apiVersion: v1
kind: Namespace
metadata:
  labels:
    app: tidb
  name: tidb
---
# Source: tidb-operator/templates/controller-manager-rbac.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
  name: tidb-controller-manager
  namespace: tidb
  labels:
    app.kubernetes.io/name: tidb-operator
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: tidb-operator
    app.kubernetes.io/component: controller-manager
    helm.sh/chart: tidb-operator-v1.6.0
---
# Source: tidb-operator/templates/controller-manager-rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tidb-operator:tidb-controller-manager
  labels:
    app.kubernetes.io/name: tidb-operator
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: tidb-operator
    app.kubernetes.io/component: controller-manager
    helm.sh/chart: tidb-operator-v1.6.0
rules:
- apiGroups: [""]
  resources:
  - services
  - events
  verbs: ["*"]
- apiGroups: [""]
  resources: ["endpoints","configmaps"]
  verbs: ["create", "get", "list", "watch", "update","delete"]
- apiGroups: ["coordination.k8s.io"]
  resources: ["leases"]
  verbs: ["create", "get", "list", "watch", "update","delete"]
- apiGroups: [""]
  resources: ["serviceaccounts"]
  verbs: ["create","get","update","delete"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["get", "list", "watch", "create", "update", "delete"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create", "update", "get", "list", "watch","delete"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch","update", "delete"]
- apiGroups: ["apps"]
  resources: ["statefulsets","deployments", "controllerrevisions"]
  verbs: ["*"]
- apiGroups: ["extensions"]
  resources: ["ingresses"]
  verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["*"]
- apiGroups: ["apps.pingcap.com"]
  resources: ["statefulsets", "statefulsets/status"]
  verbs: ["*"]
- apiGroups: ["pingcap.com"]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["persistentvolumes"]
  verbs: ["get", "list", "watch", "patch", "update", "create"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses"]
  verbs: ["get", "list", "watch"]

- apiGroups: ["rbac.authorization.k8s.io"]
  resources: [clusterroles,roles]
  verbs: ["escalate","create","get","update", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["rolebindings","clusterrolebindings"]
  verbs: ["create","get","update", "delete"]
---
# Source: tidb-operator/templates/controller-manager-rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tidb-operator:tidb-controller-manager
  labels:
    app.kubernetes.io/name: tidb-operator
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: tidb-operator
    app.kubernetes.io/component: controller-manager
    helm.sh/chart: tidb-operator-v1.6.0
subjects:
- kind: ServiceAccount
  name: tidb-controller-manager
  namespace: tidb
roleRef:
  kind: ClusterRole
  name: tidb-operator:tidb-controller-manager
  apiGroup: rbac.authorization.k8s.io
---
# Source: tidb-operator/templates/controller-manager-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tidb-controller-manager
  namespace: tidb
  labels:
    app.kubernetes.io/name: tidb-operator
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: tidb-operator
    app.kubernetes.io/component: controller-manager
    helm.sh/chart: tidb-operator-v1.6.0
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: tidb-operator
      app.kubernetes.io/instance: tidb-operator
      app.kubernetes.io/component: controller-manager
  template:
    metadata:
      labels:
        app.kubernetes.io/name: tidb-operator
        app.kubernetes.io/instance: tidb-operator
        app.kubernetes.io/component: controller-manager
    spec:
      serviceAccount: tidb-controller-manager
      containers:
      - name: tidb-operator
        image: harbor.uenpay.com/base/tidb-operator:v1.6.0
        imagePullPolicy: IfNotPresent
        resources:
            requests:
              cpu: 80m
              memory: 50Mi
        livenessProbe:
          tcpSocket:
            port: 6060
          initialDelaySeconds: 30
          periodSeconds: 10
          failureThreshold: 10
        command:
          - /usr/local/bin/tidb-controller-manager
          - -tidb-backup-manager-image=harbor.uenpay.com/base/tidb-backup-manager:v1.6.0
          - -tidb-discovery-image=harbor.uenpay.com/base/tidb-operator:v1.6.0
          - -cluster-scoped=true
          - -cluster-permission-node=true
          - -cluster-permission-pv=true
          - -cluster-permission-sc=true
          - -auto-failover=true
          - -pd-failover-period=5m
          - -tikv-failover-period=5m
          - -tiflash-failover-period=5m
          - -tidb-failover-period=5m
          - -dm-master-failover-period=5m
          - -dm-worker-failover-period=5m
          - -v=2
        env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: TZ
            value: UTC