeconds: 120 + + # Please upgrade the CRD with v1.8.7 released version, if you want to use the following configuration. + # including: startupProbeFailureSeconds, livenessProbeFailureSeconds, readinessProbeFailureSeconds + + # StartupProbeFailureSeconds defines the total failure seconds of startup Probe. + # default value is 300 seconds + # You can set it to "0" to disable the probe. + startupProbeFailureSeconds: + # LivenessProbeFailureSeconds defines the total failure seconds of liveness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + livenessProbeFailureSeconds: + # ReadinessProbeFailureSeconds defines the total failure seconds of readiness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + readinessProbeFailureSeconds: + # Lifecycle describes actions that the management system should take in response to container lifecycle events. + # By default, Operator will add corresponding preStop hooks for different components. For example, the preStop + # script for the FE Component is /opt/starrocks/fe_prestop.sh, for the BE Component is /opt/starrocks/be_prestop.sh, + # and for the CN Component is /opt/starrocks/cn_prestop.sh. + # You can just set postStart hook. + lifecycle: {} + # postStart: + # exec: + # command: + # - /bin/sh + # - -c + # - echo "Hello, world!" + # Sidecars is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this field to launch helper containers that provide additional functionality to the main container. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to define sidecars. + sidecars: [] + # - name: sidecar-container + # image: busybox + # # If your starrocksBeSpec.storageSpec.name is be or not set, you can mount the volume of data like this. + # command: ['sh', '-c', 'echo "hello from the sidecar container" >/opt/starrocks/be/storage/sidecar-data.txt && sleep 3600'] + # volumeMounts: + # - mountPath: /opt/starrocks/be/storage + # name: be-data # append -data to the end of the name of the starrocksBeSpec.storageSpec.name + # initContainers is an optional list of containers that are run in the same pod as the starrocks component. + # You can use this to launch helper containers that run before the main container starts. + # See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Container for how to configure a container. + initContainers: [] + # - name: init-container + # image: busybox + # # If your starrocksBeSpec.storageSpec.name is be or not set, you can mount the volume of data like this. + # command: ['sh', '-c', 'echo "hello from the init container" >/opt/starrocks/be/storage/init-data.txt'] + # volumeMounts: + # - mountPath: /opt/starrocks/be/storage + # name: be-data # append -data to the end of the name of the starrocksBeSpec.storageSpec.name + + # create secrets if necessary. + secrets: [] + # e.g. create my-secret + # - name: my-secret + # data: + # key: | + # this is the content of the secret + # when mounted, key will be the name of the file + + # create configmaps if necessary. + configMaps: [] + # e.g. create my-configmap + # - name: my-configmap + # data: + # key: | + # this is the content of the configmap + # when mounted, key will be the name of the file + + # If you needs to deploy other resources, e.g. serviceAccount, you can add them here. + # You can even deploy resources to different namespaces + resources: [] + # - apiVersion: v1 + # kind: ServiceAccount + # metadata: + # name: sa-for-starrocks + # namespace: starrocks + + # specify the fe proxy deploy or not. + starrocksFeProxySpec: + # specify the fe proxy deploy or not. + enabled: false + replicas: 1 + imagePullPolicy: IfNotPresent + # default nginx:1.24.0 + image: + repository: "" + tag: "" + resources: + requests: + cpu: 1 + memory: 2Gi + limits: + cpu: 1 + memory: 2Gi + # set the resolver for nginx server, default kube-dns.kube-system.svc.cluster.local + resolver: "" + service: + # the fe proxy service type, only supported ClusterIP, NodePort, LoadBalancer + # default ClusterIP + type: LoadBalancer + # the loadBalancerIP for static ip config when the type=LoadBalancer and loadbalancerIp is not empty. + loadbalancerIP: "" + # add annotations for fe service. + annotations: {} + # config the service port for fe proxy service. + # To assign a specific port or nodePort to a service, you should specify them by the corresponding name or + # containerPort in the service configuration. If both containerPort and name are specified, containerPort takes precedence. + # For fe proxy, port name can be http-port, and its default container port is 8080. + ports: [] + # e.g. specify a dedicated node port for fe proxy service by containerPort. + # - nodePort: 30080 # The range of valid ports is 30000-32767 + # containerPort: 8080 # The port on the container to expose + # specify the source IP ranges for the load balancer when the type=LoadBalancer. + loadBalancerSourceRanges: [] + # - 10.0.0.0/8 + # imagePullSecrets allows you to use secrets for pulling images for your pods. + imagePullSecrets: [] + # - name: "image-pull-secret" + # If specified, the pod's nodeSelector,displayName="Map of nodeSelectors to match when scheduling pods on nodes" + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # kubernetes.io/arch: amd64 + # kubernetes.io/os: linux + # affinity for fe proxy pod scheduling. + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchFields: + # - key: metadata.name + # operator: In + # values: + # - target-host-name + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/component + # operator: In + # values: + # - fe-proxy + # topologyKey: "kubernetes.io/hostname" + # Node tolerations for fe proxy pod scheduling to nodes with taints + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # Please upgrade the CRD with v1.8.7 released version, if you want to use the following configuration. + # including: livenessProbeFailureSeconds, readinessProbeFailureSeconds + + # LivenessProbeFailureSeconds defines the total failure seconds of liveness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + livenessProbeFailureSeconds: + # ReadinessProbeFailureSeconds defines the total failure seconds of readiness Probe. + # default value is 15 seconds + # You can set it to "0" to disable the probe. + readinessProbeFailureSeconds: + # Note: will create emptyDir volume for fe proxy, PVC is not supported. + emptyDirs: [] + # e.g. mount an emptyDir volume to /tmp + # - name: tmp-data + # mountPath: /tmp \ No newline at end of file diff --git a/main.tf b/main.tf new file mode 100644 index 000000000..de2e24145 --- /dev/null +++ b/main.tf @@ -0,0 +1,355 @@ +// S3 Bucket +resource "aws_s3_bucket" "my_bucket" { + bucket = "my-unique-bucket-name" +} + +// VPC and Subnets +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "3.14.0" + + name = "my-vpc" + cidr = var.vpc_cidr + + azs = ["${var.region}a", "${var.region}b", "${var.region}c"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + + // Restrict access to specified CIDR blocks + manage_default_network_acl = true + default_network_acl_ingress = [ + { + rule_no = 100 + action = "deny" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] + default_network_acl_egress = [ + { + rule_no = 100 + action = "deny" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] + + public_dedicated_network_acl = true + private_dedicated_network_acl = true + + public_inbound_acl_rules = [ + for i, cidr_block in var.allowed_cidr_blocks : { + rule_number = 100 + i + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = cidr_block + } + ] + + public_outbound_acl_rules = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] + + private_inbound_acl_rules = [ + for i, cidr_block in var.allowed_cidr_blocks : { + rule_number = 100 + i + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = cidr_block + } + ] + + private_outbound_acl_rules = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] + + tags = { + Terraform = "true" + Environment = "dev" + } +} + +// Security Group for Load Balancer +resource "aws_security_group" "lb_sg" { + name_prefix = "eks-lb-sg" + vpc_id = module.vpc.vpc_id + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow HTTP traffic from anywhere" + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow HTTPS traffic from anywhere" + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow all outbound traffic" + } + + tags = { + Name = "eks-lb-sg" + } +} + +// Security Group for Frontend Nodes +resource "aws_security_group" "fe_sg" { + name_prefix = "eks-fe-sg" + vpc_id = module.vpc.vpc_id + + ingress { + from_port = 9030 + to_port = 9030 + protocol = "tcp" + security_groups = [aws_security_group.lb_sg.id] + description = "Allow traffic from LB to frontend on port 9030" + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow all outbound traffic" + } + + tags = { + Name = "eks-fe-sg" + } +} + +// Security Group for Backend Nodes +resource "aws_security_group" "be_sg" { + name_prefix = "eks-be-sg" + vpc_id = module.vpc.vpc_id + + // Add rules as needed for backend communication + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + description = "Allow all outbound traffic" + } + + tags = { + Name = "eks-be-sg" + } +} + +// EKS Cluster +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "18.26.3" + + cluster_name = var.cluster_name + cluster_version = "1.22" + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_group_defaults = { + ami_type = "AL2_x86_64" + } + + eks_managed_node_groups = { + for key, value in var.node_groups : + key => { + instance_types = [value.instance_type] + min_size = value.min_size + max_size = value.max_size + desired_size = value.desired_size + disk_size = value.disk_size + + labels = { + NodeGroup = key + NodeType = value.instance_type + } + + tags = { + NodeGroup = key + } + + vpc_security_group_ids = [ + key == "fe_group" ? aws_security_group.fe_sg.id : + key == "be_group" ? aws_security_group.be_sg.id : + aws_security_group.lb_sg.id + ] + } + } +} + +// Application Load Balancer +resource "aws_lb" "eks_alb" { + name = "eks-alb" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.lb_sg.id] + subnets = module.vpc.public_subnets + + tags = { + Name = "eks-alb" + } +} + +resource "aws_lb_listener" "front_end" { + load_balancer_arn = aws_lb.eks_alb.arn + port = "80" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.fe_tg.arn + } +} + +resource "aws_lb_target_group" "fe_tg" { + name = "fe-tg" + port = 9030 + protocol = "HTTP" + vpc_id = module.vpc.vpc_id + + health_check { + path = "/" + port = 9030 + healthy_threshold = 2 + unhealthy_threshold = 10 + } +} + +// Auto-attach frontend instances to target group +resource "aws_autoscaling_attachment" "fe_asg_attachment" { + autoscaling_group_name = module.eks.eks_managed_node_groups["fe_group"].node_group_autoscaling_group_names[0] + lb_target_group_arn = aws_lb_target_group.fe_tg.arn +} + +// Kubernetes Deployment for Docker image +resource "kubernetes_deployment" "example" { + metadata { + name = "example-deployment" + } + + spec { + replicas = 2 + + selector { + match_labels = { + app = "example" + } + } + + template { + metadata { + labels = { + app = "example" + } + } + + spec { + container { + image = "your-docker-image:tag" + name = "example" + } + } + } + } +} + +// S3 VPC Endpoint +resource "aws_vpc_endpoint" "s3" { + vpc_id = module.vpc.vpc_id + service_name = "com.amazonaws.${var.region}.s3" + + vpc_endpoint_type = "Gateway" + route_table_ids = module.vpc.private_route_table_ids + + tags = { + Name = "s3-endpoint" + } +} + +// Update S3 bucket policy to allow access from the VPC Endpoint +resource "aws_s3_bucket_policy" "allow_access_from_vpc" { + bucket = aws_s3_bucket.my_bucket.id + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "Access-to-specific-VPC-only" + Effect = "Allow" + Principal = "*" + Action = "s3:*" + Resource = [ + aws_s3_bucket.my_bucket.arn, + "${aws_s3_bucket.my_bucket.arn}/*", + ] + Condition = { + StringEquals = { + "aws:sourceVpce" = aws_vpc_endpoint.s3.id + } + } + } + ] + }) +} + +// Helm Release for StarRocks +resource "helm_release" "starrocks" { + name = "starrocks" + repository = "https://starrocks.github.io/starrocks-kubernetes-operator" + chart = "starrocks-operator" + namespace = kubernetes_namespace.starrocks.metadata[0].name + + values = [ + file("${path.module}/default.yaml") + ] + + depends_on = [module.eks, kubernetes_namespace.starrocks] +} + +// Create a namespace for StarRocks +resource "kubernetes_namespace" "starrocks" { + metadata { + name = "starrocks" + } + + depends_on = [module.eks] +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 000000000..e69de29bb diff --git a/providers.tf b/providers.tf new file mode 100644 index 000000000..6ac1085dd --- /dev/null +++ b/providers.tf @@ -0,0 +1,42 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.5" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.10" + } + } +} + +provider "aws" { + region = var.region +} + +provider "kubernetes" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] + } +} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] + } + } +} \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 000000000..840d86d05 --- /dev/null +++ b/variables.tf @@ -0,0 +1,53 @@ +variable "region" { + default = "us-west-2" +} + +variable "cluster_name" { + default = "my-eks-cluster" +} + +variable "vpc_cidr" { + default = "10.0.0.0/16" +} + +variable "allowed_cidr_blocks" { + type = list(string) + description = "List of CIDR blocks allowed to access the VPC" + default = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] +} + +variable "node_groups" { + description = "Map of EKS managed node group configurations" + type = map(object({ + instance_type = string + min_size = number + max_size = number + desired_size = number + disk_size = number + })) + default = { + fe_group = { + instance_type = "r6g.2xlarge" + min_size = 1 + max_size = 3 + desired_size = 2 + disk_size = 200 + }, + be_group = { + instance_type = "r6g.4xlarge" + min_size = 1 + max_size = 3 + desired_size = 2 + disk_size = 1000 + }, + lb_group = { + instance_type = "t3.small" + min_size = 1 + max_size = 2 + desired_size = 1 + disk_size = 20 + } + } +} + +// Add more variables as needed \ No newline at end of file