From f16fbffcf3b6416f64cb1b0102823209d3ed493a Mon Sep 17 00:00:00 2001 From: Neaj Morshad Date: Tue, 11 Feb 2025 19:38:18 +0600 Subject: [PATCH] Add Openshift yamls Signed-off-by: Neaj Morshad --- mssqlserver/openshift/ms-ag-cluster.yaml | 93 ++++++++++++++++++++++++ mssqlserver/openshift/ms-standalone.yaml | 77 ++++++++++++++++++++ 2 files changed, 170 insertions(+) create mode 100644 mssqlserver/openshift/ms-ag-cluster.yaml create mode 100644 mssqlserver/openshift/ms-standalone.yaml diff --git a/mssqlserver/openshift/ms-ag-cluster.yaml b/mssqlserver/openshift/ms-ag-cluster.yaml new file mode 100644 index 0000000..96ca216 --- /dev/null +++ b/mssqlserver/openshift/ms-ag-cluster.yaml @@ -0,0 +1,93 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MSSQLServer +metadata: + name: ms-ag-cluster + namespace: demo +spec: + version: "2022-cu16" + replicas: 3 + topology: + mode: AvailabilityGroup + availabilityGroup: + databases: + - agdb1 + - agdb2 + tls: + issuerRef: + name: mssqlserver-ca-issuer + kind: Issuer + apiGroup: "cert-manager.io" + clientTLS: false + podTemplate: + spec: + securityContext: + fsGroup: 1000670000 + containers: + - name: mssql + env: + - name: ACCEPT_EULA + value: "Y" + - name: MSSQL_PID + value: Evaluation + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + - name: mssql-coordinator + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + initContainers: + - name: mssql-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + monitor: + agent: prometheus.io/operator + prometheus: + exporter: + port: 9399 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + serviceMonitor: + labels: + release: prometheus + interval: 10s + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + deletionPolicy: WipeOut diff --git a/mssqlserver/openshift/ms-standalone.yaml b/mssqlserver/openshift/ms-standalone.yaml new file mode 100644 index 0000000..4cfd6cd --- /dev/null +++ b/mssqlserver/openshift/ms-standalone.yaml @@ -0,0 +1,77 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MSSQLServer +metadata: + name: ms-standalone + namespace: demo +spec: + version: "2022-cu16" + replicas: 1 + storageType: Durable + tls: + issuerRef: + name: mssqlserver-ca-issuer + kind: Issuer + apiGroup: "cert-manager.io" + clientTLS: false + podTemplate: + spec: + securityContext: + fsGroup: 1000670000 + containers: + - name: mssql + env: + - name: ACCEPT_EULA + value: "Y" + - name: MSSQL_PID + value: Evaluation + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + initContainers: + - name: mssql-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + monitor: + agent: prometheus.io/operator + prometheus: + exporter: + port: 9399 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000670000 + seccompProfile: + type: RuntimeDefault + serviceMonitor: + labels: + release: prometheus + interval: 10s + + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + deletionPolicy: WipeOut \ No newline at end of file