Merge pull request #75 from numtide/api-spec-rbac

rytswd · web-flow · commit 81537c6a24db · 2025-12-15T10:23:05.000Z
Adjust RBAC setup for full deployment
diff --git a/api/v1alpha1/cell_types.go b/api/v1alpha1/cell_types.go
@@ -173,6 +173,11 @@ type CellStatus struct {
 // +kubebuilder:printcolumn:name="Orch Ready",type="string",JSONPath=".status.multiorchAvailable",description="Orchestrator status"
 // +kubebuilder:printcolumn:name="Topo Ready",type="string",JSONPath=".status.topoServerAvailable",description="Topo server status"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:rbac:groups=multigres.com,resources=cells,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=multigres.com,resources=cells/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=multigres.com,resources=cells/finalizers,verbs=update
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Cell is the Schema for the Cells API
 type Cell struct {
diff --git a/api/v1alpha1/shard_types.go b/api/v1alpha1/shard_types.go
@@ -108,6 +108,7 @@ type MultiPoolerSpec struct {
 // MultiOrchSpec defines the configuration for the MultiPooler container.
 type MultiOrchSpec struct {
 	// Cells is the name of the cells MultiOrch needs to be deployed to.
+	// TODO: This must have at least one item, otherwise deployment won't work.
 	Cells []string `json:"cells,omitempty"`
 
 	// Image is the MultiOrch container image to use.
@@ -158,6 +159,12 @@ type ShardStatus struct {
 // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.readyPods",description="Ready pods"
 // +kubebuilder:printcolumn:name="Total",type="string",JSONPath=".status.totalPods",description="Total pods"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:rbac:groups=multigres.com,resources=shards,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=multigres.com,resources=shards/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=multigres.com,resources=shards/finalizers,verbs=update
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Shard is the Schema for the Shards API
 type Shard struct {
diff --git a/api/v1alpha1/toposerver_types.go b/api/v1alpha1/toposerver_types.go
@@ -108,6 +108,11 @@ type TopoServerStatus struct {
 // +kubebuilder:printcolumn:name="Total",type="string",JSONPath=".status.replicas",description="Total replicas"
 // +kubebuilder:printcolumn:name="Service",type="string",JSONPath=".status.clientServiceName",description="Client Service"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:rbac:groups=multigres.com,resources=toposervers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=multigres.com,resources=toposervers/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=multigres.com,resources=toposervers/finalizers,verbs=update
+// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // TopoServer is the Schema for the toposervers API
 type TopoServer struct {
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -2,10 +2,13 @@
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
+- bases/multigres.com_cells.yaml
 - bases/multigres.com_etcds.yaml
 - bases/multigres.com_multigateways.yaml
 - bases/multigres.com_multiorches.yaml
 - bases/multigres.com_multipoolers.yaml
+- bases/multigres.com_shards.yaml
+- bases/multigres.com_toposervers.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patches:
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
-  newTag: dev
+  newName: ghcr.io/numtide/multigres-operator
+  newTag: 076c82c-dirty
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -32,8 +32,9 @@ rules:
 - apiGroups:
   - multigres.com
   resources:
-  - etcds
-  - multigateways
+  - cells
+  - shards
+  - toposervers
   verbs:
   - create
   - delete
@@ -45,15 +46,17 @@ rules:
 - apiGroups:
   - multigres.com
   resources:
-  - etcds/finalizers
-  - multigateways/finalizers
+  - cells/finalizers
+  - shards/finalizers
+  - toposervers/finalizers
   verbs:
   - update
 - apiGroups:
   - multigres.com
   resources:
-  - etcds/status
-  - multigateways/status
+  - cells/status
+  - shards/status
+  - toposervers/status
   verbs:
   - get
   - patch
diff --git a/config/samples/child-resources/kind-cell.yaml b/config/samples/child-resources/kind-cell.yaml
@@ -0,0 +1,73 @@
+apiVersion: multigres.com/v1alpha1
+kind: Cell
+metadata:
+  name: kind-cell-sample
+  namespace: default
+spec:
+  # Logical name of the cell
+  name: zone-a
+
+  # Container images for cell components
+  images:
+    multigateway: ghcr.io/multigres/multigateway:latest
+    multiorch: ghcr.io/multigres/multiorch:latest
+
+  # MultiGateway deployment - query routing
+  multigateway:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi
+
+  # MultiOrch deployment - cell orchestration
+  multiorch:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 50m
+        memory: 64Mi
+      limits:
+        cpu: 200m
+        memory: 128Mi
+
+  # Reference to the global topology server
+  globalTopoServer:
+    rootPath: /multigres
+    clientServiceName: kind-global-topo-client
+
+  # Cell-local topology server configuration
+  # If managedSpec is set, a TopoServer CR will be created for this cell
+  topoServer:
+    managedSpec:
+      image: quay.io/coreos/etcd:v3.5.12
+      replicas: 1
+
+      # Storage for etcd data - kind uses local storage provisioner
+      dataVolumeClaimTemplate:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+      # Resource requirements for etcd - lower for kind
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 200m
+          memory: 256Mi
+
+  # List of all cells in the cluster for discovery
+  allCells:
+    - zone-a
+
+  # Topology reconciliation settings
+  topologyReconciliation:
+    registerCell: true
+    pruneTablets: true
diff --git a/config/samples/child-resources/kind-shard.yaml b/config/samples/child-resources/kind-shard.yaml
@@ -0,0 +1,94 @@
+apiVersion: multigres.com/v1alpha1
+kind: Shard
+metadata:
+  name: kind-shard-sample
+  namespace: default
+spec:
+  # Container images for shard components
+  images:
+    postgres: postgres:16-alpine
+    multipooler: ghcr.io/multigres/multipooler:latest
+
+  # MultiOrch configuration for shard orchestration
+  multiOrch:
+    cells:
+      - zone-a
+    image: ghcr.io/multigres/multiorch:latest
+    resources:
+      requests:
+        cpu: 50m
+        memory: 64Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi
+
+  # Shard pools - different types of PostgreSQL replicas
+  pools:
+    # Primary replica pool
+    primary:
+      type: replica
+      cell: zone-a
+      database: mydb
+      tableGroup: users
+      replicas: 1
+
+      # Storage configuration - kind uses local storage provisioner
+      dataVolumeClaimTemplate:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+      # PostgreSQL container configuration - lower resources for kind
+      postgres:
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+
+      # MultiPooler container configuration
+      multipooler:
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            cpu: 200m
+            memory: 128Mi
+
+    # Read replica pool
+    replica:
+      type: replica
+      cell: zone-a
+      database: mydb
+      tableGroup: users
+      replicas: 1
+
+      dataVolumeClaimTemplate:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+      postgres:
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+
+      multipooler:
+        resources:
+          requests:
+            cpu: 50m
+            memory: 64Mi
+          limits:
+            cpu: 200m
+            memory: 128Mi
diff --git a/config/samples/child-resources/kind-toposerver.yaml b/config/samples/child-resources/kind-toposerver.yaml
@@ -0,0 +1,32 @@
+apiVersion: multigres.com/v1alpha1
+kind: TopoServer
+metadata:
+  name: kind-toposerver-sample
+  namespace: default
+spec:
+  # Root path for topology data in etcd
+  rootPath: /multigres/global
+
+  # etcd container image
+  image: quay.io/coreos/etcd:v3.5.12
+
+  # Number of etcd replicas (must be odd: 1, 3, 5, etc.)
+  # Using 1 replica for kind to minimize resource usage
+  replicas: 1
+
+  # Storage configuration for etcd data - kind uses local storage provisioner
+  dataVolumeClaimTemplate:
+    accessModes:
+      - ReadWriteOnce
+    resources:
+      requests:
+        storage: 1Gi
+
+  # Resource requirements for etcd containers - lower for kind
+  resources:
+    requests:
+      cpu: 50m
+      memory: 128Mi
+    limits:
+      cpu: 200m
+      memory: 256Mi
