diff --git a/rds/base/charts/common/.helmignore b/rds/base/charts/common/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/rds/base/charts/common/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/common/Chart.yaml b/rds/base/charts/common/Chart.yaml deleted file mode 100644 index ffc4965..0000000 --- a/rds/base/charts/common/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: common -description: A Helm chart for Kubernetes -type: library -version: 0.1.2 -appVersion: "1.16.0" -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS \ No newline at end of file diff --git a/rds/base/charts/common/templates/_deployment.tpl b/rds/base/charts/common/templates/_deployment.tpl deleted file mode 100644 index 753c34f..0000000 --- a/rds/base/charts/common/templates/_deployment.tpl +++ /dev/null @@ -1,65 +0,0 @@ - -{{/* -Return the proper image name -{{ include "common.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- if .repository -}} -{{- $repositoryName = .repository -}} -{{- end -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.image }} - {{- if .global.image.registry }} - {{- $registryName = .global.image.registry -}} - {{- end -}} - {{- if .global.image.tag -}} - {{- $tag = .global.image.tag | toString -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{- define "common.ingressAnnotations" -}} -{{- $annotations := dict -}} -{{- with .Values.ingress.annotations }} - {{- $annotations = . -}} -{{- end -}} -{{- if .Values.global }} - {{- if .Values.global.ingress }} - {{- if .Values.global.ingress.annotations }} - {{- $annotations = mustMergeOverwrite .Values.global.ingress.annotations $annotations -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- toYaml $annotations -}} -{{- end -}} - - -{{- define "common.tlsSecretName" -}} -{{- $secretName := "" -}} -{{- if .Values.ingress }} - {{- if .Values.ingress.tls }} - {{- if .Values.ingress.tls.secretName }} - {{- $secretName = .Values.ingress.tls.secretName -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if .Values.global }} - {{- if .Values.global.ingress }} - {{- if .Values.global.ingress.tls }} - {{- if .Values.global.ingress.tls.secretName }} - {{- $secretName = .Values.global.ingress.tls.secretName -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- printf "%s" $secretName -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/.helmignore b/rds/base/charts/jaeger/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/jaeger/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/jaeger/Chart.yaml b/rds/base/charts/jaeger/Chart.yaml deleted file mode 100644 index d3c301c..0000000 --- a/rds/base/charts/jaeger/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -appVersion: 1.18.0 -description: A Jaeger Helm chart for Kubernetes -home: https://jaegertracing.io -icon: https://camo.githubusercontent.com/afa87494e0753b4b1f5719a2f35aa5263859dffb/687474703a2f2f6a61656765722e72656164746865646f63732e696f2f656e2f6c61746573742f696d616765732f6a61656765722d766563746f722e737667 -keywords: -- jaeger -- opentracing -- tracing -- instrumentation -maintainers: -- email: david.vonthenen@dell.com - name: dvonthenen -- email: michael.lorant@fairfaxmedia.com.au - name: mikelorant -- email: naseem@transit.app - name: naseemkullah -- email: pavel.nikolov@fairfaxmedia.com.au - name: pavelnikolov -name: jaeger -sources: -- https://hub.docker.com/u/jaegertracing/ -version: 0.34.1 diff --git a/rds/base/charts/jaeger/OWNERS b/rds/base/charts/jaeger/OWNERS deleted file mode 100644 index 49eb268..0000000 --- a/rds/base/charts/jaeger/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: -- dvonthenen -- mikelorant -- naseemkullah -- pavelnikolov -reviewers: -- dvonthenen -- mikelorant -- naseemkullah -- pavelnikolov diff --git a/rds/base/charts/jaeger/README.md b/rds/base/charts/jaeger/README.md deleted file mode 100644 index fb67c52..0000000 --- a/rds/base/charts/jaeger/README.md +++ /dev/null @@ -1,380 +0,0 @@ -# Jaeger - -[Jaeger](https://www.jaegertracing.io/) is a distributed tracing system. - -## Introduction - -This chart adds all components required to run Jaeger as described in the [jaeger-kubernetes](https://github.com/jaegertracing/jaeger-kubernetes) GitHub page for a production-like deployment. The chart default will deploy a new Cassandra cluster (using the [cassandra chart](https://github.com/kubernetes/charts/tree/master/incubator/cassandra)), but also supports using an existing Cassandra cluster, deploying a new ElasticSearch cluster (using the [elasticsearch chart](https://github.com/elastic/helm-charts/tree/master/elasticsearch)), or connecting to an existing ElasticSearch cluster. Once the storage backend is available, the chart will deploy jaeger-agent as a DaemonSet and deploy the jaeger-collector and jaeger-query components as Deployments. - -## Installing the Chart - -Add the Jaeger Tracing Helm repository: - -```bash -helm repo add jaegertracing https://jaegertracing.github.io/helm-charts -``` - -To install the chart with the release name `jaeger`, run the following command: - -```bash -helm install jaeger jaegertracing/jaeger -``` - -By default, the chart deploys the following: - -- Jaeger Agent DaemonSet -- Jaeger Collector Deployment -- Jaeger Query (UI) Deployment -- Cassandra StatefulSet - -![Jaeger with Default components](https://www.jaegertracing.io/img/architecture-v1.png) - -IMPORTANT NOTE: For testing purposes, the footprint for Cassandra can be reduced significantly in the event resources become constrained (such as running on your local laptop or in a Vagrant environment). You can override the resources required run running this command: - -```bash -helm install jaeger jaegertracing/jaeger \ - --set cassandra.config.max_heap_size=1024M \ - --set cassandra.config.heap_new_size=256M \ - --set cassandra.resources.requests.memory=2048Mi \ - --set cassandra.resources.requests.cpu=0.4 \ - --set cassandra.resources.limits.memory=2048Mi \ - --set cassandra.resources.limits.cpu=0.4 -``` - -## Installing the Chart using an Existing Cassandra Cluster - -If you already have an existing running Cassandra cluster, you can configure the chart as follows to use it as your backing store (make sure you replace ``, ``, etc with your values): - -```bash -helm install jaeger jaegertracing/jaeger \ - --set provisionDataStore.cassandra=false \ - --set storage.cassandra.host= \ - --set storage.cassandra.port= \ - --set storage.cassandra.user= \ - --set storage.cassandra.password= -``` - -## Installing the Chart using an Existing Cassandra Cluster with TLS - -If you already have an existing running Cassandra cluster with TLS, you can configure the chart as follows to use it as your backing store: - -Content of the `values.yaml` file: - -```YAML -storage: - type: cassandra - cassandra: - host: - port: - user: - password: - tls: - enabled: true - secretName: cassandra-tls-secret - -provisionDataStore: - cassandra: false -``` - -Content of the `jaeger-tls-cassandra-secret.yaml` file: - -```YAML -apiVersion: v1 -kind: Secret -metadata: - name: cassandra-tls-secret -data: - commonName: - ca-cert.pem: | - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - client-cert.pem: | - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- - client-key.pem: | - -----BEGIN RSA PRIVATE KEY----- - -----END RSA PRIVATE KEY----- - cqlshrc: | - [ssl] - certfile = ~/.cassandra/ca-cert.pem - userkey = ~/.cassandra/client-key.pem - usercert = ~/.cassandra/client-cert.pem - -``` - -```bash -kubectl apply -f jaeger-tls-cassandra-secret.yaml -helm install jaeger jaegertracing/jaeger --values values.yaml -``` - -## Installing the Chart using a New ElasticSearch Cluster - -To install the chart with the release name `jaeger` using a new ElasticSearch cluster instead of Cassandra (default), run the following command: - -```bash -helm install jaeger jaegertracing/jaeger \ - --set provisionDataStore.cassandra=false \ - --set provisionDataStore.elasticsearch=true \ - --set storage.type=elasticsearch -``` - -## Installing the Chart using an Existing Elasticsearch Cluster - -A release can be configured as follows to use an existing ElasticSearch cluster as it as the storage backend: - -```bash -helm install jaeger jaegertracing/jaeger \ - --set provisionDataStore.cassandra=false \ - --set storage.type=elasticsearch \ - --set storage.elasticsearch.host= \ - --set storage.elasticsearch.port= \ - --set storage.elasticsearch.user= \ - --set storage.elasticsearch.password= -``` - -## Installing the Chart using an Existing ElasticSearch Cluster with TLS - -If you already have an existing running ElasticSearch cluster with TLS, you can configure the chart as follows to use it as your backing store: - -Content of the `jaeger-values.yaml` file: - -```YAML -storage: - type: elasticsearch - elasticsearch: - host: - port: - scheme: https - user: - password: -provisionDataStore: - cassandra: false - elasticsearch: false -query: - cmdlineParams: - es.tls.ca: "/tls/es.pem" - extraConfigmapMounts: - - name: jaeger-tls - mountPath: /tls - subPath: "" - configMap: jaeger-tls - readOnly: true -collector: - cmdlineParams: - es.tls.ca: "/tls/es.pem" - extraConfigmapMounts: - - name: jaeger-tls - mountPath: /tls - subPath: "" - configMap: jaeger-tls - readOnly: true -spark: - enabled: true - cmdlineParams: - java.opts: "-Djavax.net.ssl.trustStore=/tls/trust.store -Djavax.net.ssl.trustStorePassword=changeit" - extraConfigmapMounts: - - name: jaeger-tls - mountPath: /tls - subPath: "" - configMap: jaeger-tls - readOnly: true - -``` - -Generate configmap jaeger-tls: - -```bash -keytool -import -trustcacerts -keystore trust.store -storepass changeit -alias es-root -file es.pem -kubectl create configmap jaeger-tls --from-file=trust.store --from-file=es.pem -``` - -```bash -helm install jaeger jaegertracing/jaeger --values jaeger-values.yaml -``` - -## Installing the Chart with Ingester enabled - -The architecture illustrated below can be achieved by enabling the ingester component. When enabled, Cassandra or Elasticsearch (depending on the configured values) now becomes the ingester's storage backend, whereas Kafka becomes the storage backend of the collector service. - -![Jaeger with Ingester](https://www.jaegertracing.io/img/architecture-v2.png) - -## Installing the Chart with Ingester enabled using a New Kafka Cluster - -To provision a new Kafka cluster along with jaeger-ingester: - -```bash -helm install jaeger jaegertracing/jaeger \ - --set provisionDataStore.kafka=true \ - --set ingester.enabled=true -``` - -## Installing the Chart with Ingester using an existing Kafka Cluster - -You can use an exisiting Kafka cluster with jaeger too - -```bash -helm install jaeger jaegertracing/jaeger \ - --set ingester.enabled=true \ - --set storage.kafka.brokers={,} \ - --set storage.kafka.topic= -``` - -## Configuration - -The following table lists the configurable parameters of the Jaeger chart and their default values. - -| Parameter | Description | Default | -|-----------|-------------|---------| -| `.cmdlineParams` | Additional command line parameters | `nil` | -| `.extraEnv` | Additional environment variables | [] | -| `.nodeSelector` | Node selector | {} | -| `.tolerations` | Node tolerations | [] | -| `.affinity` | Affinity | {} | -| `.podAnnotations` | Pod annotations | `nil` | -| `.podSecurityContext` | Pod security context | {} | -| `.securityContext` | Container security context | {} | -| `.serviceAccount.create` | Create service account | `true` | -| `.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `nil` | -| `.serviceMonitor.enabled` | Create serviceMonitor | `false` | -| `.serviceMonitor.additionalLabels` | Add additional labels to serviceMonitor | {} | -| `agent.annotations` | Annotations for Agent | `nil` | -| `agent.dnsPolicy` | Configure DNS policy for agents | `ClusterFirst` | -| `agent.service.annotations` | Annotations for Agent SVC | `nil` | -| `agent.service.binaryPort` | jaeger.thrift over binary thrift | `6832` | -| `agent.service.compactPort` | jaeger.thrift over compact thrift| `6831` | -| `agent.image` | Image for Jaeger Agent | `jaegertracing/jaeger-agent` | -| `agent.imagePullSecrets` | Secret to pull the Image for Jaeger Agent | `[]` | -| `agent.pullPolicy` | Agent image pullPolicy | `IfNotPresent` | -| `agent.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `agent.service.annotations` | Annotations for Agent SVC | `nil` | -| `agent.service.binaryPort` | jaeger.thrift over binary thrift | `6832` | -| `agent.service.compactPort` | jaeger.thrift over compact thrift | `6831` | -| `agent.service.zipkinThriftPort` | zipkin.thrift over compact thrift | `5775` | -| `agent.extraConfigmapMounts` | Additional agent configMap mounts | `[]` | -| `agent.extraSecretMounts` | Additional agent secret mounts | `[]` | -| `agent.useHostNetwork` | Enable hostNetwork for agents | `false` | -| `agent.priorityClassName` | Priority class name for the agent pods | `nil` | -| `collector.autoscaling.enabled` | Enable horizontal pod autoscaling | `false` | -| `collector.autoscaling.minReplicas` | Minimum replicas | 2 | -| `collector.autoscaling.maxReplicas` | Maximum replicas | 10 | -| `collector.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization | 80 | -| `collector.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization | `nil` | -| `collector.image` | Image for jaeger collector | `jaegertracing/jaeger-collector` | -| `collector.imagePullSecrets` | Secret to pull the Image for Jaeger Collector | `[]` | -| `collector.pullPolicy` | Collector image pullPolicy | `IfNotPresent` | -| `collector.service.annotations` | Annotations for Collector SVC | `nil` | -| `collector.service.grpc.port` | Jaeger Agent port for model.proto | `14250` | -| `collector.service.http.port` | Client port for HTTP thrift | `14268` | -| `collector.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `collector.service.type` | Service type | `ClusterIP` | -| `collector.service.zipkin.port` | Zipkin port for JSON/thrift HTTP | `nil` | -| `collector.extraConfigmapMounts` | Additional collector configMap mounts | `[]` | -| `collector.extraSecretMounts` | Additional collector secret mounts | `[]` | -| `collector.samplingConfig` | [Sampling strategies json file](https://www.jaegertracing.io/docs/latest/sampling/#collector-sampling-configuration) | `nil` | -| `collector.priorityClassName` | Priority class name for the collector pods | `nil` | -| `ingester.enabled` | Enable ingester component, collectors will write to Kafka | `false` | -| `ingester.autoscaling.enabled` | Enable horizontal pod autoscaling | `false` | -| `ingester.autoscaling.minReplicas` | Minimum replicas | 2 | -| `ingester.autoscaling.maxReplicas` | Maximum replicas | 10 | -| `ingester.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization | 80 | -| `ingester.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization | `nil` | -| `ingester.service.annotations` | Annotations for Ingester SVC | `nil` | -| `ingester.image` | Image for jaeger Ingester | `jaegertracing/jaeger-ingester` | -| `ingester.imagePullSecrets` | Secret to pull the Image for Jaeger Ingester | `[]` | -| `ingester.pullPolicy` | Ingester image pullPolicy | `IfNotPresent` | -| `ingester.service.annotations` | Annotations for Ingester SVC | `nil` | -| `ingester.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `ingester.service.type` | Service type | `ClusterIP` | -| `ingester.extraConfigmapMounts` | Additional Ingester configMap mounts | `[]` | -| `ingester.extraSecretMounts` | Additional Ingester secret mounts | `[]` | -| `fullnameOverride` | Override full name | `nil` | -| `hotrod.enabled` | Enables the Hotrod demo app | `false` | -| `hotrod.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `hotrod.image.pullSecrets` | Secret to pull the Image for the Hotrod demo app | `[]` | -| `nameOverride` | Override name| `nil` | -| `provisionDataStore.cassandra` | Provision Cassandra Data Store| `true` | -| `provisionDataStore.elasticsearch` | Provision Elasticsearch Data Store | `false` | -| `provisionDataStore.kafka` | Provision Kafka Data Store | `false` | -| `query.agentSidecar.enabled` | Enable agent sidecare for query deployment | `true` | -| `query.config` | [UI Config json file](https://www.jaegertracing.io/docs/latest/frontend-ui/) | `nil` | -| `query.service.annotations` | Annotations for Query SVC | `nil` | -| `query.image` | Image for Jaeger Query UI | `jaegertracing/jaeger-query` | -| `query.imagePullSecrets` | Secret to pull the Image for Jaeger Query UI | `[]` | -| `query.ingress.enabled` | Allow external traffic access | `false` | -| `query.ingress.annotations` | Configure annotations for Ingress | `{}` | -| `query.ingress.hosts` | Configure host for Ingress | `nil` | -| `query.ingress.tls` | Configure tls for Ingress | `nil` | -| `query.pullPolicy` | Query UI image pullPolicy | `IfNotPresent` | -| `query.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `query.service.nodePort` | Specific node port to use when type is NodePort | `nil` | -| `query.service.port` | External accessible port | `80` | -| `query.service.type` | Service type | `ClusterIP` | -| `query.basePath` | Base path of Query UI, used for ingress as well (if it is enabled) | `/` | -| `query.extraConfigmapMounts` | Additional query configMap mounts | `[]` | -| `query.priorityClassName` | Priority class name for the Query UI pods | `nil` | -| `schema.annotations` | Annotations for the schema job| `nil` | -| `schema.extraConfigmapMounts` | Additional cassandra schema job configMap mounts | `[]` | -| `schema.image` | Image to setup cassandra schema | `jaegertracing/jaeger-cassandra-schema` | -| `schema.imagePullSecrets` | Secret to pull the Image for the Cassandra schema setup job | `[]` | -| `schema.pullPolicy` | Schema image pullPolicy | `IfNotPresent` | -| `schema.activeDeadlineSeconds` | Deadline in seconds for cassandra schema creation job to complete | `120` | -| `schema.keyspace` | Set explicit keyspace name | `nil` | -| `spark.enabled` | Enables the dependencies job| `false` | -| `spark.image` | Image for the dependencies job| `jaegertracing/spark-dependencies` | -| `spark.imagePullSecrets` | Secret to pull the Image for the Spark dependencies job | `[]` | -| `spark.pullPolicy` | Image pull policy of the deps image | `Always` | -| `spark.schedule` | Schedule of the cron job | `"49 23 * * *"` | -| `spark.successfulJobsHistoryLimit` | Cron job successfulJobsHistoryLimit | `5` | -| `spark.failedJobsHistoryLimit` | Cron job failedJobsHistoryLimit | `5` | -| `spark.tag` | Tag of the dependencies job image | `latest` | -| `spark.extraConfigmapMounts` | Additional spark configMap mounts | `[]` | -| `spark.extraSecretMounts` | Additional spark secret mounts | `[]` | -| `esIndexCleaner.enabled` | Enables the ElasticSearch indices cleanup job| `false` | -| `esIndexCleaner.image` | Image for the ElasticSearch indices cleanup job| `jaegertracing/jaeger-es-index-cleaner` | -| `esIndexCleaner.imagePullSecrets` | Secret to pull the Image for the ElasticSearch indices cleanup job | `[]` | -| `esIndexCleaner.pullPolicy` | Image pull policy of the ES cleanup image | `Always` | -| `esIndexCleaner.numberOfDays` | ElasticSearch indices older than this number (Number of days) would be deleted by the CronJob | `7` -| `esIndexCleaner.schedule` | Schedule of the cron job | `"55 23 * * *"` | -| `esIndexCleaner.successfulJobsHistoryLimit` | successfulJobsHistoryLimit for ElasticSearch indices cleanup CronJob | `5` | -| `esIndexCleaner.failedJobsHistoryLimit` | failedJobsHistoryLimit for ElasticSearch indices cleanup CronJob | `5` | -| `esIndexCleaner.tag` | Tag of the dependencies job image | `latest` | -| `esIndexCleaner.extraConfigmapMounts` | Additional esIndexCleaner configMap mounts | `[]` | -| `esIndexCleaner.extraSecretMounts` | Additional esIndexCleaner secret mounts | `[]` | -| `storage.cassandra.env` | Extra cassandra related env vars to be configured on components that talk to cassandra | `cassandra` | -| `storage.cassandra.cmdlineParams` | Extra cassandra related command line options to be configured on components that talk to cassandra | `cassandra` | -| `storage.cassandra.existingSecret` | Name of existing password secret object (for password authentication | `nil` -| `storage.cassandra.host` | Provisioned cassandra host | `cassandra` | -| `storage.cassandra.keyspace` | Schema name for cassandra | `jaeger_v1_test` | -| `storage.cassandra.password` | Provisioned cassandra password (ignored if storage.cassandra.existingSecret set) | `password` | -| `storage.cassandra.port` | Provisioned cassandra port | `9042` | -| `storage.cassandra.tls.enabled` | Provisioned cassandra TLS connection enabled | `false` | -| `storage.cassandra.tls.secretName` | Provisioned cassandra TLS connection existing secret name (possible keys in secret: `ca-cert.pem`, `client-key.pem`, `client-cert.pem`, `cqlshrc`, `commonName`) | `` | -| `storage.cassandra.usePassword` | Use password | `true` | -| `storage.cassandra.user` | Provisioned cassandra username | `user` | -| `storage.elasticsearch.env` | Extra ES related env vars to be configured on components that talk to ES | `nil` | -| `storage.elasticsearch.cmdlineParams` | Extra ES related command line options to be configured on components that talk to ES | `nil` | -| `storage.elasticsearch.existingSecret` | Name of existing password secret object (for password authentication | `nil` | -| `storage.elasticsearch.existingSecretKey` | Key of the declared password secret | `password` | -| `storage.elasticsearch.host` | Provisioned elasticsearch host| `elasticsearch` | -| `storage.elasticsearch.password` | Provisioned elasticsearch password (ignored if storage.elasticsearch.existingSecret set | `changeme` | -| `storage.elasticsearch.port` | Provisioned elasticsearch port| `9200` | -| `storage.elasticsearch.scheme` | Provisioned elasticsearch scheme | `http` | -| `storage.elasticsearch.usePassword` | Use password | `true` | -| `storage.elasticsearch.user` | Provisioned elasticsearch user| `elastic` | -| `storage.elasticsearch.indexPrefix` | Index Prefix for elasticsearch | `nil` | -| `storage.elasticsearch.nodesWanOnly` | Only access specified es host | `false` | -| `storage.kafka.authentication` | Authentication type used to authenticate with kafka cluster. e.g. none, kerberos, tls | `none` | -| `storage.kafka.brokers` | Broker List for Kafka with port | `kafka:9092` | -| `storage.kafka.topic` | Topic name for Kafka | `jaeger_v1_test` | -| `storage.type` | Storage type (ES or Cassandra)| `cassandra` | -| `tag` | Image tag/version | `1.18.0` | - -For more information about some of the tunable parameters that Cassandra provides, please visit the helm chart for [cassandra](https://github.com/kubernetes/charts/tree/master/incubator/cassandra) and the official [website](http://cassandra.apache.org/) at apache.org. - -For more information about some of the tunable parameters that Jaeger provides, please visit the official [Jaeger repo](https://github.com/uber/jaeger) at GitHub.com. - -### Pending enhancements - -- [ ] Sidecar deployment support diff --git a/rds/base/charts/jaeger/charts/cassandra-0.15.2.tgz b/rds/base/charts/jaeger/charts/cassandra-0.15.2.tgz deleted file mode 100644 index b097979..0000000 Binary files a/rds/base/charts/jaeger/charts/cassandra-0.15.2.tgz and /dev/null differ diff --git a/rds/base/charts/jaeger/charts/cassandra/.helmignore b/rds/base/charts/jaeger/charts/cassandra/.helmignore deleted file mode 100644 index 5e03def..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/.helmignore +++ /dev/null @@ -1,17 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS diff --git a/rds/base/charts/jaeger/charts/cassandra/Chart.yaml b/rds/base/charts/jaeger/charts/cassandra/Chart.yaml deleted file mode 100644 index 2099552..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -appVersion: 3.11.6 -description: Apache Cassandra is a free and open-source distributed database management - system designed to handle large amounts of data across many commodity servers, providing - high availability with no single point of failure. -engine: gotpl -home: http://cassandra.apache.org -icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png -keywords: -- cassandra -- database -- nosql -maintainers: -- email: goonohc@gmail.com - name: KongZ -- email: maor.friedman@redhat.com - name: maorfr -name: cassandra -version: 0.15.2 diff --git a/rds/base/charts/jaeger/charts/cassandra/README.md b/rds/base/charts/jaeger/charts/cassandra/README.md deleted file mode 100644 index c6e4605..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/README.md +++ /dev/null @@ -1,218 +0,0 @@ -# Cassandra -A Cassandra Chart for Kubernetes - -## Install Chart -To install the Cassandra Chart into your Kubernetes cluster (This Chart requires persistent volume by default, you may need to create a storage class before install chart. To create storage class, see [Persist data](#persist_data) section) - -```bash -helm install --namespace "cassandra" -n "cassandra" incubator/cassandra -``` - -After installation succeeds, you can get a status of Chart - -```bash -helm status "cassandra" -``` - -If you want to delete your Chart, use this command -```bash -helm delete --purge "cassandra" -``` - -## Upgrading - -To upgrade your Cassandra release, simply run - -```bash -helm upgrade "cassandra" incubator/cassandra -``` - -### 0.12.0 - -This version fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. - -Until this version, in order to upgrade, you have to delete the Cassandra StatefulSet before upgrading: -```bash -$ kubectl delete statefulset --cascade=false my-cassandra-release -``` - - -## Persist data -You need to create `StorageClass` before able to persist data in persistent volume. -To create a `StorageClass` on Google Cloud, run the following - -```bash -kubectl create -f sample/create-storage-gce.yaml -``` - -And set the following values in `values.yaml` - -```yaml -persistence: - enabled: true -``` - -If you want to create a `StorageClass` on other platform, please see documentation here [https://kubernetes.io/docs/user-guide/persistent-volumes/](https://kubernetes.io/docs/user-guide/persistent-volumes/) - -When running a cluster without persistence, the termination of a pod will first initiate a decommissioning of that pod. -Depending on the amount of data stored inside the cluster this may take a while. In order to complete a graceful -termination, pods need to get more time for it. Set the following values in `values.yaml`: - -```yaml -podSettings: - terminationGracePeriodSeconds: 1800 -``` - -## Install Chart with specific cluster size -By default, this Chart will create a cassandra with 3 nodes. If you want to change the cluster size during installation, you can use `--set config.cluster_size={value}` argument. Or edit `values.yaml` - -For example: -Set cluster size to 5 - -```bash -helm install --namespace "cassandra" -n "cassandra" --set config.cluster_size=5 incubator/cassandra/ -``` - -## Install Chart with specific resource size -By default, this Chart will create a cassandra with CPU 2 vCPU and 4Gi of memory which is suitable for development environment. -If you want to use this Chart for production, I would recommend to update the CPU to 4 vCPU and 16Gi. Also increase size of `max_heap_size` and `heap_new_size`. -To update the settings, edit `values.yaml` - -## Install Chart with specific node -Sometime you may need to deploy your cassandra to specific nodes to allocate resources. You can use node selector by edit `nodes.enabled=true` in `values.yaml` -For example, you have 6 vms in node pools and you want to deploy cassandra to node which labeled as `cloud.google.com/gke-nodepool: pool-db` - -Set the following values in `values.yaml` - -```yaml -nodes: - enabled: true - selector: - nodeSelector: - cloud.google.com/gke-nodepool: pool-db -``` - -## Configuration - -The following table lists the configurable parameters of the Cassandra chart and their default values. - -| Parameter | Description | Default | -| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- | -| `image.repo` | `cassandra` image repository | `cassandra` | -| `image.tag` | `cassandra` image tag | `3.11.5` | -| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `config.cluster_domain` | The name of the cluster domain. | `cluster.local` | -| `config.cluster_name` | The name of the cluster. | `cassandra` | -| `config.cluster_size` | The number of nodes in the cluster. | `3` | -| `config.seed_size` | The number of seed nodes used to bootstrap new clients joining the cluster. | `2` | -| `config.seeds` | The comma-separated list of seed nodes. | Automatically generated according to `.Release.Name` and `config.seed_size` | -| `config.num_tokens` | Initdb Arguments | `256` | -| `config.dc_name` | Initdb Arguments | `DC1` | -| `config.rack_name` | Initdb Arguments | `RAC1` | -| `config.endpoint_snitch` | Initdb Arguments | `SimpleSnitch` | -| `config.max_heap_size` | Initdb Arguments | `2048M` | -| `config.heap_new_size` | Initdb Arguments | `512M` | -| `config.ports.cql` | Initdb Arguments | `9042` | -| `config.ports.thrift` | Initdb Arguments | `9160` | -| `config.ports.agent` | The port of the JVM Agent (if any) | `nil` | -| `config.start_rpc` | Initdb Arguments | `false` | -| `configOverrides` | Overrides config files in /etc/cassandra dir | `{}` | -| `commandOverrides` | Overrides default docker command | `[]` | -| `argsOverrides` | Overrides default docker args | `[]` | -| `env` | Custom env variables | `{}` | -| `schedulerName` | Name of k8s scheduler (other than the default) | `nil` | -| `persistence.enabled` | Use a PVC to persist data | `true` | -| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | -| `persistence.size` | Size of data volume | `10Gi` | -| `resources` | CPU/Memory resource requests/limits | Memory: `4Gi`, CPU: `2` | -| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | -| `service.annotations` | Annotations to apply to cassandra service | `""` | -| `podManagementPolicy` | podManagementPolicy of the StatefulSet | `OrderedReady` | -| `podDisruptionBudget` | Pod distruption budget | `{}` | -| `podAnnotations` | pod annotations for the StatefulSet | `{}` | -| `updateStrategy.type` | UpdateStrategy of the StatefulSet | `OnDelete` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `90` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `30` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `90` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `30` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `readinessProbe.address` | Address to use for checking node has joined the cluster and is ready. | `${POD_IP}` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use | | -| `backup.enabled` | Enable backup on chart installation | `false` | -| `backup.schedule` | Keyspaces to backup, each with cron time | | -| `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `cain` | -| `backup.image.repository` | Backup image repository | `maorfr/cain` | -| `backup.image.tag` | Backup image tag | `0.6.0` | -| `backup.extraArgs` | Additional arguments for cain | `[]` | -| `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | -| `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | -| `backup.destination` | Destination to store backup artifacts | `s3://bucket/cassandra` | -| `backup.google.serviceAccountSecret` | Secret containing credentials if GCS is used as destination | | -| `exporter.enabled` | Enable Cassandra exporter | `false` | -| `exporter.servicemonitor.enabled` | Enable ServiceMonitor for exporter | `true` | -| `exporter.servicemonitor.additionalLabels`| Additional labels for Service Monitor | `{}` | -| `exporter.image.repo` | Exporter image repository | `criteord/cassandra_exporter` | -| `exporter.image.tag` | Exporter image tag | `2.0.2` | -| `exporter.port` | Exporter port | `5556` | -| `exporter.jvmOpts` | Exporter additional JVM options | | -| `exporter.resources` | Exporter CPU/Memory resource requests/limits | `{}` | -| `extraContainers` | Sidecar containers for the pods | `[]` | -| `extraVolumes` | Additional volumes for the pods | `[]` | -| `extraVolumeMounts` | Extra volume mounts for the pods | `[]` | -| `affinity` | Kubernetes node affinity | `{}` | -| `tolerations` | Kubernetes node tolerations | `[]` | - - -## Scale cassandra -When you want to change the cluster size of your cassandra, you can use the helm upgrade command. - -```bash -helm upgrade --set config.cluster_size=5 cassandra incubator/cassandra -``` - -## Get cassandra status -You can get your cassandra cluster status by running the command - -```bash -kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') nodetool status -``` - -Output -```bash -Datacenter: asia-east1 -====================== -Status=Up/Down -|/ State=Normal/Leaving/Joining/Moving --- Address Load Tokens Owns (effective) Host ID Rack -UN 10.8.1.11 108.45 KiB 256 66.1% 410cc9da-8993-4dc2-9026-1dd381874c54 a -UN 10.8.4.12 84.08 KiB 256 68.7% 96e159e1-ef94-406e-a0be-e58fbd32a830 c -UN 10.8.3.6 103.07 KiB 256 65.2% 1a42b953-8728-4139-b070-b855b8fff326 b -``` - -## Benchmark -You can use [cassandra-stress](https://docs.datastax.com/en/cassandra/3.0/cassandra/tools/toolsCStress.html) tool to run the benchmark on the cluster by the following command - -```bash -kubectl exec -it --namespace cassandra $(kubectl get pods --namespace cassandra -l app=cassandra-cassandra -o jsonpath='{.items[0].metadata.name}') cassandra-stress -``` - -Example of `cassandra-stress` argument - - Run both read and write with ration 9:1 - - Operator total 1 million keys with uniform distribution - - Use QUORUM for read/write - - Generate 50 threads - - Generate result in graph - - Use NetworkTopologyStrategy with replica factor 2 - -```bash -cassandra-stress mixed ratio\(write=1,read=9\) n=1000000 cl=QUORUM -pop dist=UNIFORM\(1..1000000\) -mode native cql3 -rate threads=50 -log file=~/mixed_autorate_r9w1_1M.log -graph file=test2.html title=test revision=test2 -schema "replication(strategy=NetworkTopologyStrategy, factor=2)" -``` diff --git a/rds/base/charts/jaeger/charts/cassandra/sample/create-storage-gce.yaml b/rds/base/charts/jaeger/charts/cassandra/sample/create-storage-gce.yaml deleted file mode 100644 index 2467b95..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/sample/create-storage-gce.yaml +++ /dev/null @@ -1,7 +0,0 @@ -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: generic -provisioner: kubernetes.io/gce-pd -parameters: - type: pd-ssd diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/NOTES.txt b/rds/base/charts/jaeger/charts/cassandra/templates/NOTES.txt deleted file mode 100644 index 9ecb004..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/NOTES.txt +++ /dev/null @@ -1,35 +0,0 @@ -Cassandra CQL can be accessed via port {{ .Values.config.ports.cql }} on the following DNS name from within your cluster: -Cassandra Thrift can be accessed via port {{ .Values.config.ports.thrift }} on the following DNS name from within your cluster: - -If you want to connect to the remote instance with your local Cassandra CQL cli. To forward the API port to localhost:9042 run the following: -- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') 9042:{{ .Values.config.ports.cql }} - -If you want to connect to the Cassandra CQL run the following: -{{- if contains "NodePort" .Values.service.type }} -- export CQL_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "cassandra.fullname" . }}) -- export CQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -- cqlsh $CQL_HOST $CQL_PORT - -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "cassandra.fullname" . }}' -- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "cassandra.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -- echo cqlsh $SERVICE_IP -{{- else if contains "ClusterIP" .Values.service.type }} -- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "cassandra.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 9042:{{ .Values.config.ports.cql }} - echo cqlsh 127.0.0.1 9042 -{{- end }} - -You can also see the cluster status by run the following: -- kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status - -To tail the logs for the Cassandra pod run the following: -- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "cassandra.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') - -{{- if not .Values.persistence.enabled }} - -Note that the cluster is running with node-local storage instead of PersistentVolumes. In order to prevent data loss, -pods will be decommissioned upon termination. Decommissioning may take some time, so you might also want to adjust the -pod termination gace period, which is currently set to {{ .Values.podSettings.terminationGracePeriodSeconds }} seconds. - -{{- end}} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/_helpers.tpl b/rds/base/charts/jaeger/charts/cassandra/templates/_helpers.tpl deleted file mode 100644 index b870420..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cassandra.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cassandra.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cassandra.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cassandra.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "cassandra.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/backup/cronjob.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/backup/cronjob.yaml deleted file mode 100644 index 3ee3210..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/backup/cronjob.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.backup.enabled }} -{{- $release := .Release }} -{{- $values := .Values }} -{{- $backup := $values.backup }} -{{- range $index, $schedule := $backup.schedule }} ---- -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ template "cassandra.fullname" $ }}-backup-{{ $schedule.keyspace | replace "_" "-" }} - labels: - app: {{ template "cassandra.name" $ }}-cain - chart: {{ template "cassandra.chart" $ }} - release: "{{ $release.Name }}" - heritage: "{{ $release.Service }}" -spec: - schedule: {{ $schedule.cron | quote }} - concurrencyPolicy: Forbid - startingDeadlineSeconds: 120 - jobTemplate: - spec: - template: - metadata: - annotations: - {{ toYaml $backup.annotations }} - spec: - restartPolicy: OnFailure - serviceAccountName: {{ template "cassandra.serviceAccountName" $ }} - containers: - - name: cassandra-backup - image: "{{ $backup.image.repository }}:{{ $backup.image.tag }}" - command: ["cain"] - args: - - backup - - --namespace - - {{ $release.Namespace }} - - --selector - - release={{ $release.Name }},app={{ template "cassandra.name" $ }} - - --keyspace - - {{ $schedule.keyspace }} - - --dst - - {{ $backup.destination }} - {{- with $backup.extraArgs }} -{{ toYaml . | indent 12 }} - {{- end }} - env: -{{- if $backup.google.serviceAccountSecret }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/secrets/google/credentials.json" -{{- end }} - {{- with $backup.env }} -{{ toYaml . | indent 12 }} - {{- end }} - {{- with $backup.resources }} - resources: -{{ toYaml . | indent 14 }} - {{- end }} -{{- if $backup.google.serviceAccountSecret }} - volumeMounts: - - name: google-service-account - mountPath: /etc/secrets/google/ -{{- end }} -{{- if $backup.google.serviceAccountSecret }} - volumes: - - name: google-service-account - secret: - secretName: {{ $backup.google.serviceAccountSecret | quote }} -{{- end }} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ template "cassandra.fullname" $ }} - - key: release - operator: In - values: - - {{ $release.Name }} - topologyKey: "kubernetes.io/hostname" - {{- with $values.tolerations }} - tolerations: -{{ toYaml . | indent 12 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/backup/rbac.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/backup/rbac.yaml deleted file mode 100644 index 12b0f27..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/backup/rbac.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.backup.enabled }} -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "cassandra.serviceAccountName" . }} - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" ---- -{{- end }} -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "cassandra.fullname" . }}-backup - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -rules: -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "cassandra.fullname" . }}-backup - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "cassandra.fullname" . }}-backup -subjects: -- kind: ServiceAccount - name: {{ template "cassandra.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/configmap.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/configmap.yaml deleted file mode 100644 index 4e5ab76..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.configOverrides }} -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "cassandra.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "cassandra.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ toYaml .Values.configOverrides | indent 2 }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/pdb.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/pdb.yaml deleted file mode 100644 index 717666d..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "cassandra.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "cassandra.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: {{ template "cassandra.name" . }} - release: {{ .Release.Name }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/service.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/service.yaml deleted file mode 100644 index 3d08e03..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "cassandra.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - clusterIP: None - type: {{ .Values.service.type }} - ports: - {{- if .Values.exporter.enabled }} - - name: metrics - port: 5556 - targetPort: {{ .Values.exporter.port }} - {{- end }} - - name: intra - port: 7000 - targetPort: 7000 - - name: tls - port: 7001 - targetPort: 7001 - - name: jmx - port: 7199 - targetPort: 7199 - - name: cql - port: {{ default 9042 .Values.config.ports.cql }} - targetPort: {{ default 9042 .Values.config.ports.cql }} - - name: thrift - port: {{ default 9160 .Values.config.ports.thrift }} - targetPort: {{ default 9160 .Values.config.ports.thrift }} - {{- if .Values.config.ports.agent }} - - name: agent - port: {{ .Values.config.ports.agent }} - targetPort: {{ .Values.config.ports.agent }} - {{- end }} - selector: - app: {{ template "cassandra.name" . }} - release: {{ .Release.Name }} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/servicemonitor.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/servicemonitor.yaml deleted file mode 100644 index 38f9db6..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.exporter.enabled .Values.exporter.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "cassandra.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.exporter.serviceMonitor.additionalLabels }} -{{ toYaml .Values.exporter.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - jobLabel: {{ template "cassandra.name" . }} - endpoints: - - port: metrics - interval: 10s - selector: - matchLabels: - app: {{ template "cassandra.name" . }} - namespaceSelector: - any: true -{{- end }} diff --git a/rds/base/charts/jaeger/charts/cassandra/templates/statefulset.yaml b/rds/base/charts/jaeger/charts/cassandra/templates/statefulset.yaml deleted file mode 100644 index 286d99c..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/templates/statefulset.yaml +++ /dev/null @@ -1,230 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "cassandra.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "cassandra.name" . }} - chart: {{ template "cassandra.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ template "cassandra.name" . }} - release: {{ .Release.Name }} - serviceName: {{ template "cassandra.fullname" . }} - replicas: {{ .Values.config.cluster_size }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - template: - metadata: - labels: - app: {{ template "cassandra.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} -{{- if .Values.selector }} -{{ toYaml .Values.selector | indent 6 }} -{{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if .Values.configOverrides }} - initContainers: - - name: config-copier - image: busybox - command: [ 'sh', '-c', 'cp /configmap-files/* /cassandra-configs/ && chown 999:999 /cassandra-configs/*'] - volumeMounts: -{{- range $key, $value := .Values.configOverrides }} - - name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} - mountPath: /configmap-files/{{ $key }} - subPath: {{ $key }} -{{- end }} - - name: cassandra-configs - mountPath: /cassandra-configs/ -{{- end }} - containers: -{{- if .Values.extraContainers }} -{{ tpl (toYaml .Values.extraContainers) . | indent 6}} -{{- end }} -{{- if .Values.exporter.enabled }} - - name: cassandra-exporter - image: "{{ .Values.exporter.image.repo }}:{{ .Values.exporter.image.tag }}" - resources: -{{ toYaml .Values.exporter.resources | indent 10 }} - env: - - name: CASSANDRA_EXPORTER_CONFIG_listenPort - value: {{ .Values.exporter.port | quote }} - - name: JVM_OPTS - value: {{ .Values.exporter.jvmOpts | quote }} - ports: - - name: metrics - containerPort: {{ .Values.exporter.port }} - protocol: TCP - - name: jmx - containerPort: 5555 - livenessProbe: - tcpSocket: - port: {{ .Values.exporter.port }} - readinessProbe: - httpGet: - path: /metrics - port: {{ .Values.exporter.port }} - initialDelaySeconds: 20 - timeoutSeconds: 45 -{{- end }} - - name: {{ template "cassandra.fullname" . }} - image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} -{{- if .Values.commandOverrides }} - command: {{ .Values.commandOverrides }} -{{- end }} -{{- if .Values.argsOverrides }} - args: {{ .Values.argsOverrides }} -{{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - env: - {{- $seed_size := default 1 .Values.config.seed_size | int -}} - {{- $global := . }} - - name: CASSANDRA_SEEDS - {{- if .Values.hostNetwork }} - value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }} - {{- else }} - value: "{{- range $i, $e := until $seed_size }}{{ template "cassandra.fullname" $global }}-{{ $i }}.{{ template "cassandra.fullname" $global }}.{{ $global.Release.Namespace }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}" - {{- end }} - - name: MAX_HEAP_SIZE - value: {{ default "8192M" .Values.config.max_heap_size | quote }} - - name: HEAP_NEWSIZE - value: {{ default "200M" .Values.config.heap_new_size | quote }} - - name: CASSANDRA_ENDPOINT_SNITCH - value: {{ default "SimpleSnitch" .Values.config.endpoint_snitch | quote }} - - name: CASSANDRA_CLUSTER_NAME - value: {{ default "Cassandra" .Values.config.cluster_name | quote }} - - name: CASSANDRA_DC - value: {{ default "DC1" .Values.config.dc_name | quote }} - - name: CASSANDRA_RACK - value: {{ default "RAC1" .Values.config.rack_name | quote }} - - name: CASSANDRA_START_RPC - value: {{ default "false" .Values.config.start_rpc | quote }} - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- range $key, $value := .Values.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - livenessProbe: - exec: - command: [ "/bin/sh", "-c", "nodetool status" ] - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - readinessProbe: - exec: - command: [ "/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+{{ .Values.readinessProbe.address }}\"" ] - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - ports: - - name: intra - containerPort: 7000 - - name: tls - containerPort: 7001 - - name: jmx - containerPort: 7199 - - name: cql - containerPort: {{ default 9042 .Values.config.ports.cql }} - - name: thrift - containerPort: {{ default 9160 .Values.config.ports.thrift }} - {{- if .Values.config.ports.agent }} - - name: agent - containerPort: {{ .Values.config.ports.agent }} - {{- end }} - volumeMounts: - - name: data - mountPath: /var/lib/cassandra - {{- if .Values.configOverrides }} - - name: cassandra-configs - mountPath: /etc/cassandra - {{- end }} - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} - {{- end }} - {{- if not .Values.persistence.enabled }} - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "exec nodetool decommission"] - {{- end }} - terminationGracePeriodSeconds: {{ default 30 .Values.podSettings.terminationGracePeriodSeconds }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - - name: {{ .Values.image.pullSecrets }} - {{- end }} -{{- if or .Values.extraVolumes ( or .Values.configOverrides (not .Values.persistence.enabled) ) }} - volumes: -{{- end }} -{{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6 }} -{{- end }} -{{- range $key, $value := .Values.configOverrides }} - - configMap: - name: cassandra - name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} -{{- end }} -{{- if .Values.configOverrides }} - - name: cassandra-configs - emptyDir: {} -{{- end }} -{{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: - app: {{ template "cassandra.name" . }} - release: {{ .Release.Name }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/cassandra/values.yaml b/rds/base/charts/jaeger/charts/cassandra/values.yaml deleted file mode 100644 index c993e77..0000000 --- a/rds/base/charts/jaeger/charts/cassandra/values.yaml +++ /dev/null @@ -1,254 +0,0 @@ -## Cassandra image version -## ref: https://hub.docker.com/r/library/cassandra/ -image: - repo: cassandra - tag: 3.11.6 - pullPolicy: IfNotPresent - ## Specify ImagePullSecrets for Pods - ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # pullSecrets: myregistrykey - -## Specify a service type -## ref: http://kubernetes.io/docs/user-guide/services/ -service: - type: ClusterIP - annotations: "" - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Persist data to a persistent volume -persistence: - enabled: true - ## cassandra data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 10Gi - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## Minimum memory for development is 4GB and 2 CPU cores -## Minimum memory for production is 8GB and 4 CPU cores -## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html -resources: {} - # requests: - # memory: 4Gi - # cpu: 2 - # limits: - # memory: 4Gi - # cpu: 2 - -## Change cassandra configuration parameters below: -## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configCassandra_yaml.html -## Recommended max heap size is 1/2 of system memory -## Recommended heap new size is 1/4 of max heap size -## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsTuneJVM.html -config: - cluster_domain: cluster.local - cluster_name: cassandra - cluster_size: 3 - seed_size: 2 - num_tokens: 256 - # If you want Cassandra to use this datacenter and rack name, - # you need to set endpoint_snitch to GossipingPropertyFileSnitch. - # Otherwise, these values are ignored and datacenter1 and rack1 - # are used. - dc_name: DC1 - rack_name: RAC1 - endpoint_snitch: SimpleSnitch - max_heap_size: 2048M - heap_new_size: 512M - start_rpc: false - ports: - cql: 9042 - thrift: 9160 - # If a JVM Agent is in place - # agent: 61621 - -## Cassandra config files overrides -configOverrides: {} - -## Cassandra docker command overrides -commandOverrides: [] - -## Cassandra docker args overrides -argsOverrides: [] - -## Custom env variables. -## ref: https://hub.docker.com/_/cassandra/ -env: {} - -## Liveness and Readiness probe values. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -livenessProbe: - initialDelaySeconds: 90 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 -readinessProbe: - initialDelaySeconds: 90 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - address: "${POD_IP}" - -## Configure node selector. Edit code below for adding selector to pods -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# selector: - # nodeSelector: - # cloud.google.com/gke-nodepool: pool-db - -## Additional pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} - -## Additional pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} - -## Additional pod-level settings -podSettings: - # Change this to give pods more time to properly leave the cluster when not using persistent storage. - terminationGracePeriodSeconds: 30 - -## Pod distruption budget -podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 2 - -podManagementPolicy: OrderedReady -updateStrategy: - type: OnDelete - -## Pod Security Context -securityContext: - enabled: false - fsGroup: 999 - runAsUser: 999 - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -## Node tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - # name: - -# Use host network for Cassandra pods -# You must pass seed list into config.seeds property if set to true -hostNetwork: false - -## Backup cronjob configuration -## Ref: https://github.com/maorfr/cain -backup: - enabled: false - - # Schedule to run jobs. Must be in cron time format - # Ref: https://crontab.guru/ - schedule: - - keyspace: keyspace1 - cron: "0 7 * * *" - - keyspace: keyspace2 - cron: "30 7 * * *" - - annotations: - # Example for authorization to AWS S3 using kube2iam - # Can also be done using environment variables - iam.amazonaws.com/role: cain - - image: - repository: maorfr/cain - tag: 0.6.0 - - # Additional arguments for cain - # Ref: https://github.com/maorfr/cain#usage - extraArgs: [] - - # Add additional environment variables - env: - # Example environment variable required for AWS credentials chain - - name: AWS_REGION - value: us-east-1 - - resources: - requests: - memory: 1Gi - cpu: 1 - limits: - memory: 1Gi - cpu: 1 - - # Name of the secret containing the credentials of the service account used by GOOGLE_APPLICATION_CREDENTIALS, as a credentials.json file - # google: - # serviceAccountSecret: - - # Destination to store the backup artifacts - # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage - # Additional support can added. Visit this repository for details - # Ref: https://github.com/maorfr/skbn - destination: s3://bucket/cassandra - -## Cassandra exported configuration -## ref: https://github.com/criteo/cassandra_exporter -exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: {} - # prometheus: default - image: - repo: criteord/cassandra_exporter - tag: 2.0.2 - port: 5556 - jvmOpts: "" - resources: {} - # limits: - # cpu: 1 - # memory: 1Gi - # requests: - # cpu: 1 - # memory: 1Gi - -extraVolumes: [] -extraVolumeMounts: [] -# extraVolumes and extraVolumeMounts allows you to mount other volumes -# Example Use Case: mount ssl certificates -# extraVolumes: -# - name: cas-certs -# secret: -# defaultMode: 420 -# secretName: cas-certs -# extraVolumeMounts: -# - name: cas-certs -# mountPath: /certs -# readOnly: true - -extraContainers: [] -## Additional containers to be added -# extraContainers: -# - name: cassandra-sidecar -# image: cassandra-sidecar:latest -# volumeMounts: -# - name: some-mount -# mountPath: /some/path diff --git a/rds/base/charts/jaeger/charts/elasticsearch-7.8.1.tgz b/rds/base/charts/jaeger/charts/elasticsearch-7.8.1.tgz deleted file mode 100644 index 96f3fd5..0000000 Binary files a/rds/base/charts/jaeger/charts/elasticsearch-7.8.1.tgz and /dev/null differ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/.helmignore b/rds/base/charts/jaeger/charts/elasticsearch/.helmignore deleted file mode 100644 index e12c0b4..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/.helmignore +++ /dev/null @@ -1,2 +0,0 @@ -tests/ -.pytest_cache/ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/Chart.yaml b/rds/base/charts/jaeger/charts/elasticsearch/Chart.yaml deleted file mode 100644 index aef23eb..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: 7.8.1 -description: Official Elastic helm chart for Elasticsearch -home: https://github.com/elastic/helm-charts -icon: https://helm.elastic.co/icons/elasticsearch.png -maintainers: -- email: helm-charts@elastic.co - name: Elastic -name: elasticsearch -sources: -- https://github.com/elastic/elasticsearch -version: 7.8.1 diff --git a/rds/base/charts/jaeger/charts/elasticsearch/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/Makefile deleted file mode 100644 index 22218a1..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/Makefile +++ /dev/null @@ -1 +0,0 @@ -include ../helpers/common.mk diff --git a/rds/base/charts/jaeger/charts/elasticsearch/README.md b/rds/base/charts/jaeger/charts/elasticsearch/README.md deleted file mode 100644 index b1ecb49..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/README.md +++ /dev/null @@ -1,445 +0,0 @@ -# Elasticsearch Helm Chart - -This Helm chart is a lightweight way to configure and run our official -[Elasticsearch Docker image][]. - - - - - - -- [Requirements](#requirements) -- [Installing](#installing) -- [Upgrading](#upgrading) -- [Usage notes](#usage-notes) -- [Configuration](#configuration) - - [Deprecated](#deprecated) -- [FAQ](#faq) - - [How to deploy this chart on a specific K8S distribution?](#how-to-deploy-this-chart-on-a-specific-k8s-distribution) - - [How to deploy dedicated nodes types?](#how-to-deploy-dedicated-nodes-types) - - [Clustering and Node Discovery](#clustering-and-node-discovery) - - [How to deploy clusters with security (authentication and TLS) enabled?](#how-to-deploy-clusters-with-security-authentication-and-tls-enabled) - - [How to migrate from helm/charts stable chart?](#how-to-migrate-from-helmcharts-stable-chart) - - [How to install OSS version of Elasticsearch?](#how-to-install-oss-version-of-elasticsearch) - - [How to install plugins?](#how-to-install-plugins) - - [How to use the keystore?](#how-to-use-the-keystore) - - [Basic example](#basic-example) - - [Multiple keys](#multiple-keys) - - [Custom paths and keys](#custom-paths-and-keys) - - [How to enable snapshotting?](#how-to-enable-snapshotting) - - [How to configure templates post-deployment?](#how-to-configure-templates-post-deployment) -- [Contributing](#contributing) - - - - - - -## Requirements - -* [Helm][] >=2.8.0 and <3.0.0 -* Kubernetes >=1.8 -* Minimum cluster requirements include the following to run this chart with -default settings. All of these settings are configurable. - * Three Kubernetes nodes to respect the default "hard" affinity settings - * 1GB of RAM for the JVM heap - -See [supported configurations][] for more details. - - -## Installing - -This chart is tested with 7.8.1 version. - -* Add the Elastic Helm charts repo: -`helm repo add elastic https://helm.elastic.co` - -* Install 7.8.1 release: -`helm install --name elasticsearch --version 7.8.1 elastic/elasticsearch` - - -## Upgrading - -Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before -upgrading to a new chart version. - - -## Usage notes - -* This repo includes a number of [examples][] configurations which can be used -as a reference. They are also used in the automated testing of this chart. -* Automated testing of this chart is currently only run against GKE (Google -Kubernetes Engine). -* The chart deploys a StatefulSet and by default will do an automated rolling -update of your cluster. It does this by waiting for the cluster health to become -green after each instance is updated. If you prefer to update manually you can -set `OnDelete` [updateStrategy][]. -* It is important to verify that the JVM heap size in `esJavaOpts` and to set -the CPU/Memory `resources` to something suitable for your cluster. -* To simplify chart and maintenance each set of node groups is deployed as a -separate Helm release. Take a look at the [multi][] example to get an idea for -how this works. Without doing this it isn't possible to resize persistent -volumes in a StatefulSet. By setting it up this way it makes it possible to add -more nodes with a new storage size then drain the old ones. It also solves the -problem of allowing the user to determine which node groups to update first when -doing upgrades or changes. -* We have designed this chart to be very un-opinionated about how to configure -Elasticsearch. It exposes ways to set environment variables and mount secrets -inside of the container. Doing this makes it much easier for this chart to -support multiple versions with minimal changes. - - -## Configuration - -| Parameter | Description | Default | -|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------| -| `antiAffinityTopologyKey` | The [anti-affinity][] topology key. By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | -| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` | -| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params][] that will be used by readiness [probe][] command | `wait_for_status=green&timeout=1s` | -| `clusterName` | This will be used as the Elasticsearch [cluster.name][] and should be unique per cluster in the namespace | `elasticsearch` | -| `enableServiceLinks` | Set to false to disabling service links, which can cause slow pod startup times when there are many services in the current namespace. | `true` | -| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | -| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml][] for an example of the formatting | `{}` | -| `esJavaOpts` | [Java options][] for Elasticsearch. This is where you should configure the [jvm heap size][] | `-Xmx1g -Xms1g` | -| `esMajorVersion` | Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` | -| `extraContainers` | Templatable string of additional `containers` to be passed to the `tpl` function | `""` | -| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | -| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `""` | -| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `""` | -| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `""` | -| `fullnameOverride` | Overrides the `clusterName` and `nodeGroup` when used in the naming of resources. This should only be used when using a single `nodeGroup`, otherwise you will have name conflicts | `""` | -| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port][] in `extraEnvs` | `9200` | -| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | -| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | -| `imageTag` | The Elasticsearch Docker image tag | `7.8.1` | -| `image` | The Elasticsearch Docker image | `docker.elastic.co/elasticsearch/elasticsearch` | -| `ingress` | Configurable [ingress][] to expose the Elasticsearch service. See [values.yaml][] for an example | see [values.yaml][] | -| `initResources` | Allows you to set the [resources][] for the `initContainer` in the StatefulSet | `{}` | -| `keystore` | Allows you map Kubernetes secrets into the keystore. See the [config example][] and [how to use the keystore][] | `[]` | -| `labels` | Configurable [labels][] applied to all Elasticsearch pods | `{}` | -| `lifecycle` | Allows you to add [lifecycle hooks][]. See [values.yaml][] for an example of the formatting | `{}` | -| `masterService` | The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery][] for more information | `""` | -| `masterTerminationFix` | A workaround needed for Elasticsearch < 7.2 to prevent master status being lost during restarts [#63][] | `false` | -| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | -| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes][]. Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7 | `2` | -| `nameOverride` | Overrides the `clusterName` when used in the naming of resources | `""` | -| `networkHost` | Value for the [network.host Elasticsearch setting][] | `0.0.0.0` | -| `nodeAffinity` | Value for the [node affinity settings][] | `{}` | -| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified | `master` | -| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Elasticsearch cluster | `{}` | -| `persistence` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles][] which don't require persistent data | see [values.yaml][] | -| `podAnnotations` | Configurable [annotations][] applied to all Elasticsearch pods | `{}` | -| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | -| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | -| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] | -| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | -| `protocol` | The protocol that will be used for the readiness [probe][]. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` | -| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"` | see [values.yaml][] | -| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] | -| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `3` | -| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] | -| `roles` | A hash map with the specific [roles][] for the `nodeGroup` | see [values.yaml][] | -| `schedulerName` | Name of the [alternate scheduler][] | `""` | -| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | -| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | -| `service.annotations` | [LoadBalancer annotations][] that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` | `{}` | -| `service.httpPortName` | The name of the http port within the service | `http` | -| `service.labelsHeadless` | Labels to be added to headless service | `{}` | -| `service.labels` | Labels to be added to non-headless service | `{}` | -| `service.loadBalancerIP` | Some cloud providers allow you to specify the [loadBalancer][] IP. If the `loadBalancerIP` field is not specified, the IP is dynamically assigned. If you specify a `loadBalancerIP` but your cloud provider does not support the feature, it is ignored. | `""` | -| `service.loadBalancerSourceRanges` | The IP ranges that are allowed to access | `[]` | -| `service.nodePort` | Custom [nodePort][] port that can be set if you are using `service.type: nodePort` | `""` | -| `service.transportPortName` | The name of the transport port within the service | `transport` | -| `service.type` | Elasticsearch [Service Types][] | `ClusterIP` | -| `sidecarResources` | Allows you to set the [resources][] for the sidecar containers in the StatefulSet | {} | -| `sysctlInitContainer` | Allows you to disable the `sysctlInitContainer` if you are setting [sysctl vm.max_map_count][] with another method | `enabled: true` | -| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count][] needed for Elasticsearch | `262144` | -| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` | -| `tolerations` | Configurable [tolerations][] | `[]` | -| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration][] in `extraEnvs` | `9300` | -| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | -| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] | - -### Deprecated - -| Parameter | Description | Default | -|-----------|---------------------------------------------------------------------------------------------------------------|---------| -| `fsGroup` | The Group ID (GID) for [securityContext][] so that the Elasticsearch user can read from the persistent volume | `""` | - - -## FAQ - -### How to deploy this chart on a specific K8S distribution? - -This chart is designed to run on production scale Kubernetes clusters with -multiple nodes, lots of memory and persistent storage. For that reason it can be -a bit tricky to run them against local Kubernetes environments such as -[Minikube][]. - -This chart is highly tested with [GKE][], but some K8S distribution also -requires specific configurations. - -We provide examples of configuration for the following K8S providers: - -- [Docker for Mac][] -- [KIND][] -- [Minikube][] -- [MicroK8S][] -- [OpenShift][] - -### How to deploy dedicated nodes types? - -All the Elasticsearch pods deployed share the same configuration. If you need to -deploy dedicated [nodes types][] (for example dedicated master and data nodes), -you can deploy multiple releases of this chart with different configurations -while they share the same `clusterName` value. - -For each Helm release, the nodes types can then be defined using `roles` value. - -An example of Elasticsearch cluster using 2 different Helm releases for master -and data nodes can be found in [examples/multi][]. - -#### Clustering and Node Discovery - -This chart facilitates Elasticsearch node discovery and services by creating two -`Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup` -and another named `$clusterName-$nodeGroup-headless`. -Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all -pods ( `Ready` or not) are a part of `$clusterName-$nodeGroup-headless`. - -If your group of master nodes has the default `nodeGroup: master` then you can -just add new groups of nodes with a different `nodeGroup` and they will -automatically discover the correct master. If your master nodes have a different -`nodeGroup` name then you will need to set `masterService` to -`$clusterName-$masterNodeGroup`. - -The chart value for `masterService` is used to populate -`discovery.zen.ping.unicast.hosts` , which Elasticsearch nodes will use to -contact master nodes and form a cluster. -Therefore, to add a group of nodes to an existing cluster, setting -`masterService` to the desired `Service` name of the related cluster is -sufficient. - -### How to deploy clusters with security (authentication and TLS) enabled? - -This Helm chart can use existing [Kubernetes secrets][] to setup -credentials or certificates for examples. These secrets should be created -outside of this chart and accessed using [environment variables][] and volumes. - -An example of Elasticsearch cluster using security can be found in -[examples/security][]. - -### How to migrate from helm/charts stable chart? - -If you currently have a cluster deployed with the [helm/charts stable][] chart -you can follow the [migration guide][]. - -### How to install OSS version of Elasticsearch? - -Deploying OSS version of Elasticsearch can be done by setting `image` value to -[Elasticsearch OSS Docker image][] - -An example of Elasticsearch cluster using OSS version can be found in -[examples/oss][]. - -### How to install plugins? - -The recommended way to install plugins into our Docker images is to create a -[custom Docker image][]. - -The Dockerfile would look something like: - -``` -ARG elasticsearch_version -FROM docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_version} - -RUN bin/elasticsearch-plugin install --batch repository-gcs -``` - -And then updating the `image` in values to point to your custom image. - -There are a couple reasons we recommend this. - -1. Tying the availability of Elasticsearch to the download service to install -plugins is not a great idea or something that we recommend. Especially in -Kubernetes where it is normal and expected for a container to be moved to -another host at random times. -2. Mutating the state of a running Docker image (by installing plugins) goes -against best practices of containers and immutable infrastructure. - -### How to use the keystore? - -#### Basic example - -Create the secret, the key name needs to be the keystore key path. In this -example we will create a secret from a file and from a literal string. - -``` -kubectl create secret generic encryption_key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key -kubectl create secret generic slack_hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' -``` - -To add these secrets to the keystore: - -``` -keystore: - - secretName: encryption_key - - secretName: slack_hook -``` - -#### Multiple keys - -All keys in the secret will be added to the keystore. To create the previous -example in one secret you could also do: - -``` -kubectl create secret generic keystore_secrets --from-file=xpack.watcher.encryption_key=./watcher_encryption_key --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' -``` - -``` -keystore: - - secretName: keystore_secrets -``` - -#### Custom paths and keys - -If you are using these secrets for other applications (besides the Elasticsearch -keystore) then it is also possible to specify the keystore path and which keys -you want to add. Everything specified under each `keystore` item will be passed -through to the `volumeMounts` section for mounting the [secret][]. In this -example we will only add the `slack_hook` key from a secret that also has other -keys. Our secret looks like this: - -``` -kubectl create secret generic slack_secrets --from-literal=slack_channel='#general' --from-literal=slack_hook='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' -``` - -We only want to add the `slack_hook` key to the keystore at path -`xpack.notification.slack.account.monitoring.secure_url`: - -``` -keystore: - - secretName: slack_secrets - items: - - key: slack_hook - path: xpack.notification.slack.account.monitoring.secure_url -``` - -You can also take a look at the [config example][] which is used as part of the -automated testing pipeline. - -### How to enable snapshotting? - -1. Install your [snapshot plugin][] into a custom Docker image following the -[how to install plugins guide][]. -2. Add any required secrets or credentials into an Elasticsearch keystore -following the [how to use the keystore][] guide. -3. Configure the [snapshot repository][] as you normally would. -4. To automate snapshots you can use a tool like [curator][]. In the future -there are plans to have Elasticsearch manage automated snapshots with -[Snapshot Lifecycle Management][]. - -### How to configure templates post-deployment? - -You can use `postStart` [lifecycle hooks][] to run code triggered after a -container is created. - -Here is an example of `postStart` hook to configure templates: - -```yaml -lifecycle: - postStart: - exec: - command: - - bash - - -c - - | - #!/bin/bash - # Add a template to adjust number of shards/replicas - TEMPLATE_NAME=my_template - INDEX_PATTERN="logstash-*" - SHARD_COUNT=8 - REPLICA_COUNT=1 - ES_URL=http://localhost:9200 - while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done - curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' -``` - - -## Contributing - -Please check [CONTRIBUTING.md][] before any contribution or for any questions -about our development and testing process. - - -[#63]: https://github.com/elastic/helm-charts/issues/63 -[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md -[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md -[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md -[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods -[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -[cluster.name]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/cluster.name.html -[clustering and node discovery]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/README.md#clustering-and-node-discovery -[config example]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/config/values.yaml -[curator]: https://www.elastic.co/guide/en/elasticsearch/client/curator/7.8/snapshot.html -[custom docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/docker.html#_c_customized_image -[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies -[discovery.zen.minimum_master_nodes]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/discovery-settings.html#minimum_master_nodes -[docker for mac]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/docker-for-mac -[elasticsearch cluster health status params]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/cluster-health.html#request-params -[elasticsearch docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/docker.html -[elasticsearch oss docker image]: https://www.docker.elastic.co/r/elasticsearch/elasticsearch-oss -[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config -[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables -[examples]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/ -[examples/multi]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/multi -[examples/oss]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/oss -[examples/security]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/security -[gke]: https://cloud.google.com/kubernetes-engine -[helm]: https://helm.sh -[helm/charts stable]: https://github.com/helm/charts/tree/master/stable/elasticsearch/ -[how to install plugins guide]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/README.md#how-to-install-plugins -[how to use the keystore]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/README.md#how-to-use-the-keystore -[http.port]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/modules-http.html#_settings -[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images -[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret -[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ -[java options]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/jvm-options.html -[jvm heap size]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/heap-size.html -[kind]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/kubernetes-kind -[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ -[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ -[loadBalancer annotations]: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws -[loadBalancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer -[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget -[migration guide]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/migration/README.md -[minikube]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/minikube -[microk8s]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/microk8s -[multi]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/multi/ -[network.host elasticsearch setting]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/network.host.html -[node affinity settings]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature -[node-certificates]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/configuring-tls.html#node-certificates -[nodePort]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport -[nodes types]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/modules-node.html -[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -[openshift]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/openshift -[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -[roles]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/modules-node.html -[secret]: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets -[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -[service types]: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types -[snapshot lifecycle management]: https://github.com/elastic/elasticsearch/issues/38461 -[snapshot plugin]: https://www.elastic.co/guide/en/elasticsearch/plugins/7.8/repository.html -[snapshot repository]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/modules-snapshots.html -[supported configurations]: https://github.com/elastic/helm-charts/tree/7.8/README.md#supported-configurations -[sysctl vm.max_map_count]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/vm-max-map-count.html#vm-max-map-count -[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[transport port configuration]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/modules-transport.html#_transport_settings -[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ -[values.yaml]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/values.yaml -[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/config/Makefile deleted file mode 100644 index a3f9617..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-es-config - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -secrets: - kubectl delete secret elastic-config-credentials elastic-config-secret elastic-config-slack elastic-config-custom-path || true - kubectl create secret generic elastic-config-credentials --from-literal=password=changeme --from-literal=username=elastic - kubectl create secret generic elastic-config-slack --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' - kubectl create secret generic elastic-config-secret --from-file=xpack.watcher.encryption_key=./watcher_encryption_key - kubectl create secret generic elastic-config-custom-path --from-literal=slack_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' --from-literal=thing_i_don_tcare_about=test - -test: secrets install goss - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/config/README.md deleted file mode 100644 index 4fb0a28..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Config - -This example deploy a single node Elasticsearch 7.8.1 with authentication and -custom [values][]. - - -## Usage - -* Create the required secrets: `make secrets` - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/config-master 9200 - curl -u elastic:changeme http://localhost:9200/_cat/indices - ``` - - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/config/test/goss.yaml -[values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/config/values.yaml diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/config/test/goss.yaml deleted file mode 100644 index 8487013..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/test/goss.yaml +++ /dev/null @@ -1,26 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":1' - - '"number_of_data_nodes":1' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"cluster_name" : "config"' - - '"name" : "config-master-0"' - - 'You Know, for Search' - -command: - "elasticsearch-keystore list": - exit-status: 0 - stdout: - - keystore.seed - - bootstrap.password - - xpack.notification.slack.account.monitoring.secure_url - - xpack.notification.slack.account.otheraccount.secure_url - - xpack.watcher.encryption_key diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/config/values.yaml deleted file mode 100644 index ebde4f4..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/values.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -clusterName: "config" -replicas: 1 - -extraEnvs: - - name: ELASTIC_PASSWORD - valueFrom: - secretKeyRef: - name: elastic-credentials - key: password - - name: ELASTIC_USERNAME - valueFrom: - secretKeyRef: - name: elastic-credentials - key: username - -# This is just a dummy file to make sure that -# the keystore can be mounted at the same time -# as a custom elasticsearch.yml -esConfig: - elasticsearch.yml: | - path.data: /usr/share/elasticsearch/data - -keystore: - - secretName: elastic-config-secret - - secretName: elastic-config-slack - - secretName: elastic-config-custom-path - items: - - key: slack_url - path: xpack.notification.slack.account.otheraccount.secure_url diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/watcher_encryption_key b/rds/base/charts/jaeger/charts/elasticsearch/examples/config/watcher_encryption_key deleted file mode 100644 index b5f9078..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/config/watcher_encryption_key +++ /dev/null @@ -1 +0,0 @@ -supersecret diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/default/Makefile deleted file mode 100644 index 5f5215c..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-es-default - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ - -restart: - helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/default/README.md deleted file mode 100644 index 23a7d69..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Default - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster using -[default values][]. - - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/default/test/goss.yaml -[default values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/values.yaml diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/rolling_upgrade.sh b/rds/base/charts/jaeger/charts/elasticsearch/examples/default/rolling_upgrade.sh deleted file mode 100644 index c5a2a88..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/rolling_upgrade.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -x - -kubectl proxy || true & - -make & -PROC_ID=$! - -while kill -0 "$PROC_ID" >/dev/null 2>&1; do - echo "PROCESS IS RUNNING" - if curl --fail 'http://localhost:8001/api/v1/proxy/namespaces/default/services/elasticsearch-master:9200/_search' ; then - echo "cluster is healthy" - else - echo "cluster not healthy!" - exit 1 - fi - sleep 1 -done -echo "PROCESS TERMINATED" -exit 0 diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/default/test/goss.yaml deleted file mode 100644 index 781ccaf..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/default/test/goss.yaml +++ /dev/null @@ -1,39 +0,0 @@ -kernel-param: - vm.max_map_count: - value: '262144' - -http: - http://elasticsearch-master:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "7.8.1"' - - '"cluster_name" : "elasticsearch"' - - '"name" : "elasticsearch-master-0"' - - 'You Know, for Search' - -file: - /usr/share/elasticsearch/data: - exists: true - mode: "2775" - owner: root - group: elasticsearch - filetype: directory - -mount: - /usr/share/elasticsearch/data: - exists: true - -user: - elasticsearch: - exists: true - uid: 1000 - gid: 1000 diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/Makefile deleted file mode 100644 index 398545e..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test - -RELEASE := helm-es-docker-for-mac - -install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ - -test: install - helm test $(RELEASE) - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/README.md deleted file mode 100644 index 4892917..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Docker for Mac - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster on [Docker for Mac][] -using [custom values][]. - -Note that this configuration should be used for test only and isn't recommended -for production. - - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - - -[custom values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/docker-for-mac/values.yaml -[docker for mac]: https://docs.docker.com/docker-for-mac/kubernetes/ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/values.yaml deleted file mode 100644 index f7deba6..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/docker-for-mac/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Permit co-located instances for solitary minikube virtual machines. -antiAffinity: "soft" - -# Shrink default JVM heap. -esJavaOpts: "-Xmx128m -Xms128m" - -# Allocate smaller chunks of memory per pod. -resources: - requests: - cpu: "100m" - memory: "512M" - limits: - cpu: "1000m" - memory: "512M" - -# Request smaller persistent volumes. -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "hostpath" - resources: - requests: - storage: 100M diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/Makefile deleted file mode 100644 index af816a9..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -default: test - -RELEASE := helm-es-kind - -install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ - -install-local-path: - kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml - helm upgrade --wait --timeout=900 --install --values values-local-path.yaml $(RELEASE) ../../ - -test: install - helm test $(RELEASE) - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/README.md deleted file mode 100644 index e48c2b1..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# KIND - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster on [Kind][] -using [custom values][]. - -Note that this configuration should be used for test only and isn't recommended -for production. - -Note that Kind < 0.7.0 are affected by a [kind issue][] with mount points -created from PVCs not writable by non-root users. [kubernetes-sigs/kind#1157][] -fix it in Kind 0.7.0. - -The workaround for Kind < 0.7.0 is to install manually -[Rancher Local Path Provisioner][] and use `local-path` storage class for -Elasticsearch volumes (see [Makefile][] instructions). - - -## Usage - -* For Kind >= 0.7.0: Deploy Elasticsearch chart with the default values: `make install` -* For Kind < 0.7.0: Deploy Elasticsearch chart with `local-path` storage class: `make install-local-path` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - - -[custom values]: https://github.com/elastic/helm-charts/blob/7.8/elasticsearch/examples/kubernetes-kind/values.yaml -[kind]: https://kind.sigs.k8s.io/ -[kind issue]: https://github.com/kubernetes-sigs/kind/issues/830 -[kubernetes-sigs/kind#1157]: https://github.com/kubernetes-sigs/kind/pull/1157 -[rancher local path provisioner]: https://github.com/rancher/local-path-provisioner -[Makefile]: https://github.com/elastic/helm-charts/blob/7.8/elasticsearch/examples/kubernetes-kind/Makefile#L5 diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml deleted file mode 100644 index 500ad4b..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Permit co-located instances for solitary minikube virtual machines. -antiAffinity: "soft" - -# Shrink default JVM heap. -esJavaOpts: "-Xmx128m -Xms128m" - -# Allocate smaller chunks of memory per pod. -resources: - requests: - cpu: "100m" - memory: "512M" - limits: - cpu: "1000m" - memory: "512M" - -# Request smaller persistent volumes. -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "local-path" - resources: - requests: - storage: 100M diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values.yaml deleted file mode 100644 index 500ad4b..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/kubernetes-kind/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Permit co-located instances for solitary minikube virtual machines. -antiAffinity: "soft" - -# Shrink default JVM heap. -esJavaOpts: "-Xmx128m -Xms128m" - -# Allocate smaller chunks of memory per pod. -resources: - requests: - cpu: "100m" - memory: "512M" - limits: - cpu: "1000m" - memory: "512M" - -# Request smaller persistent volumes. -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "local-path" - resources: - requests: - storage: 100M diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/Makefile deleted file mode 100644 index 2c7d3d3..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test - -RELEASE := helm-es-microk8s - -install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ - -test: install - helm test $(RELEASE) - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/README.md deleted file mode 100644 index 75adcd8..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# MicroK8S - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster on [MicroK8S][] -using [custom values][]. - -Note that this configuration should be used for test only and isn't recommended -for production. - - -## Requirements - -The following MicroK8S [addons][] need to be enabled: -- `dns` -- `helm` -- `storage` - - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - - -[addons]: https://microk8s.io/docs/addons -[custom values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/microk8s/values.yaml -[MicroK8S]: https://microk8s.io diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/values.yaml deleted file mode 100644 index 2627ecb..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/microk8s/values.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Disable privileged init Container creation. -sysctlInitContainer: - enabled: false - -# Restrict the use of the memory-mapping when sysctlInitContainer is disabled. -esConfig: - elasticsearch.yml: | - node.store.allow_mmap: false - -# Permit co-located instances for solitary minikube virtual machines. -antiAffinity: "soft" - -# Shrink default JVM heap. -esJavaOpts: "-Xmx128m -Xms128m" - -# Allocate smaller chunks of memory per pod. -resources: - requests: - cpu: "100m" - memory: "512M" - limits: - cpu: "1000m" - memory: "512M" - -# Request smaller persistent volumes. -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "microk8s-hostpath" - resources: - requests: - storage: 100M diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/Makefile deleted file mode 100644 index 3b1dac1..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -PREFIX := helm-es-migration - -data: - helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../ - -master: - helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../ - -client: - helm upgrade --wait --timeout=600 --install --values ./client.yml $(PREFIX)-client ../../ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/README.md deleted file mode 100644 index ef53664..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/README.md +++ /dev/null @@ -1,167 +0,0 @@ -# Migration Guide from helm/charts - -There are two viable options for migrating from the community Elasticsearch Helm -chart from the [helm/charts][] repo. - -1. Restoring from Snapshot to a fresh cluster -2. Live migration by joining a new cluster to the existing cluster. - -## Restoring from Snapshot - -This is the recommended and preferred option. The downside is that it will -involve a period of write downtime during the migration. If you have a way to -temporarily stop writes to your cluster then this is the way to go. This is also -a lot simpler as it just involves launching a fresh cluster and restoring a -snapshot following the [restoring to a different cluster guide][]. - -## Live migration - -If restoring from a snapshot is not possible due to the write downtime then a -live migration is also possible. It is very important to first test this in a -testing environment to make sure you are comfortable with the process and fully -understand what is happening. - -This process will involve joining a new set of master, data and client nodes to -an existing cluster that has been deployed using the [helm/charts][] community -chart. Nodes will then be replaced one by one in a controlled fashion to -decommission the old cluster. - -This example will be using the default values for the existing helm/charts -release and for the Elastic helm-charts release. If you have changed any of the -default values then you will need to first make sure that your values are -configured in a compatible way before starting the migration. - -The process will involve a re-sync and a rolling restart of all of your data -nodes. Therefore it is important to disable shard allocation and perform a synced -flush like you normally would during any other rolling upgrade. See the -[rolling upgrades guide][] for more information. - -* The default image for this chart is -`docker.elastic.co/elasticsearch/elasticsearch` which contains the default -distribution of Elasticsearch with a [basic license][]. Make sure to update the -`image` and `imageTag` values to the correct Docker image and Elasticsearch -version that you currently have deployed. - -* Convert your current helm/charts configuration into something that is -compatible with this chart. - -* Take a fresh snapshot of your cluster. If something goes wrong you want to be -able to restore your data no matter what. - -* Check that your clusters health is green. If not abort and make sure your -cluster is healthy before continuing: - - ``` - curl localhost:9200/_cluster/health - ``` - -* Deploy new data nodes which will join the existing cluster. Take a look at the -configuration in [data.yml][]: - - ``` - make data - ``` - -* Check that the new nodes have joined the cluster (run this and any other curl -commands from within one of your pods): - - ``` - curl localhost:9200/_cat/nodes - ``` - -* Check that your cluster is still green. If so we can now start to scale down -the existing data nodes. Assuming you have the default amount of data nodes (2) -we now want to scale it down to 1: - - ``` - kubectl scale statefulsets my-release-elasticsearch-data --replicas=1 - ``` - -* Wait for your cluster to become green again: - - ``` - watch 'curl -s localhost:9200/_cluster/health' - ``` - -* Once the cluster is green we can scale down again: - - ``` - kubectl scale statefulsets my-release-elasticsearch-data --replicas=0 - ``` - -* Wait for the cluster to be green again. -* OK. We now have all data nodes running in the new cluster. Time to replace the -masters by firstly scaling down the masters from 3 to 2. Between each step make -sure to wait for the cluster to become green again, and check with -`curl localhost:9200/_cat/nodes` that you see the correct amount of master -nodes. During this process we will always make sure to keep at least 2 master -nodes as to not lose quorum: - - ``` - kubectl scale statefulsets my-release-elasticsearch-master --replicas=2 - ``` - -* Now deploy a single new master so that we have 3 masters again. See -[master.yml][] for the configuration: - - ``` - make master - ``` - -* Scale down old masters to 1: - - ``` - kubectl scale statefulsets my-release-elasticsearch-master --replicas=1 - ``` - -* Edit the masters in [masters.yml][] to 2 and redeploy: - - ``` - make master - ``` - -* Scale down the old masters to 0: - - ``` - kubectl scale statefulsets my-release-elasticsearch-master --replicas=0 - ``` - -* Edit the [masters.yml][] to have 3 replicas and remove the -`discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the -masters. This will make sure all 3 masters are running in the new cluster and -are pointing at each other for discovery: - - ``` - make master - ``` - -* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then -redeploy the data nodes to make sure they are pointing at the new masters: - - ``` - make data - ``` - -* Deploy the client nodes: - - ``` - make client - ``` - -* Update any processes that are talking to the existing client nodes and point -them to the new client nodes. Once this is done you can scale down the old -client nodes: - - ``` - kubectl scale deployment my-release-elasticsearch-client --replicas=0 - ``` - -* The migration should now be complete. After verifying that everything is -working correctly you can cleanup leftover resources from your old cluster. - -[basic license]: https://www.elastic.co/subscriptions -[data.yml]: https://github.com/elastic/helm-charts/blob/7.8/elasticsearch/examples/migration/data.yml -[helm/charts]: https://github.com/helm/charts/tree/master/stable/elasticsearch -[master.yml]: https://github.com/elastic/helm-charts/blob/7.8/elasticsearch/examples/migration/master.yml -[restoring to a different cluster guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.6/modules-snapshots.html#_restoring_to_a_different_cluster -[rolling upgrades guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.6/rolling-upgrades.html diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/client.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/client.yml deleted file mode 100644 index 30ee700..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/client.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -replicas: 2 - -clusterName: "elasticsearch" -nodeGroup: "client" - -esMajorVersion: 6 - -roles: - master: "false" - ingest: "false" - data: "false" - -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 1Gi # Currently needed till pvcs are made optional - -persistence: - enabled: false diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/data.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/data.yml deleted file mode 100644 index eedcbb0..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/data.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -replicas: 2 - -esMajorVersion: 6 - -extraEnvs: - - name: discovery.zen.ping.unicast.hosts - value: "my-release-elasticsearch-discovery" - -clusterName: "elasticsearch" -nodeGroup: "data" - -roles: - master: "false" - ingest: "false" - data: "true" diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/master.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/master.yml deleted file mode 100644 index 3e3a2f1..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/migration/master.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -# Temporarily set to 3 so we can scale up/down the old a new cluster -# one at a time whilst always keeping 3 masters running -replicas: 1 - -esMajorVersion: 6 - -extraEnvs: - - name: discovery.zen.ping.unicast.hosts - value: "my-release-elasticsearch-discovery" - -clusterName: "elasticsearch" -nodeGroup: "master" - -roles: - master: "true" - ingest: "false" - data: "false" - -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 4Gi diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/Makefile deleted file mode 100644 index 97109ce..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test - -RELEASE := helm-es-minikube - -install: - helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../ - -test: install - helm test $(RELEASE) - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/README.md deleted file mode 100644 index e016987..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Minikube - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster on [Minikube][] -using [custom values][]. - -If helm or kubectl timeouts occur, you may consider creating a minikube VM with -more CPU cores or memory allocated. - -Note that this configuration should be used for test only and isn't recommended -for production. - - -## Requirements - -In order to properly support the required persistent volume claims for the -Elasticsearch StatefulSet, the `default-storageclass` and `storage-provisioner` -minikube addons must be enabled. - -``` -minikube addons enable default-storageclass -minikube addons enable storage-provisioner -``` - - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - - -[custom values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/minikube/values.yaml -[minikube]: https://minikube.sigs.k8s.io/docs/ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/values.yaml deleted file mode 100644 index ccceb3a..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/minikube/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Permit co-located instances for solitary minikube virtual machines. -antiAffinity: "soft" - -# Shrink default JVM heap. -esJavaOpts: "-Xmx128m -Xms128m" - -# Allocate smaller chunks of memory per pod. -resources: - requests: - cpu: "100m" - memory: "512M" - limits: - cpu: "1000m" - memory: "512M" - -# Request smaller persistent volumes. -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "standard" - resources: - requests: - storage: 100M diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/Makefile deleted file mode 100644 index 836ec2e..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -PREFIX := helm-es-multi -RELEASE := helm-es-multi-master - -install: - helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../ - helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../ - -test: install goss - -purge: - helm del --purge $(PREFIX)-master - helm del --purge $(PREFIX)-data diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/README.md deleted file mode 100644 index f27cade..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Multi - -This example deploy an Elasticsearch 7.8.1 cluster composed of 2 different Helm -releases: - -- `helm-es-multi-master` for the 3 master nodes using [master values][] -- `helm-es-multi-data` for the 3 data nodes using [data values][] - -## Usage - -* Deploy the 2 Elasticsearch releases: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/multi-master 9200 - curl -u elastic:changeme http://localhost:9200/_cat/indices - ``` - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[data values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/multi/data.yml -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/multi/test/goss.yaml -[master values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/multi/master.yml diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/data.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/data.yml deleted file mode 100644 index ecc6893..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/data.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -clusterName: "multi" -nodeGroup: "data" - -roles: - master: "false" - ingest: "true" - data: "true" diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/master.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/master.yml deleted file mode 100644 index 2ca4cca..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/master.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -clusterName: "multi" -nodeGroup: "master" - -roles: - master: "true" - ingest: "false" - data: "false" diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/test/goss.yaml deleted file mode 100644 index 18cb250..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/multi/test/goss.yaml +++ /dev/null @@ -1,9 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"cluster_name":"multi"' - - '"number_of_nodes":6' - - '"number_of_data_nodes":3' diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/Makefile deleted file mode 100644 index 6e49591..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := elasticsearch - -template: - helm template --values ./values.yaml ../../ - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/README.md deleted file mode 100644 index 73a3760..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# OpenShift - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster on [OpenShift][] -using [custom values][]. - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/elasticsearch-master 9200 - curl localhost:9200/_cat/indices - ``` - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[custom values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/openshift/values.yaml -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/openshift/test/goss.yaml -[openshift]: https://www.openshift.com/ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/test/goss.yaml deleted file mode 100644 index dd3dc71..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/test/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "7.8.1"' - - '"cluster_name" : "elasticsearch"' - - '"name" : "elasticsearch-master-0"' - - 'You Know, for Search' diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/values.yaml deleted file mode 100644 index 8a21126..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/openshift/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -securityContext: - runAsUser: null - -podSecurityContext: - fsGroup: null - runAsUser: null - -sysctlInitContainer: - enabled: false diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/Makefile deleted file mode 100644 index e274659..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -default: test -include ../../../helpers/examples.mk - -RELEASE := helm-es-oss - -install: - helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ - -test: install goss - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/README.md deleted file mode 100644 index fd2aad9..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# OSS - -This example deploy a 3 nodes Elasticsearch 7.8.1 cluster using -[Elasticsearch OSS][] version. - -## Usage - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/oss-master 9200 - curl localhost:9200/_cat/indices - ``` - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[elasticsearch oss]: https://www.elastic.co/downloads/elasticsearch-oss -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/oss/test/goss.yaml diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/test/goss.yaml deleted file mode 100644 index e0f10c4..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/test/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "7.8.1"' - - '"cluster_name" : "oss"' - - '"name" : "oss-master-0"' - - 'You Know, for Search' diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/values.yaml deleted file mode 100644 index adcb7df..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/oss/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -clusterName: "oss" -image: "docker.elastic.co/elasticsearch/elasticsearch-oss" diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/security/Makefile deleted file mode 100644 index 46f0ee7..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-es-security -ELASTICSEARCH_IMAGE := docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) - -install: - helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ - -purge: - kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem || true - helm del --purge $(RELEASE) - -test: secrets install goss - -pull-elasticsearch-image: - docker pull $(ELASTICSEARCH_IMAGE) - -secrets: - docker rm -f elastic-helm-charts-certs || true - rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 || true - password=$$([ ! -z "$$ELASTIC_PASSWORD" ] && echo $$ELASTIC_PASSWORD || echo $$(docker run --rm busybox:1.31.1 /bin/sh -c "< /dev/urandom tr -cd '[:alnum:]' | head -c20")) && \ - docker run --name elastic-helm-charts-certs -i -w /app \ - $(ELASTICSEARCH_IMAGE) \ - /bin/sh -c " \ - elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \ - elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12" && \ - docker cp elastic-helm-charts-certs:/app/elastic-certificates.p12 ./ && \ - docker rm -f elastic-helm-charts-certs && \ - openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \ - openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \ - kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \ - kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \ - kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt && \ - kubectl create secret generic elastic-credentials --from-literal=password=$$password --from-literal=username=elastic && \ - rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/security/README.md deleted file mode 100644 index 0b94139..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Security - -This example deploy a 3 nodes Elasticsearch 7.8.1 with authentication and -autogenerated certificates for TLS (see [values][]). - -Note that this configuration should be used for test only. For a production -deployment you should generate SSL certificates following the [official docs][]. - -## Usage - -* Create the required secrets: `make secrets` - -* Deploy Elasticsearch chart with the default values: `make install` - -* You can now setup a port forward to query Elasticsearch API: - - ``` - kubectl port-forward svc/security-master 9200 - curl -u elastic:changeme https://localhost:9200/_cat/indices - ``` - -## Testing - -You can also run [goss integration tests][] using `make test` - - -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/security/test/goss.yaml -[official docs]: https://www.elastic.co/guide/en/elasticsearch/reference/7.8/configuring-tls.html#node-certificates -[values]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/security/security.yaml diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/security.yml b/rds/base/charts/jaeger/charts/elasticsearch/examples/security/security.yml deleted file mode 100644 index 04d932c..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/security.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -clusterName: "security" -nodeGroup: "master" - -roles: - master: "true" - ingest: "true" - data: "true" - -protocol: https - -esConfig: - elasticsearch.yml: | - xpack.security.enabled: true - xpack.security.transport.ssl.enabled: true - xpack.security.transport.ssl.verification_mode: certificate - xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 - xpack.security.http.ssl.enabled: true - xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 - xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 - -extraEnvs: - - name: ELASTIC_PASSWORD - valueFrom: - secretKeyRef: - name: elastic-credentials - key: password - - name: ELASTIC_USERNAME - valueFrom: - secretKeyRef: - name: elastic-credentials - key: username - -secretMounts: - - name: elastic-certificates - secretName: elastic-certificates - path: /usr/share/elasticsearch/config/certs diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/security/test/goss.yaml deleted file mode 100644 index c6d4b98..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/security/test/goss.yaml +++ /dev/null @@ -1,45 +0,0 @@ -http: - https://security-master:9200/_cluster/health: - status: 200 - timeout: 2000 - allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - https://localhost:9200/: - status: 200 - timeout: 2000 - allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' - body: - - '"cluster_name" : "security"' - - '"name" : "security-master-0"' - - 'You Know, for Search' - - https://localhost:9200/_xpack/license: - status: 200 - timeout: 2000 - allow-insecure: true - username: '{{ .Env.ELASTIC_USERNAME }}' - password: '{{ .Env.ELASTIC_PASSWORD }}' - body: - - 'active' - - 'basic' - -file: - /usr/share/elasticsearch/config/elasticsearch.yml: - exists: true - contains: - - 'xpack.security.enabled: true' - - 'xpack.security.transport.ssl.enabled: true' - - 'xpack.security.transport.ssl.verification_mode: certificate' - - 'xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.http.ssl.enabled: true' - - 'xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' - - 'xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12' diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/Makefile b/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/Makefile deleted file mode 100644 index f890d50..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -default: test - -include ../../../helpers/examples.mk - -RELEASE := helm-es-upgrade - -install: - ./scripts/upgrade.sh --release $(RELEASE) - -init: - helm init --client-only - -test: init install goss - -purge: - helm del --purge $(RELEASE) diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/README.md b/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/README.md deleted file mode 100644 index def17dd..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Upgrade - -This example will deploy a 3 node Elasticsearch cluster using an old chart version, -then upgrade it to version 7.8.1. - -The following upgrades are tested: -- Upgrade from [7.0.0-alpha1][] version on K8S <1.16 -- Upgrade from [7.4.0][] version on K8S >=1.16 (Elasticsearch chart < 7.4.0 are -not compatible with K8S >= 1.16) - - -## Usage - -Running `make install` command will do first install and 7.8.1 upgrade. - -Note: [jq][] is a requirement for this make target. - - -## Testing - -You can also run [goss integration tests][] using `make test`. - - -[7.0.0-alpha1]: https://github.com/elastic/helm-charts/releases/tag/7.0.0-alpha1 -[7.4.0]: https://github.com/elastic/helm-charts/releases/tag/7.4.0 -[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.8/elasticsearch/examples/upgrade/test/goss.yaml -[jq]: https://stedolan.github.io/jq/ diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/scripts/upgrade.sh b/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/scripts/upgrade.sh deleted file mode 100644 index 6d0aa9f..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/scripts/upgrade.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -usage() { - cat <<-EOF - USAGE: - $0 [--release ] [--from ] - $0 --help - - OPTIONS: - --release - Name of the Helm release to install - --from - Elasticsearch version to use for first install - EOF - exit 1 -} - -RELEASE="helm-es-upgrade" -FROM="" - -while [[ $# -gt 0 ]] -do - key="$1" - - case $key in - --help) - usage - ;; - --release) - RELEASE="$2" - shift 2 - ;; - --from) - FROM="$2" - shift 2 - ;; - *) - log "Unrecognized argument: '$key'" - usage - ;; - esac -done - -if ! command -v jq > /dev/null -then - echo 'jq is required to use this script' - echo 'please check https://stedolan.github.io/jq/download/ to install it' - exit 1 -fi - -# Elasticsearch chart < 7.4.0 are not compatible with K8S >= 1.16) -if [[ -z $FROM ]] -then - KUBE_MINOR_VERSION=$(kubectl version -o json | jq --raw-output --exit-status '.serverVersion.minor' | sed 's/[^0-9]*//g') - - if [ "$KUBE_MINOR_VERSION" -lt 16 ] - then - FROM="7.0.0-alpha1" - else - FROM="7.4.0" - fi -fi - -helm repo add elastic https://helm.elastic.co - -# Initial install -printf "Installing Elasticsearch chart %s\n" "$FROM" -helm upgrade --wait --timeout=600 --install "$RELEASE" elastic/elasticsearch --version "$FROM" --set clusterName=upgrade -kubectl rollout status sts/upgrade-master --timeout=600s - -# Upgrade -printf "Upgrading Elasticsearch chart\n" -helm upgrade --wait --timeout=600 --set terminationGracePeriod=121 --install "$RELEASE" ../../ --set clusterName=upgrade -kubectl rollout status sts/upgrade-master --timeout=600s diff --git a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/test/goss.yaml b/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/test/goss.yaml deleted file mode 100644 index c060b8b..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/examples/upgrade/test/goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -http: - http://localhost:9200/_cluster/health: - status: 200 - timeout: 2000 - body: - - 'green' - - '"number_of_nodes":3' - - '"number_of_data_nodes":3' - - http://localhost:9200: - status: 200 - timeout: 2000 - body: - - '"number" : "7.8.1"' - - '"cluster_name" : "upgrade"' - - '"name" : "upgrade-master-0"' - - 'You Know, for Search' diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/NOTES.txt b/rds/base/charts/jaeger/charts/elasticsearch/templates/NOTES.txt deleted file mode 100644 index 3841ada..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -1. Watch all cluster members come up. - $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w -2. Test cluster health using Helm test. - $ helm test {{ .Release.Name }} --cleanup diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/_helpers.tpl b/rds/base/charts/jaeger/charts/elasticsearch/templates/_helpers.tpl deleted file mode 100644 index 87783da..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/_helpers.tpl +++ /dev/null @@ -1,87 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "elasticsearch.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "elasticsearch.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "elasticsearch.uname" -}} -{{- if empty .Values.fullnameOverride -}} -{{- if empty .Values.nameOverride -}} -{{ .Values.clusterName }}-{{ .Values.nodeGroup }} -{{- else -}} -{{ .Values.nameOverride }}-{{ .Values.nodeGroup }} -{{- end -}} -{{- else -}} -{{ .Values.fullnameOverride }} -{{- end -}} -{{- end -}} - -{{- define "elasticsearch.masterService" -}} -{{- if empty .Values.masterService -}} -{{- if empty .Values.fullnameOverride -}} -{{- if empty .Values.nameOverride -}} -{{ .Values.clusterName }}-master -{{- else -}} -{{ .Values.nameOverride }}-master -{{- end -}} -{{- else -}} -{{ .Values.fullnameOverride }} -{{- end -}} -{{- else -}} -{{ .Values.masterService }} -{{- end -}} -{{- end -}} - -{{- define "elasticsearch.endpoints" -}} -{{- $replicas := int (toString (.Values.replicas)) }} -{{- $uname := (include "elasticsearch.uname" .) }} - {{- range $i, $e := untilStep 0 $replicas 1 -}} -{{ $uname }}-{{ $i }}, - {{- end -}} -{{- end -}} - -{{- define "elasticsearch.esMajorVersion" -}} -{{- if .Values.esMajorVersion -}} -{{ .Values.esMajorVersion }} -{{- else -}} -{{- $version := int (index (.Values.imageTag | splitList ".") 0) -}} - {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.image) (not (eq $version 0)) -}} -{{ $version }} - {{- else -}} -7 - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "elasticsearch.statefulset.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "elasticsearch.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/configmap.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/configmap.yaml deleted file mode 100644 index 93285a0..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.esConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "elasticsearch.uname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" -data: -{{- range $path, $config := .Values.esConfig }} - {{ $path }}: | -{{ $config | indent 4 -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/ingress.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/ingress.yaml deleted file mode 100644 index ddb84fc..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "elasticsearch.uname" . -}} -{{- $servicePort := .Values.httpPort -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "elasticsearch.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} - http: - paths: - - path: {{ $ingressPath }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/poddisruptionbudget.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/poddisruptionbudget.yaml deleted file mode 100644 index a4dfe0f..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -{{- if .Values.maxUnavailable }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "elasticsearch.uname" . }}-pdb" - namespace: {{ .Release.Namespace }} -spec: - maxUnavailable: {{ .Values.maxUnavailable }} - selector: - matchLabels: - app: "{{ template "elasticsearch.uname" . }}" -{{- end }} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/podsecuritypolicy.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/podsecuritypolicy.yaml deleted file mode 100644 index f570c90..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.podSecurityPolicy.create -}} -{{- $fullName := include "elasticsearch.uname" . -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: {{ $fullName | quote }} -spec: -{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/role.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/role.yaml deleted file mode 100644 index 1d51d3f..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- $fullName := include "elasticsearch.uname" . -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $fullName | quote }} - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: {{ $fullName | quote }} -rules: - - apiGroups: - - extensions - resources: - - podsecuritypolicies - resourceNames: - {{- if eq .Values.podSecurityPolicy.name "" }} - - {{ $fullName | quote }} - {{- else }} - - {{ .Values.podSecurityPolicy.name | quote }} - {{- end }} - verbs: - - use -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/rolebinding.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/rolebinding.yaml deleted file mode 100644 index ad8304c..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/rolebinding.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- $fullName := include "elasticsearch.uname" . -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $fullName | quote }} - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: {{ $fullName | quote }} -subjects: - - kind: ServiceAccount - {{- if eq .Values.rbac.serviceAccountName "" }} - name: {{ $fullName | quote }} - {{- else }} - name: {{ .Values.rbac.serviceAccountName | quote }} - {{- end }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ $fullName | quote }} - apiGroup: rbac.authorization.k8s.io -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/service.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/service.yaml deleted file mode 100644 index d022a63..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/service.yaml +++ /dev/null @@ -1,73 +0,0 @@ ---- -kind: Service -apiVersion: v1 -metadata: -{{- if eq .Values.nodeGroup "master" }} - name: {{ template "elasticsearch.masterService" . }} -{{- else }} - name: {{ template "elasticsearch.uname" . }} -{{- end }} - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4}} -{{- end }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -spec: - type: {{ .Values.service.type }} - selector: - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" - ports: - - name: {{ .Values.service.httpPortName | default "http" }} - protocol: TCP - port: {{ .Values.httpPort }} -{{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} - - name: {{ .Values.service.transportPortName | default "transport" }} - protocol: TCP - port: {{ .Values.transportPort }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} ---- -kind: Service -apiVersion: v1 -metadata: -{{- if eq .Values.nodeGroup "master" }} - name: {{ template "elasticsearch.masterService" . }}-headless -{{- else }} - name: {{ template "elasticsearch.uname" . }}-headless -{{- end }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" -{{- if .Values.service.labelsHeadless }} -{{ toYaml .Values.service.labelsHeadless | indent 4 }} -{{- end }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve - # Create endpoints also if the related pod isn't ready - publishNotReadyAddresses: true - selector: - app: "{{ template "elasticsearch.uname" . }}" - ports: - - name: {{ .Values.service.httpPortName | default "http" }} - port: {{ .Values.httpPort }} - - name: {{ .Values.service.transportPortName | default "transport" }} - port: {{ .Values.transportPort }} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/serviceaccount.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/serviceaccount.yaml deleted file mode 100644 index 0d74077..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- $fullName := include "elasticsearch.uname" . -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- if eq .Values.rbac.serviceAccountName "" }} - name: {{ $fullName | quote }} - {{- else }} - name: {{ .Values.rbac.serviceAccountName | quote }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- with .Values.rbac.serviceAccountAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: {{ $fullName | quote }} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/statefulset.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/statefulset.yaml deleted file mode 100644 index 2277e16..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/statefulset.yaml +++ /dev/null @@ -1,430 +0,0 @@ ---- -apiVersion: {{ template "elasticsearch.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "elasticsearch.uname" . }} - namespace: {{ .Release.Namespace }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" - {{- range $key, $value := .Values.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}" -spec: - serviceName: {{ template "elasticsearch.uname" . }}-headless - selector: - matchLabels: - app: "{{ template "elasticsearch.uname" . }}" - replicas: {{ .Values.replicas }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - updateStrategy: - type: {{ .Values.updateStrategy }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ template "elasticsearch.uname" . }} - {{- if .Values.persistence.labels.enabled }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" - {{- range $key, $value := .Values.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- with .Values.persistence.annotations }} - annotations: -{{ toYaml . | indent 8 }} - {{- end }} - spec: -{{ toYaml .Values.volumeClaimTemplate | indent 6 }} - {{- end }} - template: - metadata: - name: "{{ template "elasticsearch.uname" . }}" - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}" - app: "{{ template "elasticsearch.uname" . }}" - {{- range $key, $value := .Values.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - annotations: - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{/* This forces a restart if the configmap has changed */}} - {{- if .Values.esConfig }} - configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - securityContext: -{{ toYaml .Values.podSecurityContext | indent 8 }} - {{- if .Values.fsGroup }} - fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup - {{- end }} - {{- if .Values.rbac.create }} - serviceAccountName: "{{ template "elasticsearch.uname" . }}" - {{- else if not (eq .Values.rbac.serviceAccountName "") }} - serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - affinity: - {{- end }} - {{- if eq .Values.antiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ template "elasticsearch.uname" .}}" - topologyKey: {{ .Values.antiAffinityTopologyKey }} - {{- else if eq .Values.antiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - topologyKey: {{ .Values.antiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ template "elasticsearch.uname" . }}" - {{- end }} - {{- with .Values.nodeAffinity }} - nodeAffinity: -{{ toYaml . | indent 10 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} - volumes: - {{- range .Values.secretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- if .defaultMode }} - defaultMode: {{ .defaultMode }} - {{- end }} - {{- end }} - {{- if .Values.esConfig }} - - name: esconfig - configMap: - name: {{ template "elasticsearch.uname" . }}-config - {{- end }} -{{- if .Values.keystore }} - - name: keystore - emptyDir: {} - {{- range .Values.keystore }} - - name: keystore-{{ .secretName }} - secret: {{ toYaml . | nindent 12 }} - {{- end }} -{{ end }} - {{- if .Values.extraVolumes }} - # Currently some extra blocks accept strings - # to continue with backwards compatibility this is being kept - # whilst also allowing for yaml to be specified too. - {{- if eq "string" (printf "%T" .Values.extraVolumes) }} -{{ tpl .Values.extraVolumes . | indent 8 }} - {{- else }} -{{ toYaml .Values.extraVolumes | indent 8 }} - {{- end }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - {{- if semverCompare ">1.13" .Capabilities.KubeVersion.GitVersion }} - enableServiceLinks: {{ .Values.enableServiceLinks }} - {{- end }} - initContainers: - {{- if .Values.sysctlInitContainer.enabled }} - - name: configure-sysctl - securityContext: - runAsUser: 0 - privileged: true - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"] - resources: -{{ toYaml .Values.initResources | indent 10 }} - {{- end }} -{{ if .Values.keystore }} - - name: keystore - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - command: - - sh - - -c - - | - #!/usr/bin/env bash - set -euo pipefail - - elasticsearch-keystore create - - for i in /tmp/keystoreSecrets/*/*; do - key=$(basename $i) - echo "Adding file $i to keystore key $key" - elasticsearch-keystore add-file "$key" "$i" - done - - # Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup - if [ ! -z ${ELASTIC_PASSWORD+x} ]; then - echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password' - echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password - fi - - cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/ - env: {{ toYaml .Values.extraEnvs | nindent 10 }} - envFrom: {{ toYaml .Values.envFrom | nindent 10 }} - resources: {{ toYaml .Values.initResources | nindent 10 }} - volumeMounts: - - name: keystore - mountPath: /tmp/keystore - {{- range .Values.keystore }} - - name: keystore-{{ .secretName }} - mountPath: /tmp/keystoreSecrets/{{ .secretName }} - {{- end }} -{{ end }} - {{- if .Values.extraInitContainers }} - # Currently some extra blocks accept strings - # to continue with backwards compatibility this is being kept - # whilst also allowing for yaml to be specified too. - {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} -{{ tpl .Values.extraInitContainers . | indent 6 }} - {{- else }} -{{ toYaml .Values.extraInitContainers | indent 6 }} - {{- end }} - {{- end }} - containers: - - name: "{{ template "elasticsearch.name" . }}" - securityContext: -{{ toYaml .Values.securityContext | indent 10 }} - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" ) - # Once it has started only check that the node itself is responding - START_FILE=/tmp/.es_start_file - - http () { - local path="${1}" - local args="${2}" - set -- -XGET -s - - if [ "$args" != "" ]; then - set -- "$@" $args - fi - - if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then - set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" - fi - - curl --output /dev/null -k "$@" "{{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}" - } - - if [ -f "${START_FILE}" ]; then - echo 'Elasticsearch is already running, lets check the node is healthy' - HTTP_CODE=$(http "/" "-w %{http_code}") - RC=$? - if [[ ${RC} -ne 0 ]]; then - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with RC ${RC}" - exit ${RC} - fi - # ready if HTTP code 200, 503 is tolerable if ES version is 6.x - if [[ ${HTTP_CODE} == "200" ]]; then - exit 0 - elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then - exit 0 - else - echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with HTTP code ${HTTP_CODE}" - exit 1 - fi - - else - echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' - if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" "--fail" ; then - touch ${START_FILE} - exit 0 - else - echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )' - exit 1 - fi - fi -{{ toYaml .Values.readinessProbe | indent 10 }} - ports: - - name: http - containerPort: {{ .Values.httpPort }} - - name: transport - containerPort: {{ .Values.transportPort }} - resources: -{{ toYaml .Values.resources | indent 10 }} - env: - - name: node.name - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if eq .Values.roles.master "true" }} - {{- if ge (int (include "elasticsearch.esMajorVersion" .)) 7 }} - - name: cluster.initial_master_nodes - value: "{{ template "elasticsearch.endpoints" . }}" - {{- else }} - - name: discovery.zen.minimum_master_nodes - value: "{{ .Values.minimumMasterNodes }}" - {{- end }} - {{- end }} - {{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }} - - name: discovery.zen.ping.unicast.hosts - value: "{{ template "elasticsearch.masterService" . }}-headless" - {{- else }} - - name: discovery.seed_hosts - value: "{{ template "elasticsearch.masterService" . }}-headless" - {{- end }} - - name: cluster.name - value: "{{ .Values.clusterName }}" - - name: network.host - value: "{{ .Values.networkHost }}" - - name: ES_JAVA_OPTS - value: "{{ .Values.esJavaOpts }}" - {{- range $role, $enabled := .Values.roles }} - - name: node.{{ $role }} - value: "{{ $enabled }}" - {{- end }} -{{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 10 }} -{{- end }} -{{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} -{{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: "{{ template "elasticsearch.uname" . }}" - mountPath: /usr/share/elasticsearch/data - {{- end }} -{{ if .Values.keystore }} - - name: keystore - mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore - subPath: elasticsearch.keystore -{{ end }} - {{- range .Values.secretMounts }} - - name: {{ .name }} - mountPath: {{ .path }} - {{- if .subPath }} - subPath: {{ .subPath }} - {{- end }} - {{- end }} - {{- range $path, $config := .Values.esConfig }} - - name: esconfig - mountPath: /usr/share/elasticsearch/config/{{ $path }} - subPath: {{ $path }} - {{- end -}} - {{- if .Values.extraVolumeMounts }} - # Currently some extra blocks accept strings - # to continue with backwards compatibility this is being kept - # whilst also allowing for yaml to be specified too. - {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} -{{ tpl .Values.extraVolumeMounts . | indent 10 }} - {{- else }} -{{ toYaml .Values.extraVolumeMounts | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.masterTerminationFix }} - {{- if eq .Values.roles.master "true" }} - # This sidecar will prevent slow master re-election - # https://github.com/elastic/helm-charts/issues/63 - - name: elasticsearch-master-graceful-termination-handler - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - command: - - "sh" - - -c - - | - #!/usr/bin/env bash - set -eo pipefail - - http () { - local path="${1}" - if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then - BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}" - else - BASIC_AUTH='' - fi - curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://{{ template "elasticsearch.masterService" . }}:{{ .Values.httpPort }}${path} - } - - cleanup () { - while true ; do - local master="$(http "/_cat/master?h=node" || echo "")" - if [[ $master == "{{ template "elasticsearch.masterService" . }}"* && $master != "${NODE_NAME}" ]]; then - echo "This node is not master." - break - fi - echo "This node is still master, waiting gracefully for it to step down" - sleep 1 - done - - exit 0 - } - - trap cleanup SIGTERM - - sleep infinity & - wait $! - resources: -{{ toYaml .Values.sidecarResources | indent 10 }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .Values.extraEnvs }} -{{ toYaml .Values.extraEnvs | indent 10 }} - {{- end }} - {{- if .Values.envFrom }} - envFrom: -{{ toYaml .Values.envFrom | indent 10 }} - {{- end }} - {{- end }} - {{- end }} -{{- if .Values.lifecycle }} - lifecycle: -{{ toYaml .Values.lifecycle | indent 10 }} -{{- end }} - {{- if .Values.extraContainers }} - # Currently some extra blocks accept strings - # to continue with backwards compatibility this is being kept - # whilst also allowing for yaml to be specified too. - {{- if eq "string" (printf "%T" .Values.extraContainers) }} -{{ tpl .Values.extraContainers . | indent 6 }} - {{- else }} -{{ toYaml .Values.extraContainers | indent 6 }} - {{- end }} - {{- end }} diff --git a/rds/base/charts/jaeger/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml b/rds/base/charts/jaeger/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml deleted file mode 100644 index a278b14..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" - annotations: - "helm.sh/hook": test-success -spec: - securityContext: -{{ toYaml .Values.podSecurityContext | indent 4 }} - containers: - - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test" - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - command: - - "sh" - - "-c" - - | - #!/usr/bin/env bash -e - curl -XGET --fail '{{ template "elasticsearch.uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}' - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 4 }} - {{- end }} - restartPolicy: Never diff --git a/rds/base/charts/jaeger/charts/elasticsearch/values.yaml b/rds/base/charts/jaeger/charts/elasticsearch/values.yaml deleted file mode 100644 index 284ea67..0000000 --- a/rds/base/charts/jaeger/charts/elasticsearch/values.yaml +++ /dev/null @@ -1,277 +0,0 @@ ---- -clusterName: "elasticsearch" -nodeGroup: "master" - -# The service that non master groups will try to connect to when joining the cluster -# This should be set to clusterName + "-" + nodeGroup for your master group -masterService: "" - -# Elasticsearch roles that will be applied to this nodeGroup -# These will be set as environment variables. E.g. node.master=true -roles: - master: "true" - ingest: "true" - data: "true" - -replicas: 3 -minimumMasterNodes: 2 - -esMajorVersion: "" - -# Allows you to add any config files in /usr/share/elasticsearch/config/ -# such as elasticsearch.yml and log4j2.properties -esConfig: {} -# elasticsearch.yml: | -# key: -# nestedkey: value -# log4j2.properties: | -# key = value - -# Extra environment variables to append to this nodeGroup -# This will be appended to the current 'env:' key. You can use any of the kubernetes env -# syntax here -extraEnvs: [] -# - name: MY_ENVIRONMENT_VAR -# value: the_value_goes_here - -# Allows you to load environment variables from kubernetes secret or config map -envFrom: [] -# - secretRef: -# name: env-secret -# - configMapRef: -# name: config-map - -# A list of secrets and their paths to mount inside the pod -# This is useful for mounting certificates for security and for mounting -# the X-Pack license -secretMounts: [] -# - name: elastic-certificates -# secretName: elastic-certificates -# path: /usr/share/elasticsearch/config/certs -# defaultMode: 0755 - -image: "docker.elastic.co/elasticsearch/elasticsearch" -imageTag: "7.8.1" -imagePullPolicy: "IfNotPresent" - -podAnnotations: {} - # iam.amazonaws.com/role: es-cluster - -# additionals labels -labels: {} - -esJavaOpts: "-Xmx1g -Xms1g" - -resources: - requests: - cpu: "1000m" - memory: "2Gi" - limits: - cpu: "1000m" - memory: "2Gi" - -initResources: {} - # limits: - # cpu: "25m" - # # memory: "128Mi" - # requests: - # cpu: "25m" - # memory: "128Mi" - -sidecarResources: {} - # limits: - # cpu: "25m" - # # memory: "128Mi" - # requests: - # cpu: "25m" - # memory: "128Mi" - -networkHost: "0.0.0.0" - -volumeClaimTemplate: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 30Gi - -rbac: - create: false - serviceAccountAnnotations: {} - serviceAccountName: "" - -podSecurityPolicy: - create: false - name: "" - spec: - privileged: true - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - configMap - - persistentVolumeClaim - -persistence: - enabled: true - labels: - # Add default labels for the volumeClaimTemplate fo the StatefulSet - enabled: false - annotations: {} - -extraVolumes: [] - # - name: extras - # emptyDir: {} - -extraVolumeMounts: [] - # - name: extras - # mountPath: /usr/share/extras - # readOnly: true - -extraContainers: [] - # - name: do-something - # image: busybox - # command: ['do', 'something'] - -extraInitContainers: [] - # - name: do-something - # image: busybox - # command: ['do', 'something'] - -# This is the PriorityClass settings as defined in -# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" - -# By default this will make sure two pods don't end up on the same node -# Changing this to a region would allow you to spread pods across regions -antiAffinityTopologyKey: "kubernetes.io/hostname" - -# Hard means that by default pods will only be scheduled if there are enough nodes for them -# and that they will never end up on the same node. Setting this to soft will do this "best effort" -antiAffinity: "hard" - -# This is the node affinity settings as defined in -# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature -nodeAffinity: {} - -# The default is to deploy all pods serially. By setting this to parallel all pods are started at -# the same time when bootstrapping the cluster -podManagementPolicy: "Parallel" - -# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when -# there are many services in the current namespace. -# If you experience slow pod startups you probably want to set this to `false`. -enableServiceLinks: true - -protocol: http -httpPort: 9200 -transportPort: 9300 - -service: - labels: {} - labelsHeadless: {} - type: ClusterIP - nodePort: "" - annotations: {} - httpPortName: http - transportPortName: transport - loadBalancerIP: "" - loadBalancerSourceRanges: [] - -updateStrategy: RollingUpdate - -# This is the max unavailable setting for the pod disruption budget -# The default value of 1 will make sure that kubernetes won't allow more than 1 -# of your pods to be unavailable during maintenance -maxUnavailable: 1 - -podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 - -securityContext: - capabilities: - drop: - - ALL - # readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - -# How long to wait for elasticsearch to stop gracefully -terminationGracePeriod: 120 - -sysctlVmMaxMapCount: 262144 - -readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 3 - timeoutSeconds: 5 - -# https://www.elastic.co/guide/en/elasticsearch/reference/7.8/cluster-health.html#request-params wait_for_status -clusterHealthCheckParams: "wait_for_status=green&timeout=1s" - -## Use an alternate scheduler. -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" - -imagePullSecrets: [] -nodeSelector: {} -tolerations: [] - -# Enabling this will publically expose your Elasticsearch instance. -# Only enable this if you have security enabled on your cluster -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - path: / - hosts: - - chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -nameOverride: "" -fullnameOverride: "" - -# https://github.com/elastic/helm-charts/issues/63 -masterTerminationFix: false - -lifecycle: {} - # preStop: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] - # postStart: - # exec: - # command: - # - bash - # - -c - # - | - # #!/bin/bash - # # Add a template to adjust number of shards/replicas - # TEMPLATE_NAME=my_template - # INDEX_PATTERN="logstash-*" - # SHARD_COUNT=8 - # REPLICA_COUNT=1 - # ES_URL=http://localhost:9200 - # while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done - # curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}' - -sysctlInitContainer: - enabled: true - -keystore: [] - -# Deprecated -# please use the above podSecurityContext.fsGroup instead -fsGroup: "" diff --git a/rds/base/charts/jaeger/charts/kafka-0.20.6.tgz b/rds/base/charts/jaeger/charts/kafka-0.20.6.tgz deleted file mode 100644 index d8fa005..0000000 Binary files a/rds/base/charts/jaeger/charts/kafka-0.20.6.tgz and /dev/null differ diff --git a/rds/base/charts/jaeger/charts/kafka/.helmignore b/rds/base/charts/jaeger/charts/kafka/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/jaeger/charts/kafka/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/jaeger/charts/kafka/Chart.yaml b/rds/base/charts/jaeger/charts/kafka/Chart.yaml deleted file mode 100644 index ca65043..0000000 --- a/rds/base/charts/jaeger/charts/kafka/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -appVersion: 5.0.1 -description: Apache Kafka is publish-subscribe messaging rethought as a distributed - commit log. -home: https://kafka.apache.org/ -icon: https://kafka.apache.org/images/logo.png -keywords: -- kafka -- zookeeper -- kafka statefulset -maintainers: -- email: faraaz@rationalizeit.us - name: faraazkhan -- email: marc.villacorta@gmail.com - name: h0tbird -- email: ben@spothero.com - name: benjigoldberg -name: kafka -sources: -- https://github.com/kubernetes/charts/tree/master/incubator/zookeeper -- https://github.com/Yolean/kubernetes-kafka -- https://github.com/confluentinc/cp-docker-images -- https://github.com/apache/kafka -version: 0.21.2 diff --git a/rds/base/charts/jaeger/charts/kafka/OWNERS b/rds/base/charts/jaeger/charts/kafka/OWNERS deleted file mode 100644 index 0ed92ba..0000000 --- a/rds/base/charts/jaeger/charts/kafka/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -approvers: -- benjigoldberg -reviewers: -- benjigoldberg diff --git a/rds/base/charts/jaeger/charts/kafka/README.md b/rds/base/charts/jaeger/charts/kafka/README.md deleted file mode 100644 index d0011e0..0000000 --- a/rds/base/charts/jaeger/charts/kafka/README.md +++ /dev/null @@ -1,434 +0,0 @@ -# Apache Kafka Helm Chart - -This is an implementation of Kafka StatefulSet found here: - - * https://github.com/Yolean/kubernetes-kafka - -## Pre Requisites: - -* Kubernetes 1.3 with alpha APIs enabled and support for storage classes - -* PV support on underlying infrastructure - -* Requires at least `v2.0.0-beta.1` version of helm to support - dependency management with requirements.yaml - -## StatefulSet Details - -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - -## StatefulSet Caveats - -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - -## Chart Details - -This chart will do the following: - -* Implement a dynamically scalable kafka cluster using Kubernetes StatefulSets - -* Implement a dynamically scalable zookeeper cluster as another Kubernetes StatefulSet required for the Kafka cluster above - -* Expose Kafka protocol endpoints via NodePort services (optional) - -### Installing the Chart - -To install the chart with the release name `my-kafka` in the default -namespace: - -``` -$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator -$ helm install --name my-kafka incubator/kafka -``` - -If using a dedicated namespace(recommended) then make sure the namespace -exists with: - -``` -$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator -$ kubectl create ns kafka -$ helm install --name my-kafka --namespace kafka incubator/kafka -``` - -This chart includes a ZooKeeper chart as a dependency to the Kafka -cluster in its `requirement.yaml` by default. The chart can be customized using the -following configurable parameters: - -| Parameter | Description | Default | -|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------| -| `image` | Kafka Container image name | `confluentinc/cp-kafka` | -| `imageTag` | Kafka Container image tag | `5.0.1` | -| `imagePullPolicy` | Kafka Container pull policy | `IfNotPresent` | -| `replicas` | Kafka Brokers | `3` | -| `component` | Kafka k8s selector key | `kafka` | -| `resources` | Kafka resource requests and limits | `{}` | -| `securityContext` | Kafka containers security context | `{}` | -| `kafkaHeapOptions` | Kafka broker JVM heap options | `-Xmx1G-Xms1G` | -| `logSubPath` | Subpath under `persistence.mountPath` where kafka logs will be placed. | `logs` | -| `schedulerName` | Name of Kubernetes scheduler (other than the default) | `nil` | -| `serviceAccountName` | Name of Kubernetes serviceAccount. Useful when needing to pull images from custom repositories | `nil` | -| `priorityClassName` | Name of Kubernetes Pod PriorityClass. https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass | `nil` | -| `affinity` | Defines affinities and anti-affinities for pods as defined in: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity preferences | `{}` | -| `tolerations` | List of node tolerations for the pods. https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | -| `headless.annotations` | List of annotations for the headless service. https://kubernetes.io/docs/concepts/services-networking/service/#headless-services | `[]` | -| `headless.targetPort` | Target port to be used for the headless service. This is not a required value. | `nil` | -| `headless.port` | Port to be used for the headless service. https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `9092` | -| `external.enabled` | If True, exposes Kafka brokers via NodePort (PLAINTEXT by default) | `false` | -| `external.dns.useInternal` | If True, add Annotation for internal DNS service | `false` | -| `external.dns.useExternal` | If True, add Annotation for external DNS service | `true` | -| `external.servicePort` | TCP port configured at external services (one per pod) to relay from NodePort to the external listener port. | '19092' | -| `external.firstListenerPort` | TCP port which is added pod index number to arrive at the port used for NodePort and external listener port. | '31090' | -| `external.domain` | Domain in which to advertise Kafka external listeners. | `cluster.local` | -| `external.type` | Service Type. | `NodePort` | -| `external.distinct` | Distinct DNS entries for each created A record. | `false` | -| `external.annotations` | Additional annotations for the external service. | `{}` | -| `external.labels` | Additional labels for the external service. | `{}` | -| `external.loadBalancerIP` | Add Static IP to the type Load Balancer. Depends on the provider if enabled | `[]` -| `external.loadBalancerSourceRanges` | Add IP ranges that are allowed to access the Load Balancer. | `[]` -| `podAnnotations` | Annotation to be added to Kafka pods | `{}` | -| `podLabels` | Labels to be added to Kafka pods | `{}` | -| `podDisruptionBudget` | Define a Disruption Budget for the Kafka Pods | `{}` | -| `envOverrides` | Add additional Environment Variables in the dictionary format | `{ zookeeper.sasl.enabled: "False" }` | -| `configurationOverrides` | `Kafka ` [configuration setting][brokerconfigs] overrides in the dictionary format | `{ "confluent.support.metrics.enable": false }` | -| `secrets` | Pass any secrets to the kafka pods. Each secret will be passed as an environment variable by default. The secret can also be mounted to a specific path if required. Environment variable names are generated as: `_` (All upper case) | `{}` | -| `additionalPorts` | Additional ports to expose on brokers. Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar | `{}` | -| `readinessProbe.initialDelaySeconds` | Number of seconds before probe is initiated. | `30` | -| `readinessProbe.periodSeconds` | How often (in seconds) to perform the probe. | `10` | -| `readinessProbe.timeoutSeconds` | Number of seconds after which the probe times out. | `5` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `readinessProbe.failureThreshold` | After the probe fails this many times, pod will be marked Unready. | `3` | -| `terminationGracePeriodSeconds` | Wait up to this many seconds for a broker to shut down gracefully, after which it is killed | `60` | -| `updateStrategy` | StatefulSet update strategy to use. | `{ type: "OnDelete" }` | -| `podManagementPolicy` | Start and stop pods in Parallel or OrderedReady (one-by-one.) Can not change after first release. | `OrderedReady` | -| `persistence.enabled` | Use a PVC to persist data | `true` | -| `persistence.size` | Size of data volume | `1Gi` | -| `persistence.mountPath` | Mount path of data volume | `/opt/kafka/data` | -| `persistence.storageClass` | Storage class of backing PVC | `nil` | -| `jmx.configMap.enabled` | Enable the default ConfigMap for JMX | `true` | -| `jmx.configMap.overrideConfig` | Allows config file to be generated by passing values to ConfigMap | `{}` | -| `jmx.configMap.overrideName` | Allows setting the name of the ConfigMap to be used | `""` | -| `jmx.port` | The jmx port which JMX style metrics are exposed (note: these are not scrapeable by Prometheus) | `5555` | -| `jmx.whitelistObjectNames` | Allows setting which JMX objects you want to expose to via JMX stats to JMX Exporter | (see `values.yaml`) | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `prometheus.jmx.resources` | Allows setting resource limits for jmx sidecar container | `{}` | -| `prometheus.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | -| `prometheus.jmx.image` | JMX Exporter container image | `solsson/kafka-prometheus-jmx-exporter@sha256` | -| `prometheus.jmx.imageTag` | JMX Exporter container image tag | `a23062396cd5af1acdf76512632c20ea6be76885dfc20cd9ff40fb23846557e8` | -| `prometheus.jmx.interval` | Interval that Prometheus scrapes JMX metrics when using Prometheus Operator | `10s` | -| `prometheus.jmx.scrapeTimeout` | Timeout that Prometheus scrapes JMX metrics when using Prometheus Operator | `10s` | -| `prometheus.jmx.port` | JMX Exporter Port which exposes metrics in Prometheus format for scraping | `5556` | -| `prometheus.kafka.enabled` | Whether or not to create a separate Kafka exporter | `false` | -| `prometheus.kafka.image` | Kafka Exporter container image | `danielqsj/kafka-exporter` | -| `prometheus.kafka.imageTag` | Kafka Exporter container image tag | `v1.2.0` | -| `prometheus.kafka.interval` | Interval that Prometheus scrapes Kafka metrics when using Prometheus Operator | `10s` | -| `prometheus.kafka.scrapeTimeout` | Timeout that Prometheus scrapes Kafka metrics when using Prometheus Operator | `10s` | -| `prometheus.kafka.port` | Kafka Exporter Port which exposes metrics in Prometheus format for scraping | `9308` | -| `prometheus.kafka.resources` | Allows setting resource limits for kafka-exporter pod | `{}` | -| `prometheus.kafka.affinity` | Defines affinities and anti-affinities for pods as defined in: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity preferences | `{}` | -| `prometheus.kafka.tolerations` | List of node tolerations for the pods. https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | -| `prometheus.operator.enabled` | True if using the Prometheus Operator, False if not | `false` | -| `prometheus.operator.serviceMonitor.namespace` | Namespace in which to install the ServiceMonitor resource. Default to kube-prometheus install. | `monitoring` | -| `prometheus.operator.serviceMonitor.releaseNamespace` | Set namespace to release namespace. Default false | `false` | -| `prometheus.operator.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | -| `prometheus.operator.prometheusRule.enabled` | True to create a PrometheusRule resource for Prometheus Operator, False if not | `false` | -| `prometheus.operator.prometheusRule.namespace` | Namespace in which to install the PrometheusRule resource. Default to kube-prometheus install. | `monitoring` | -| `prometheus.operator.prometheusRule.releaseNamespace` | Set namespace to release namespace. Default false | `false` | -| `prometheus.operator.prometheusRule.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | -| `prometheus.operator.prometheusRule.rules` | Define the prometheus rules. See values file for examples | `{}` | -| `configJob.backoffLimit` | Number of retries before considering kafka-config job as failed | `6` | -| `topics` | List of topics to create & configure. Can specify name, partitions, replicationFactor, reassignPartitions, config. See values.yaml | `[]` (Empty list) | -| `testsEnabled` | Enable/disable the chart's tests | `true` | -| `zookeeper.enabled` | If True, installs Zookeeper Chart | `true` | -| `zookeeper.resources` | Zookeeper resource requests and limits | `{}` | -| `zookeeper.env` | Environmental variables provided to Zookeeper Zookeeper | `{ZK_HEAP_SIZE: "1G"}` | -| `zookeeper.storage` | Zookeeper Persistent volume size | `2Gi` | -| `zookeeper.image.PullPolicy` | Zookeeper Container pull policy | `IfNotPresent` | -| `zookeeper.url` | URL of Zookeeper Cluster (unneeded if installing Zookeeper Chart) | `""` | -| `zookeeper.port` | Port of Zookeeper Cluster | `2181` | -| `zookeeper.affinity` | Defines affinities and anti-affinities for pods as defined in: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity preferences | `{}` | -| `zookeeper.nodeSelector` | Node labels for pod assignment | `{}` | - -Specify parameters using `--set key=value[,key=value]` argument to `helm install` - -Alternatively a YAML file that specifies the values for the parameters can be provided like this: - -```bash -$ helm install --name my-kafka -f values.yaml incubator/kafka -``` - -### Connecting to Kafka from inside Kubernetes - -You can connect to Kafka by running a simple pod in the K8s cluster like this with a configuration like this: - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: testclient - namespace: kafka -spec: - containers: - - name: kafka - image: solsson/kafka:0.11.0.0 - command: - - sh - - -c - - "exec tail -f /dev/null" -``` - -Once you have the testclient pod above running, you can list all kafka -topics with: - -` kubectl -n kafka exec -ti testclient -- ./bin/kafka-topics.sh --zookeeper -my-release-zookeeper:2181 --list` - -Where `my-release` is the name of your helm release. - -## Extensions - -Kafka has a rich ecosystem, with lots of tools. This sections is intended to compile all of those tools for which a corresponding Helm chart has already been created. - -- [Schema-registry](https://github.com/kubernetes/charts/tree/master/incubator/schema-registry) - A confluent project that provides a serving layer for your metadata. It provides a RESTful interface for storing and retrieving Avro schemas. - -## Connecting to Kafka from outside Kubernetes - -### NodePort External Service Type - -Review and optionally override to enable the example text concerned with external access in `values.yaml`. - -Once configured, you should be able to reach Kafka via NodePorts, one per replica. In kops where private, -topology is enabled, this feature publishes an internal round-robin DNS record using the following naming -scheme. The external access feature of this chart was tested with kops on AWS using flannel networking. -If you wish to enable external access to Kafka running in kops, your security groups will likely need to -be adjusted to allow non-Kubernetes nodes (e.g. bastion) to access the Kafka external listener port range. - -``` -{{ .Release.Name }}.{{ .Values.external.domain }} -``` - -If `external.distinct` is set theses entries will be prefixed with the replica number or broker id. - -``` -{{ .Release.Name }}-.{{ .Values.external.domain }} -``` - -Port numbers for external access used at container and NodePort are unique to each container in the StatefulSet. -Using the default `external.firstListenerPort` number with a `replicas` value of `3`, the following -container and NodePorts will be opened for external access: `31090`, `31091`, `31092`. All of these ports should -be reachable from any host to NodePorts are exposed because Kubernetes routes each NodePort from entry node -to pod/container listening on the same port (e.g. `31091`). - -The `external.servicePort` at each external access service (one such service per pod) is a relay toward -the a `containerPort` with a number matching its respective `NodePort`. The range of NodePorts is set, but -should not actually listen, on all Kafka pods in the StatefulSet. As any given pod will listen only one -such port at a time, setting the range at every Kafka pod is a reasonably safe configuration. - -#### Example values.yml for external service type NodePort -The + lines are with the updated values. -``` - external: -- enabled: false -+ enabled: true - # type can be either NodePort or LoadBalancer - type: NodePort - # annotations: -@@ -170,14 +170,14 @@ configurationOverrides: - ## - ## Setting "advertised.listeners" here appends to "PLAINTEXT://${POD_IP}:9092,", ensure you update the domain - ## If external service type is Nodeport: -- # "advertised.listeners": |- -- # EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID})) -+ "advertised.listeners": |- -+ EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID})) - ## If external service type is LoadBalancer and distinct is true: - # "advertised.listeners": |- - # EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092 - ## If external service type is LoadBalancer and distinct is false: - # "advertised.listeners": |- - # EXTERNAL://EXTERNAL://${LOAD_BALANCER_IP}:31090 - ## Uncomment to define the EXTERNAL Listener protocol -- # "listener.security.protocol.map": |- -- # PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT -+ "listener.security.protocol.map": |- -+ PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - - -$ kafkacat -b kafka.cluster.local:31090 -L -Metadata for all topics (from broker 0: kafka.cluster.local:31090/0): - 3 brokers: - broker 2 at kafka.cluster.local:31092 - broker 1 at kafka.cluster.local:31091 - broker 0 at kafka.cluster.local:31090 - 0 topics: - -$ kafkacat -b kafka.cluster.local:31090 -P -t test1 -p 0 -msg01 from external producer to topic test1 - -$ kafkacat -b kafka.cluster.local:31090 -C -t test1 -p 0 -msg01 from external producer to topic test1 -``` -### LoadBalancer External Service Type - -The load balancer external service type differs from the node port type by routing to the `external.servicePort` specified in the service for each statefulset container (if `external.distinct` is set). If `external.distinct` is false, `external.servicePort` is unused and will be set to the sum of `external.firstListenerPort` and the replica number. It is important to note that `external.firstListenerPort` does not have to be within the configured node port range for the cluster, however a node port will be allocated. - -#### Example values.yml and DNS setup for external service type LoadBalancer with external.distinct: true -The + lines are with the updated values. -``` - external: -- enabled: false -+ enabled: true - # type can be either NodePort or LoadBalancer -- type: NodePort -+ type: LoadBalancer - # annotations: - # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" - dns: -@@ -138,10 +138,10 @@ external: - # If using external service type LoadBalancer and external dns, set distinct to true below. - # This creates an A record for each statefulset pod/broker. You should then map the - # A record of the broker to the EXTERNAL IP given by the LoadBalancer in your DNS server. -- distinct: false -+ distinct: true - servicePort: 19092 - firstListenerPort: 31090 -- domain: cluster.local -+ domain: example.com - loadBalancerIP: [] - init: - image: "lwolf/kubectl_deployer" -@@ -173,11 +173,11 @@ configurationOverrides: - # "advertised.listeners": |- - # EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID})) - ## If external service type is LoadBalancer and distinct is true: -- # "advertised.listeners": |- -- # EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092 -+ "advertised.listeners": |- -+ EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).example.com:19092 - ## Uncomment to define the EXTERNAL Listener protocol -- # "listener.security.protocol.map": |- -- # PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT -+ "listener.security.protocol.map": |- -+ PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - -$ kubectl -n kafka get svc -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kafka ClusterIP 10.39.241.217 9092/TCP 2m39s -kafka-0-external LoadBalancer 10.39.242.45 35.200.238.174 19092:30108/TCP 2m39s -kafka-1-external LoadBalancer 10.39.241.90 35.244.44.162 19092:30582/TCP 2m39s -kafka-2-external LoadBalancer 10.39.243.160 35.200.149.80 19092:30539/TCP 2m39s -kafka-headless ClusterIP None 9092/TCP 2m39s -kafka-zookeeper ClusterIP 10.39.249.70 2181/TCP 2m39s -kafka-zookeeper-headless ClusterIP None 2181/TCP,3888/TCP,2888/TCP 2m39s - -DNS A record entries: -kafka-0.example.com A record 35.200.238.174 TTL 60sec -kafka-1.example.com A record 35.244.44.162 TTL 60sec -kafka-2.example.com A record 35.200.149.80 TTL 60sec - -$ ping kafka-0.example.com -PING kafka-0.example.com (35.200.238.174): 56 data bytes - -$ kafkacat -b kafka-0.example.com:19092 -L -Metadata for all topics (from broker 0: kafka-0.example.com:19092/0): - 3 brokers: - broker 2 at kafka-2.example.com:19092 - broker 1 at kafka-1.example.com:19092 - broker 0 at kafka-0.example.com:19092 - 0 topics: - -$ kafkacat -b kafka-0.example.com:19092 -P -t gkeTest -p 0 -msg02 for topic gkeTest - -$ kafkacat -b kafka-0.example.com:19092 -C -t gkeTest -p 0 -msg02 for topic gkeTest -``` - -#### Example values.yml and DNS setup for external service type LoadBalancer with external.distinct: false -The + lines are with the updated values. -``` - external: -- enabled: false -+ enabled: true - # type can be either NodePort or LoadBalancer -- type: NodePort -+ type: LoadBalancer - # annotations: - # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" - dns: -@@ -138,10 +138,10 @@ external: - distinct: false - servicePort: 19092 - firstListenerPort: 31090 - domain: cluster.local - loadBalancerIP: [35.200.238.174,35.244.44.162,35.200.149.80] - init: - image: "lwolf/kubectl_deployer" -@@ -173,11 +173,11 @@ configurationOverrides: - # "advertised.listeners": |- - # EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID})) - ## If external service type is LoadBalancer and distinct is true: -- # "advertised.listeners": |- -- # EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092 -+ "advertised.listeners": |- -+ EXTERNAL://${LOAD_BALANCER_IP}:31090 - ## Uncomment to define the EXTERNAL Listener protocol -- # "listener.security.protocol.map": |- -- # PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT -+ "listener.security.protocol.map": |- -+ PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - -$ kubectl -n kafka get svc -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kafka ClusterIP 10.39.241.217 9092/TCP 2m39s -kafka-0-external LoadBalancer 10.39.242.45 35.200.238.174 31090:30108/TCP 2m39s -kafka-1-external LoadBalancer 10.39.241.90 35.244.44.162 31090:30582/TCP 2m39s -kafka-2-external LoadBalancer 10.39.243.160 35.200.149.80 31090:30539/TCP 2m39s -kafka-headless ClusterIP None 9092/TCP 2m39s -kafka-zookeeper ClusterIP 10.39.249.70 2181/TCP 2m39s -kafka-zookeeper-headless ClusterIP None 2181/TCP,3888/TCP,2888/TCP 2m39s - -$ kafkacat -b 35.200.238.174:31090 -L -Metadata for all topics (from broker 0: 35.200.238.174:31090/0): - 3 brokers: - broker 2 at 35.200.149.80:31090 - broker 1 at 35.244.44.162:31090 - broker 0 at 35.200.238.174:31090 - 0 topics: - -$ kafkacat -b 35.200.238.174:31090 -P -t gkeTest -p 0 -msg02 for topic gkeTest - -$ kafkacat -b 35.200.238.174:31090 -C -t gkeTest -p 0 -msg02 for topic gkeTest -``` - -## Known Limitations - -* Only supports storage options that have backends for persistent volume claims (tested mostly on AWS) -* KAFKA_PORT will be created as an envvar and brokers will fail to start when there is a service named `kafka` in the same namespace. We work around this be unsetting that envvar `unset KAFKA_PORT`. - -[brokerconfigs]: https://kafka.apache.org/documentation/#brokerconfigs - -## Prometheus Stats - -### Prometheus vs Prometheus Operator - -Standard Prometheus is the default monitoring option for this chart. This chart also supports the CoreOS Prometheus Operator, -which can provide additional functionality like automatically updating Prometheus and Alert Manager configuration. If you are -interested in installing the Prometheus Operator please see the [CoreOS repository](https://github.com/coreos/prometheus-operator/tree/master/helm) for more information or -read through the [CoreOS blog post introducing the Prometheus Operator](https://coreos.com/blog/the-prometheus-operator.html) - -### JMX Exporter - -The majority of Kafka statistics are provided via JMX and are exposed via the [Prometheus JMX Exporter](https://github.com/prometheus/jmx_exporter). - -The JMX Exporter is a general purpose prometheus provider which is intended for use with any Java application. Because of this, it produces a number of statistics which -may not be of interest. To help in reducing these statistics to their relevant components we have created a curated whitelist `whitelistObjectNames` for the JMX exporter. -This whitelist may be modified or removed via the values configuration. - -To accommodate compatibility with the Prometheus metrics, this chart performs transformations of raw JMX metrics. For example, broker names and topics names are incorporated -into the metric name instead of becoming a label. If you are curious to learn more about any default transformations to the chart metrics, please have reference the [configmap template](https://github.com/kubernetes/charts/blob/master/incubator/kafka/templates/jmx-configmap.yaml). - -### Kafka Exporter - -The [Kafka Exporter](https://github.com/danielqsj/kafka_exporter) is a complementary metrics exporter to the JMX Exporter. The Kafka Exporter provides additional statistics on Kafka Consumer Groups. diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/.helmignore b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/Chart.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/Chart.yaml deleted file mode 100644 index 6e00654..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -appVersion: 3.5.5 -description: Centralized service for maintaining configuration information, naming, - providing distributed synchronization, and providing group services. -home: https://zookeeper.apache.org/ -icon: https://zookeeper.apache.org/images/zookeeper_small.gif -kubeVersion: ^1.10.0-0 -maintainers: -- email: lachlan.evenson@microsoft.com - name: lachie83 -- email: owensk@google.com - name: kow3ns -name: zookeeper -sources: -- https://github.com/apache/zookeeper -- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -version: 2.1.0 diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/OWNERS b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/OWNERS deleted file mode 100644 index dd9facd..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- lachie83 -- kow3ns -reviewers: -- lachie83 -- kow3ns diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/README.md b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/README.md deleted file mode 100644 index c0f060e..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/README.md +++ /dev/null @@ -1,145 +0,0 @@ -# incubator/zookeeper - -This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper). - -## Prerequisites -* Kubernetes 1.10+ -* PersistentVolume support on the underlying infrastructure -* A dynamic provisioner for the PersistentVolumes -* A familiarity with [Apache ZooKeeper 3.5.x](https://zookeeper.apache.org/doc/r3.5.5/) - -## Chart Components -This chart will do the following: - -* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/). -* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble. -* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble. -* Create a Service configured to connect to the available ZooKeeper instance on the configured client port. -* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes. -* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods. -* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`). -* Optionally create a Prometheus ServiceMonitor for each enabled exporter container - -## Installing the Chart -You can install the chart with the release name `zookeeper` as below. - -```console -$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator -$ helm install --name zookeeper incubator/zookeeper -``` - -If you do not specify a name, helm will select a name for you. - -### Installed Components -You can use `kubectl get` to view all of the installed components. - -```console{%raw} -$ kubectl get all -l app=zookeeper -NAME: zookeeper -LAST DEPLOYED: Wed Apr 11 17:09:48 2018 -NAMESPACE: default -STATUS: DEPLOYED - -RESOURCES: -==> v1beta1/PodDisruptionBudget -NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE -zookeeper N/A 1 1 2m - -==> v1/Service -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -zookeeper-headless ClusterIP None 2181/TCP,3888/TCP,2888/TCP 2m -zookeeper ClusterIP 10.98.179.165 2181/TCP 2m - -==> v1beta1/StatefulSet -NAME DESIRED CURRENT AGE -zookeeper 3 3 2m - -==> monitoring.coreos.com/v1/ServiceMonitor -NAME AGE -zookeeper 2m -zookeeper-exporter 2m -``` - -1. `statefulsets/zookeeper` is the StatefulSet created by the chart. -1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server. -1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble. -1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server. -1. `servicemonitor/zookeeper` is a Prometheus ServiceMonitor which scrapes the jmx-exporter metrics endpoint -1. `servicemonitor/zookeeper-exporter` is a Prometheus ServiceMonitor which scrapes the zookeeper-exporter metrics endpoint - -## Configuration -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/zookeeper -``` - -## Default Values - -- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml). - -## Deep Dive - -## Image Details -The image used for this chart is based on Alpine 3.9.0. - -## JVM Details -The Java Virtual Machine used for this chart is the OpenJDK JVM 8u192 JRE (headless). - -## ZooKeeper Details -The chart defaults to ZooKeeper 3.5 (latest released version). - -## Failover -You can test failover by killing the leader. Insert a key: -```console -$ kubectl exec zookeeper-0 -- bin/zkCli.sh create /foo bar; -$ kubectl exec zookeeper-2 -- bin/zkCli.sh get /foo; -``` - -Watch existing members: -```console -$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc -${i}.:2181 | grep Mode); sleep 1; done; done'; - -zk-2 Mode: follower -zk-0 Mode: follower -zk-1 Mode: leader -zk-2 Mode: follower -``` - -Delete Pods and wait for the StatefulSet controller to bring them back up: -```console -$ kubectl delete po -l app=zookeeper -$ kubectl get po --watch-only -NAME READY STATUS RESTARTS AGE -zookeeper-0 0/1 Running 0 35s -zookeeper-0 1/1 Running 0 50s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 ContainerCreating 0 0s -zookeeper-1 0/1 Running 0 19s -zookeeper-1 1/1 Running 0 40s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 ContainerCreating 0 0s -zookeeper-2 0/1 Running 0 19s -zookeeper-2 1/1 Running 0 41s -``` - -Check the previously inserted key: -```console -$ kubectl exec zookeeper-1 -- bin/zkCli.sh get /foo -ionid = 0x354887858e80035, negotiated timeout = 30000 - -WATCHER:: - -WatchedEvent state:SyncConnected type:None path:null -bar -``` - -## Scaling -ZooKeeper can not be safely scaled in versions prior to 3.5.x - -## Limitations -* Only supports storage options that have backends for persistent volume claims. diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/NOTES.txt b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/NOTES.txt deleted file mode 100644 index 6c5da85..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -Thank you for installing ZooKeeper on your Kubernetes cluster. More information -about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/ - -Your connection string should look like: - {{ template "zookeeper.fullname" . }}-0.{{ template "zookeeper.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "zookeeper.fullname" . }}-1.{{ template "zookeeper.fullname" . }}-headless:{{ .Values.service.ports.client.port }},... - -You can also use the client service {{ template "zookeeper.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server. diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/_helpers.tpl b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/_helpers.tpl deleted file mode 100644 index 0e15107..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/_helpers.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "zookeeper.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "zookeeper.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "zookeeper.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The name of the zookeeper headless service. -*/}} -{{- define "zookeeper.headless" -}} -{{- printf "%s-headless" (include "zookeeper.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -The name of the zookeeper chroots job. -*/}} -{{- define "zookeeper.chroots" -}} -{{- printf "%s-chroots" (include "zookeeper.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-jmx-exporter.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-jmx-exporter.yaml deleted file mode 100644 index 47c3f9b..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-jmx-exporter.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.exporters.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-jmx-exporter - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - config.yml: |- - hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }} - lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }} - rules: -{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }} - ssl: false - startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-script.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-script.yaml deleted file mode 100644 index 3afae07..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/config-script.yaml +++ /dev/null @@ -1,113 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "zookeeper.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: server -data: - ok: | - #!/bin/sh - echo ruok | nc 127.0.0.1 ${1:-2181} - - ready: | - #!/bin/sh - echo ruok | nc 127.0.0.1 ${1:-2181} -'' - run: | - #!/bin/bash - - set -a - ROOT=$(echo /apache-zookeeper-*) - - ZK_USER=${ZK_USER:-"zookeeper"} - ZK_LOG_LEVEL=${ZK_LOG_LEVEL:-"INFO"} - ZK_DATA_DIR=${ZK_DATA_DIR:-"/data"} - ZK_DATA_LOG_DIR=${ZK_DATA_LOG_DIR:-"/data/log"} - ZK_CONF_DIR=${ZK_CONF_DIR:-"/conf"} - ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181} - ZK_SERVER_PORT=${ZK_SERVER_PORT:-2888} - ZK_ELECTION_PORT=${ZK_ELECTION_PORT:-3888} - ZK_TICK_TIME=${ZK_TICK_TIME:-2000} - ZK_INIT_LIMIT=${ZK_INIT_LIMIT:-10} - ZK_SYNC_LIMIT=${ZK_SYNC_LIMIT:-5} - ZK_HEAP_SIZE=${ZK_HEAP_SIZE:-2G} - ZK_MAX_CLIENT_CNXNS=${ZK_MAX_CLIENT_CNXNS:-60} - ZK_MIN_SESSION_TIMEOUT=${ZK_MIN_SESSION_TIMEOUT:- $((ZK_TICK_TIME*2))} - ZK_MAX_SESSION_TIMEOUT=${ZK_MAX_SESSION_TIMEOUT:- $((ZK_TICK_TIME*20))} - ZK_SNAP_RETAIN_COUNT=${ZK_SNAP_RETAIN_COUNT:-3} - ZK_PURGE_INTERVAL=${ZK_PURGE_INTERVAL:-0} - ID_FILE="$ZK_DATA_DIR/myid" - ZK_CONFIG_FILE="$ZK_CONF_DIR/zoo.cfg" - LOG4J_PROPERTIES="$ZK_CONF_DIR/log4j.properties" - HOST=$(hostname) - DOMAIN=`hostname -d` - ZOOCFG=zoo.cfg - ZOOCFGDIR=$ZK_CONF_DIR - JVMFLAGS="-Xmx$ZK_HEAP_SIZE -Xms$ZK_HEAP_SIZE" - - APPJAR=$(echo $ROOT/*jar) - CLASSPATH="${ROOT}/lib/*:${APPJAR}:${ZK_CONF_DIR}:" - - if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then - NAME=${BASH_REMATCH[1]} - ORD=${BASH_REMATCH[2]} - MY_ID=$((ORD+1)) - else - echo "Failed to extract ordinal from hostname $HOST" - exit 1 - fi - - mkdir -p $ZK_DATA_DIR - mkdir -p $ZK_DATA_LOG_DIR - echo $MY_ID >> $ID_FILE - - echo "clientPort=$ZK_CLIENT_PORT" >> $ZK_CONFIG_FILE - echo "dataDir=$ZK_DATA_DIR" >> $ZK_CONFIG_FILE - echo "dataLogDir=$ZK_DATA_LOG_DIR" >> $ZK_CONFIG_FILE - echo "tickTime=$ZK_TICK_TIME" >> $ZK_CONFIG_FILE - echo "initLimit=$ZK_INIT_LIMIT" >> $ZK_CONFIG_FILE - echo "syncLimit=$ZK_SYNC_LIMIT" >> $ZK_CONFIG_FILE - echo "maxClientCnxns=$ZK_MAX_CLIENT_CNXNS" >> $ZK_CONFIG_FILE - echo "minSessionTimeout=$ZK_MIN_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE - echo "maxSessionTimeout=$ZK_MAX_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE - echo "autopurge.snapRetainCount=$ZK_SNAP_RETAIN_COUNT" >> $ZK_CONFIG_FILE - echo "autopurge.purgeInterval=$ZK_PURGE_INTERVAL" >> $ZK_CONFIG_FILE - echo "4lw.commands.whitelist=*" >> $ZK_CONFIG_FILE - - for (( i=1; i<=$ZK_REPLICAS; i++ )) - do - echo "server.$i=$NAME-$((i-1)).$DOMAIN:$ZK_SERVER_PORT:$ZK_ELECTION_PORT" >> $ZK_CONFIG_FILE - done - - rm -f $LOG4J_PROPERTIES - - echo "zookeeper.root.logger=$ZK_LOG_LEVEL, CONSOLE" >> $LOG4J_PROPERTIES - echo "zookeeper.console.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES - echo "zookeeper.log.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES - echo "zookeeper.log.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES - echo "zookeeper.log.file=zookeeper.log" >> $LOG4J_PROPERTIES - echo "zookeeper.log.maxfilesize=256MB" >> $LOG4J_PROPERTIES - echo "zookeeper.log.maxbackupindex=10" >> $LOG4J_PROPERTIES - echo "zookeeper.tracelog.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES - echo "zookeeper.tracelog.file=zookeeper_trace.log" >> $LOG4J_PROPERTIES - echo "log4j.rootLogger=\${zookeeper.root.logger}" >> $LOG4J_PROPERTIES - echo "log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender" >> $LOG4J_PROPERTIES - echo "log4j.appender.CONSOLE.Threshold=\${zookeeper.console.threshold}" >> $LOG4J_PROPERTIES - echo "log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout" >> $LOG4J_PROPERTIES - echo "log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n" >> $LOG4J_PROPERTIES - - if [ -n "$JMXDISABLE" ] - then - MAIN=org.apache.zookeeper.server.quorum.QuorumPeerMain - else - MAIN="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$JMXPORT -Dcom.sun.management.jmxremote.authenticate=$JMXAUTH -Dcom.sun.management.jmxremote.ssl=$JMXSSL -Dzookeeper.jmx.log4j.disable=$JMXLOG4J org.apache.zookeeper.server.quorum.QuorumPeerMain" - fi - - set -x - exec java -cp "$CLASSPATH" $JVMFLAGS $MAIN $ZK_CONFIG_FILE diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/job-chroots.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/job-chroots.yaml deleted file mode 100644 index 6c132c5..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/job-chroots.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.jobs.chroots.enabled }} -{{- $root := . }} -{{- $job := .Values.jobs.chroots }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "zookeeper.chroots" . }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: jobs - job: chroots -spec: - activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }} - backoffLimit: {{ $job.backoffLimit }} - completions: {{ $job.completions }} - parallelism: {{ $job.parallelism }} - template: - metadata: - labels: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} - component: jobs - job: chroots - spec: - restartPolicy: {{ $job.restartPolicy }} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} - containers: - - name: main - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/bash - - -o - - pipefail - - -euc - {{- $port := .Values.service.ports.client.port }} - - > - sleep 15; - export SERVER={{ template "zookeeper.fullname" $root }}:{{ $port }}; - {{- range $job.config.create }} - echo '==> {{ . }}'; - echo '====> Create chroot if does not exist.'; - zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid' - || zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} create {{ . }} ""; - echo '====> Confirm chroot exists.'; - zkCli.sh -server {{ template "zookeeper.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'; - echo '====> Chroot exists.'; - {{- end }} - env: - {{- range $key, $value := $job.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml $job.resources | indent 12 }} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/poddisruptionbudget.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/poddisruptionbudget.yaml deleted file mode 100644 index ff1d2c0..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "zookeeper.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: server -spec: - selector: - matchLabels: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} - component: server -{{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service-headless.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service-headless.yaml deleted file mode 100644 index 57dd9db..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service-headless.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "zookeeper.headless" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.headless.annotations }} - annotations: -{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - clusterIP: None - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} - port: {{ $port.containerPort }} - targetPort: {{ $key }} - protocol: {{ $port.protocol }} -{{- end }} - selector: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service.yaml deleted file mode 100644 index 6e8287c..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "zookeeper.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }}} - annotations: -{{- with .Values.service.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} -{{ toYaml $value | indent 6 }} - {{- end }} -{{- if .Values.exporters.jmx.enabled }} - {{- range $key, $port := .Values.exporters.jmx.ports }} - - name: {{ $key }} - port: {{ $port.containerPort }} - targetPort: {{ $key }} - protocol: {{ $port.protocol }} - {{- end }} -{{- end}} -{{- if .Values.exporters.zookeeper.enabled }} - {{- range $key, $port := .Values.exporters.zookeeper.ports }} - - name: {{ $key }} - port: {{ $port.containerPort }} - targetPort: {{ $key }} - protocol: {{ $port.protocol }} - {{- end }} -{{- end}} - selector: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/servicemonitors.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/servicemonitors.yaml deleted file mode 100644 index 20621b9..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/servicemonitors.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if and .Values.exporters.jmx.enabled .Values.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "zookeeper.fullname" . }} - {{- if .Values.prometheus.serviceMonitor.namespace }} - namespace: {{ .Values.prometheus.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: -{{ toYaml .Values.prometheus.serviceMonitor.selector | indent 4 }} -spec: - endpoints: - {{- range $key, $port := .Values.exporters.jmx.ports }} - - port: {{ $key }} - path: {{ $.Values.exporters.jmx.path }} - interval: {{ $.Values.exporters.jmx.serviceMonitor.interval }} - scrapeTimeout: {{ $.Values.exporters.jmx.serviceMonitor.scrapeTimeout }} - scheme: {{ $.Values.exporters.jmx.serviceMonitor.scheme }} - {{- end }} - selector: - matchLabels: - app: {{ include "zookeeper.name" . }} - release: {{ .Release.Name }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} ---- - -{{- if and .Values.exporters.zookeeper.enabled .Values.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "zookeeper.fullname" . }}-exporter - {{- if .Values.prometheus.serviceMonitor.namespace }} - namespace: {{ .Values.prometheus.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: -{{ toYaml .Values.prometheus.serviceMonitor.selector | indent 4 }} -spec: - endpoints: - {{- range $key, $port := .Values.exporters.zookeeper.ports }} - - port: {{ $key }} - path: {{ $.Values.exporters.zookeeper.path }} - interval: {{ $.Values.exporters.zookeeper.serviceMonitor.interval }} - scrapeTimeout: {{ $.Values.exporters.zookeeper.serviceMonitor.scrapeTimeout }} - scheme: {{ $.Values.exporters.zookeeper.serviceMonitor.scheme }} - {{- end }} - selector: - matchLabels: - app: {{ include "zookeeper.name" . }} - release: {{ .Release.Name }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/statefulset.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/statefulset.yaml deleted file mode 100644 index a2fede1..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/templates/statefulset.yaml +++ /dev/null @@ -1,227 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "zookeeper.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "zookeeper.name" . }} - chart: {{ template "zookeeper.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: server -spec: - serviceName: {{ template "zookeeper.headless" . }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} - component: server - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - template: - metadata: - labels: - app: {{ template "zookeeper.name" . }} - release: {{ .Release.Name }} - component: server - {{- if .Values.podLabels }} - ## Custom pod labels - {{- range $key, $value := .Values.podLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: - ## Custom pod annotations - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - spec: - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} - containers: - - - name: zookeeper - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- with .Values.command }} - command: {{ range . }} - - {{ . | quote }} - {{- end }} - {{- end }} - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} -{{- end }} - livenessProbe: - exec: - command: - - sh - - /config-scripts/ok - initialDelaySeconds: 20 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - readinessProbe: - exec: - command: - - sh - - /config-scripts/ready - initialDelaySeconds: 20 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - env: - - name: ZK_REPLICAS - value: {{ .Values.replicaCount | quote }} - {{- range $key, $value := .Values.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - {{- range $secret := .Values.secrets }} - {{- range $key := $secret.keys }} - - name: {{ (print $secret.name "_" $key) | upper }} - valueFrom: - secretKeyRef: - name: {{ $secret.name }} - key: {{ $key }} - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - volumeMounts: - - name: data - mountPath: /data - {{- range $secret := .Values.secrets }} - {{- if $secret.mountPath }} - {{- range $key := $secret.keys }} - - name: {{ $.Release.Name }}-{{ $secret.name }} - mountPath: {{ $secret.mountPath }}/{{ $key }} - subPath: {{ $key }} - readOnly: true - {{- end }} - {{- end }} - {{- end }} - - name: config - mountPath: /config-scripts - - -{{- if .Values.exporters.jmx.enabled }} - - name: jmx-exporter - image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}" - imagePullPolicy: {{ .Values.exporters.jmx.image.pullPolicy }} - ports: - {{- range $key, $port := .Values.exporters.jmx.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }} - env: - - name: SERVICE_PORT - value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }} - {{- with .Values.exporters.jmx.env }} - {{- range $key, $value := . }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.exporters.jmx.resources | indent 12 }} - volumeMounts: - - name: config-jmx-exporter - mountPath: /opt/jmx_exporter/config.yml - subPath: config.yml -{{- end }} - -{{- if .Values.exporters.zookeeper.enabled }} - - name: zookeeper-exporter - image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}" - imagePullPolicy: {{ .Values.exporters.zookeeper.image.pullPolicy }} - args: - - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }} - - -metrics-path={{ .Values.exporters.zookeeper.path }} - - -zookeeper=localhost:{{ .Values.ports.client.containerPort }} - - -log-level={{ .Values.exporters.zookeeper.config.logLevel }} - - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }} - ports: - {{- range $key, $port := .Values.exporters.zookeeper.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }} - env: - {{- range $key, $value := .Values.exporters.zookeeper.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }} -{{- end }} - - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ template "zookeeper.fullname" . }} - defaultMode: 0555 - {{- range .Values.secrets }} - - name: {{ $.Release.Name }}-{{ .name }} - secret: - secretName: {{ .name }} - {{- end }} - {{- if .Values.exporters.jmx.enabled }} - - name: config-jmx-exporter - configMap: - name: {{ .Release.Name }}-jmx-exporter - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/values.yaml b/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/values.yaml deleted file mode 100644 index 2fa6286..0000000 --- a/rds/base/charts/jaeger/charts/kafka/charts/zookeeper/values.yaml +++ /dev/null @@ -1,295 +0,0 @@ -## As weighted quorums are not supported, it is imperative that an odd number of replicas -## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7. -## -## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set -replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7) - -podDisruptionBudget: - maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions. - -terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully. - -updateStrategy: - type: RollingUpdate - -## refs: -## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1 -image: - repository: zookeeper # Container image repository for zookeeper container. - tag: 3.5.5 # Container image tag for zookeeper container. - pullPolicy: IfNotPresent # Image pull criteria for zookeeper container. - -service: - type: ClusterIP # Exposes zookeeper on a cluster-internal IP. - annotations: {} # Arbitrary non-identifying metadata for zookeeper service. - ## AWS example for use with LoadBalancer service type. - # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local - # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - ports: - client: - port: 2181 # Service port number for client port. - targetPort: client # Service target port for client port. - protocol: TCP # Service port protocol for client port. - -## Headless service. -## -headless: - annotations: {} - -ports: - client: - containerPort: 2181 # Port number for zookeeper container client port. - protocol: TCP # Protocol for zookeeper container client port. - election: - containerPort: 3888 # Port number for zookeeper container election port. - protocol: TCP # Protocol for zookeeper container election port. - server: - containerPort: 2888 # Port number for zookeeper container server port. - protocol: TCP # Protocol for zookeeper container server port. - -resources: {} # Optionally specify how much CPU and memory (RAM) each zookeeper container needs. - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -priorityClassName: "" - -nodeSelector: {} # Node label-values required to run zookeeper pods. - -tolerations: [] # Node taint overrides for zookeeper pods. - -affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - topologyKey: "kubernetes.io/hostname" - # labelSelector: - # matchLabels: - # release: zookeeper - -podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods. - # prometheus.io/scrape: "true" - # prometheus.io/path: "/metrics" - # prometheus.io/port: "9141" - -podLabels: {} # Key/value pairs that are attached to zookeeper pods. - # team: "developers" - # service: "zookeeper" - -securityContext: - fsGroup: 1000 - runAsUser: 1000 - -## Useful, if you want to use an alternate image. -command: - - /bin/bash - - -xec - - /config-scripts/run - -## Useful if using any custom authorizer. -## Pass any secrets to the kafka pods. Each secret will be passed as an -## environment variable by default. The secret can also be mounted to a -## specific path (in addition to environment variable) if required. Environment -## variable names are generated as: `_` (All upper case) -# secrets: -# - name: myKafkaSecret -# keys: -# - username -# - password -# # mountPath: /opt/kafka/secret -# - name: myZkSecret -# keys: -# - user -# - pass -# mountPath: /opt/zookeeper/secret - -persistence: - enabled: true - ## zookeeper data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 5Gi - -## Exporters query apps for metrics and make those metrics available for -## Prometheus to scrape. -exporters: - - jmx: - enabled: false - image: - repository: sscaling/jmx-prometheus-exporter - tag: 0.3.0 - pullPolicy: IfNotPresent - config: - lowercaseOutputName: false - ## ref: https://github.com/prometheus/jmx_exporter/blob/master/example_configs/zookeeper.yaml - rules: - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$2" - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$3" - labels: - replicaId: "$2" - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$4" - labels: - replicaId: "$2" - memberType: "$3" - - pattern: "org.apache.ZooKeeperService<>(\\w+)" - name: "zookeeper_$4_$5" - labels: - replicaId: "$2" - memberType: "$3" - startDelaySeconds: 30 - env: {} - resources: {} - path: /metrics - ports: - jmxxp: - containerPort: 9404 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - serviceMonitor: - interval: 30s - scrapeTimeout: 30s - scheme: http - - zookeeper: - ## refs: - ## - https://github.com/carlpett/zookeeper_exporter - ## - https://hub.docker.com/r/josdotso/zookeeper-exporter/ - ## - https://www.datadoghq.com/blog/monitoring-kafka-performance-metrics/#zookeeper-metrics - enabled: false - image: - repository: josdotso/zookeeper-exporter - tag: v1.1.2 - pullPolicy: IfNotPresent - config: - logLevel: info - resetOnScrape: "true" - env: {} - resources: {} - path: /metrics - ports: - zookeeperxp: - containerPort: 9141 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - serviceMonitor: - interval: 30s - scrapeTimeout: 30s - scheme: http - -## ServiceMonitor configuration in case you are using Prometheus Operator -prometheus: - serviceMonitor: - ## If true a ServiceMonitor for each enabled exporter will be installed - enabled: false - ## The namespace where the ServiceMonitor(s) will be installed - # namespace: monitoring - ## The selector the Prometheus instance is searching for - ## [Default Prometheus Operator selector] (https://github.com/helm/charts/blob/f5a751f174263971fafd21eee4e35416d6612a3d/stable/prometheus-operator/templates/prometheus/prometheus.yaml#L74) - selector: {} - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -env: - - ## Options related to JMX exporter. - ## ref: https://github.com/apache/zookeeper/blob/master/bin/zkServer.sh#L36 - JMXAUTH: "false" - JMXDISABLE: "false" - JMXPORT: 1099 - JMXSSL: "false" - - ## The port on which the server will accept client requests. - ZOO_PORT: 2181 - - ## The number of Ticks that an ensemble member is allowed to perform leader - ## election. - ZOO_INIT_LIMIT: 5 - - ZOO_TICK_TIME: 2000 - - ## The maximum number of concurrent client connections that - ## a server in the ensemble will accept. - ZOO_MAX_CLIENT_CNXNS: 60 - - ## The number of Tick by which a follower may lag behind the ensembles leader. - ZK_SYNC_LIMIT: 10 - - ## The number of wall clock ms that corresponds to a Tick for the ensembles - ## internal time. - ZK_TICK_TIME: 2000 - - ZOO_AUTOPURGE_PURGEINTERVAL: 0 - ZOO_AUTOPURGE_SNAPRETAINCOUNT: 3 - ZOO_STANDALONE_ENABLED: false - -jobs: - ## ref: http://zookeeper.apache.org/doc/r3.4.10/zookeeperProgrammers.html#ch_zkSessions - chroots: - enabled: false - activeDeadlineSeconds: 300 - backoffLimit: 5 - completions: 1 - config: - create: [] - # - /kafka - # - /ureplicator - env: [] - parallelism: 1 - resources: {} - restartPolicy: Never diff --git a/rds/base/charts/jaeger/charts/kafka/requirements.lock b/rds/base/charts/jaeger/charts/kafka/requirements.lock deleted file mode 100644 index 35c0583..0000000 --- a/rds/base/charts/jaeger/charts/kafka/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: zookeeper - repository: file://charts/zookeeper - version: 2.1.0 -digest: sha256:15b2dd453a6aeb0ecc8193bbde64cb23af32b98605e67240286eb4e7b84e361d -generated: "2022-08-18T15:37:24.60553345+02:00" diff --git a/rds/base/charts/jaeger/charts/kafka/requirements.yaml b/rds/base/charts/jaeger/charts/kafka/requirements.yaml deleted file mode 100644 index ef02ce4..0000000 --- a/rds/base/charts/jaeger/charts/kafka/requirements.yaml +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: zookeeper - version: 2.1.0 - repository: file://charts/zookeeper - condition: kafka.zookeeper.enabled,zookeeper.enabled -version: 0.20.6 \ No newline at end of file diff --git a/rds/base/charts/jaeger/charts/kafka/templates/NOTES.txt b/rds/base/charts/jaeger/charts/kafka/templates/NOTES.txt deleted file mode 100644 index 9609f39..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/NOTES.txt +++ /dev/null @@ -1,76 +0,0 @@ -### Connecting to Kafka from inside Kubernetes - -You can connect to Kafka by running a simple pod in the K8s cluster like this with a configuration like this: - - apiVersion: v1 - kind: Pod - metadata: - name: testclient - namespace: {{ .Values.global.namespace.name | default .Release.Namespace }} - spec: - containers: - - name: kafka - image: {{ .Values.image }}:{{ .Values.imageTag }} - command: - - sh - - -c - - "exec tail -f /dev/null" - -Once you have the testclient pod above running, you can list all kafka -topics with: - - kubectl -n {{ .Release.Namespace }} exec testclient -- ./bin/kafka-topics.sh --zookeeper {{ .Release.Name }}-zookeeper:2181 --list - -To create a new topic: - - kubectl -n {{ .Release.Namespace }} exec testclient -- ./bin/kafka-topics.sh --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1 - -To listen for messages on a topic: - - kubectl -n {{ .Release.Namespace }} exec -ti testclient -- ./bin/kafka-console-consumer.sh --bootstrap-server {{ include "kafka.fullname" . }}:9092 --topic test1 --from-beginning - -To stop the listener session above press: Ctrl+C - -To start an interactive message producer session: - kubectl -n {{ .Release.Namespace }} exec -ti testclient -- ./bin/kafka-console-producer.sh --broker-list {{ include "kafka.fullname" . }}-headless:9092 --topic test1 - -To create a message in the above session, simply type the message and press "enter" -To end the producer session try: Ctrl+C - -If you specify "zookeeper.connect" in configurationOverrides, please replace "{{ .Release.Name }}-zookeeper:2181" with the value of "zookeeper.connect", or you will get error. - -{{ if .Values.external.enabled }} -### Connecting to Kafka from outside Kubernetes - -You have enabled the external access feature of this chart. - -**WARNING:** By default this feature allows Kafka clients outside Kubernetes to -connect to Kafka via NodePort(s) in `PLAINTEXT`. - -Please see this chart's README.md for more details and guidance. - -If you wish to connect to Kafka from outside please configure your external Kafka -clients to point at the following brokers. Please allow a few minutes for all -associated resources to become healthy. - {{ $fullName := include "kafka.fullname" . }} - {{- $replicas := .Values.replicas | int }} - {{- $servicePort := .Values.external.servicePort | int}} - {{- $root := . }} - {{- range $i, $e := until $replicas }} - {{- $externalListenerPort := add $root.Values.external.firstListenerPort $i }} - {{- if $root.Values.external.distinct }} -{{ printf "%s-%d.%s:%d" $root.Release.Name $i $root.Values.external.domain $servicePort | indent 2 }} - {{- else }} -{{ printf "%s.%s:%d" $root.Release.Name $root.Values.external.domain $externalListenerPort | indent 2 }} - {{- end }} - {{- end }} -{{- end }} - -{{ if .Values.prometheus.jmx.enabled }} -To view JMX configuration (pull request/updates to improve defaults are encouraged): - {{ if .Values.jmx.configMap.overrideName }} - kubectl -n {{ .Release.Namespace }} describe configmap {{ .Values.jmx.configMap.overrideName }} - {{ else }} - kubectl -n {{ .Release.Namespace }} describe configmap {{ include "kafka.fullname" . }}-metrics - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/_helpers.tpl b/rds/base/charts/jaeger/charts/kafka/templates/_helpers.tpl deleted file mode 100644 index 03bfc0a..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/_helpers.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kafka.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kafka.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified zookeeper name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kafka.zookeeper.fullname" -}} -{{- if .Values.zookeeper.fullnameOverride -}} -{{- .Values.zookeeper.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "zookeeper" .Values.zookeeper.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Form the Zookeeper URL. If zookeeper is installed as part of this chart, use k8s service discovery, -else use user-provided URL -*/}} -{{- define "zookeeper.url" }} -{{- $port := .Values.zookeeper.port | toString }} -{{- if .Values.zookeeper.enabled -}} -{{- printf "%s:%s" (include "kafka.zookeeper.fullname" .) $port }} -{{- else -}} -{{- $zookeeperConnect := printf "%s:%s" .Values.zookeeper.url $port }} -{{- $zookeeperConnectOverride := index .Values "configurationOverrides" "zookeeper.connect" }} -{{- default $zookeeperConnect $zookeeperConnectOverride }} -{{- end -}} -{{- end -}} - -{{/* -Derive offsets.topic.replication.factor in following priority order: configurationOverrides, replicas -*/}} -{{- define "kafka.replication.factor" }} -{{- $replicationFactorOverride := index .Values "configurationOverrides" "offsets.topic.replication.factor" }} -{{- default .Values.replicas $replicationFactorOverride }} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kafka.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create unified labels for kafka components -*/}} - -{{- define "kafka.common.matchLabels" -}} -app.kubernetes.io/name: {{ include "kafka.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{- define "kafka.common.metaLabels" -}} -helm.sh/chart: {{ include "kafka.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{- define "kafka.broker.matchLabels" -}} -app.kubernetes.io/component: kafka-broker -{{ include "kafka.common.matchLabels" . }} -{{- end -}} - -{{- define "kafka.broker.labels" -}} -{{ include "kafka.common.metaLabels" . }} -{{ include "kafka.broker.matchLabels" . }} -{{- end -}} - -{{- define "kafka.config.matchLabels" -}} -app.kubernetes.io/component: kafka-config -{{ include "kafka.common.matchLabels" . }} -{{- end -}} - -{{- define "kafka.config.labels" -}} -{{ include "kafka.common.metaLabels" . }} -{{ include "kafka.config.matchLabels" . }} -{{- end -}} - -{{- define "kafka.monitor.matchLabels" -}} -app.kubernetes.io/component: kafka-monitor -{{ include "kafka.common.matchLabels" . }} -{{- end -}} - -{{- define "kafka.monitor.labels" -}} -{{ include "kafka.common.metaLabels" . }} -{{ include "kafka.monitor.matchLabels" . }} -{{- end -}} - -{{- define "serviceMonitor.namespace" -}} -{{- if .Values.prometheus.operator.serviceMonitor.releaseNamespace -}} -{{ .Release.Namespace }} -{{- else -}} -{{ .Values.prometheus.operator.serviceMonitor.namespace }} -{{- end -}} -{{- end -}} - -{{- define "prometheusRule.namespace" -}} -{{- if .Values.prometheus.operator.prometheusRule.releaseNamespace -}} -{{ .Release.Namespace }} -{{- else -}} -{{ .Values.prometheus.operator.prometheusRule.namespace }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/configmap-config.yaml b/rds/base/charts/jaeger/charts/kafka/templates/configmap-config.yaml deleted file mode 100644 index 78194c5..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/configmap-config.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.topics -}} -{{- $zk := include "zookeeper.url" . -}} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "kafka.config.labels" . | nindent 4 }} - name: {{ template "kafka.fullname" . }}-config - namespace: {{ .Release.Namespace }} -data: - runtimeConfig.sh: | - #!/bin/bash - set -e - cd /usr/bin - until kafka-configs --zookeeper {{ $zk }} --entity-type topics --describe || (( count++ >= 6 )) - do - echo "Waiting for ZooKeeper..." - sleep 20 - done - - # expected='0,1,2,3,...,n,' - # the trailing comma is significant - expected='{{ until (int .Values.replicas) | join "," | trim }},' - connected_brokers='' - until [[ "$connected_brokers" == "$expected" ]] - do - echo "Waiting for all Kafka brokers to be connected to ZooKeeper..." - connected_brokers=$(zookeeper-shell {{ $zk }} ls /brokers/ids | \ - # brokers formatted as: [ 0, 1, 2 ] - tail -1 | \ - # broker ids separated by newline - grep -o '[0-9]\+' | \ - # they may have connected in a random order - sort | \ - # trim the leading and trailing whitespace - sed 's/ *$//' | \ - # Replace newline with comma - # The result has a trailing comma - tr '\n' ',' - ) - echo "Currently available brokers: $connected_brokers" - echo "Expected brokers: $expected" - sleep 20 - done - - echo "Applying runtime configuration using {{ .Values.image }}:{{ .Values.imageTag }}" - {{- range $n, $topic := .Values.topics }} - {{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }} - cat << EOF > {{ $topic.name }}-increase-replication-factor.json - {"version":1, "partitions":[ - {{- $partitions := (int $topic.partitions) }} - {{- $replicas := (int $topic.replicationFactor) }} - {{- range $i := until $partitions }} - {"topic":"{{ $topic.name }}","partition":{{ $i }},"replicas":[{{- range $j := until $replicas }}{{ $j }}{{- if ne $j (sub $replicas 1) }},{{- end }}{{- end }}]}{{- if ne $i (sub $partitions 1) }},{{- end }} - {{- end }} - ]} - EOF - kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --execute - kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --verify - {{- else if and $topic.partitions $topic.replicationFactor }} - kafka-topics --zookeeper {{ $zk }} --create --if-not-exists --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} --replication-factor {{ $topic.replicationFactor }} - {{- else if $topic.partitions }} - kafka-topics --zookeeper {{ $zk }} --alter --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} || true - {{- end }} - {{- if $topic.defaultConfig }} - kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --delete-config {{ nospace $topic.defaultConfig }} || true - {{- end }} - {{- if $topic.config }} - kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --add-config {{ nospace $topic.config }} - {{- end }} - kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --describe - {{- if $topic.acls }} - {{- range $a, $acl := $topic.acls }} - {{ if and $acl.user $acl.operations }} - kafka-acls --authorizer-properties zookeeper.connect={{ $zk }} --force --add --allow-principal User:{{ $acl.user }}{{- range $operation := $acl.operations }} --operation {{ $operation }} {{- end }} --topic {{ $topic.name }} {{ $topic.extraParams }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/configmap-jmx.yaml b/rds/base/charts/jaeger/charts/kafka/templates/configmap-jmx.yaml deleted file mode 100644 index 5b8deb2..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/configmap-jmx.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- if and .Values.prometheus.jmx.enabled .Values.jmx.configMap.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kafka.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} -data: - jmx-kafka-prometheus.yml: |+ -{{- if .Values.jmx.configMap.overrideConfig }} -{{ toYaml .Values.jmx.configMap.overrideConfig | indent 4 }} -{{- else }} - jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:{{ .Values.jmx.port }}/jmxrmi - lowercaseOutputName: true - lowercaseOutputLabelNames: true - ssl: false - {{ if .Values.jmx.whitelistObjectNames }} - whitelistObjectNames: ["{{ join "\",\"" .Values.jmx.whitelistObjectNames }}"] - {{ end }} - rules: - - pattern: kafka.controller<>(Value) - name: kafka_controller_$1_$2_$4 - labels: - broker_id: "$3" - - pattern: kafka.controller<>(Value) - name: kafka_controller_$1_$2_$3 - - pattern: kafka.controller<>(Value) - name: kafka_controller_$1_$2_$3 - - pattern: kafka.controller<>(Count) - name: kafka_controller_$1_$2_$3 - - pattern: kafka.server<>(Value) - name: kafka_server_$1_$2_$4 - labels: - client_id: "$3" - - pattern : kafka.network<>(Value) - name: kafka_network_$1_$2_$4 - labels: - network_processor: $3 - - pattern : kafka.network<>(Count) - name: kafka_network_$1_$2_$4 - labels: - request: $3 - - pattern: kafka.server<>(Count|OneMinuteRate) - name: kafka_server_$1_$2_$4 - labels: - topic: $3 - - pattern: kafka.server<>(Value) - name: kafka_server_$1_$2_$3_$4 - - pattern: kafka.server<>(Count|Value|OneMinuteRate) - name: kafka_server_$1_total_$2_$3 - - pattern: kafka.server<>(queue-size) - name: kafka_server_$1_$2 - - pattern: java.lang<(.+)>(\w+) - name: java_lang_$1_$4_$3_$2 - - pattern: java.lang<>(\w+) - name: java_lang_$1_$3_$2 - - pattern : java.lang - - pattern: kafka.log<>Value - name: kafka_log_$1_$2 - labels: - topic: $3 - partition: $4 -{{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/deployment-kafka-exporter.yaml b/rds/base/charts/jaeger/charts/kafka/templates/deployment-kafka-exporter.yaml deleted file mode 100644 index 2c5cad4..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/deployment-kafka-exporter.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.prometheus.kafka.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kafka.fullname" . }}-exporter - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "kafka.monitor.matchLabels" . | nindent 6 }} - template: - metadata: - annotations: -{{- if and .Values.prometheus.kafka.enabled (not .Values.prometheus.operator.enabled) }} - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.prometheus.kafka.port | quote }} -{{- end }} - labels: - {{- include "kafka.monitor.labels" . | nindent 8 }} - spec: - containers: - - image: "{{ .Values.prometheus.kafka.image }}:{{ .Values.prometheus.kafka.imageTag }}" - name: kafka-exporter - args: - - --kafka.server={{ template "kafka.fullname" . }}:9092 - - --web.listen-address=:{{ .Values.prometheus.kafka.port }} - ports: - - containerPort: {{ .Values.prometheus.kafka.port }} - resources: -{{ toYaml .Values.prometheus.kafka.resources | indent 10 }} -{{- if .Values.prometheus.kafka.tolerations }} - tolerations: -{{ toYaml .Values.prometheus.kafka.tolerations | indent 8 }} -{{- end }} -{{- if .Values.prometheus.kafka.affinity }} - affinity: -{{ toYaml .Values.prometheus.kafka.affinity | indent 8 }} -{{- end }} -{{- if .Values.prometheus.kafka.nodeSelector }} - nodeSelector: -{{ toYaml .Values.prometheus.kafka.nodeSelector | indent 8 }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/job-config.yaml b/rds/base/charts/jaeger/charts/kafka/templates/job-config.yaml deleted file mode 100644 index c049422..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/job-config.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.topics -}} -{{- $scriptHash := include (print $.Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 8 -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "kafka.fullname" . }}-config-{{ $scriptHash }}" - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.config.labels" . | nindent 4 }} -spec: - backoffLimit: {{ .Values.configJob.backoffLimit }} - template: - metadata: - labels: - {{- include "kafka.config.matchLabels" . | nindent 8 }} - spec: - restartPolicy: OnFailure - volumes: - - name: config-volume - configMap: - name: {{ template "kafka.fullname" . }}-config - defaultMode: 0744 - containers: - - name: {{ template "kafka.fullname" . }}-config - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - command: ["/usr/local/script/runtimeConfig.sh"] - volumeMounts: - - name: config-volume - mountPath: "/usr/local/script" -{{- end -}} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/podisruptionbudget.yaml b/rds/base/charts/jaeger/charts/kafka/templates/podisruptionbudget.yaml deleted file mode 100644 index 6406ea5..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/podisruptionbudget.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "kafka.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.broker.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "kafka.broker.matchLabels" . | nindent 6 }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} - -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/prometheusrules.yaml b/rds/base/charts/jaeger/charts/kafka/templates/prometheusrules.yaml deleted file mode 100644 index a119c18..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/prometheusrules.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if and .Values.prometheus.operator.enabled .Values.prometheus.operator.prometheusRule.enabled .Values.prometheus.operator.prometheusRule.rules }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "kafka.fullname" . }} - namespace: {{ include "serviceMonitor.namespace" . | default .Release.Namespace }} - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} - {{- toYaml .Values.prometheus.operator.prometheusRule.selector | nindent 4 }} -spec: - groups: - - name: {{ include "kafka.fullname" . }} - rules: - {{- toYaml .Values.prometheus.operator.prometheusRule.rules | nindent 6 }} -{{- end }} - diff --git a/rds/base/charts/jaeger/charts/kafka/templates/service-brokers-external.yaml b/rds/base/charts/jaeger/charts/kafka/templates/service-brokers-external.yaml deleted file mode 100644 index 3991e57..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/service-brokers-external.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.external.enabled }} - {{- $fullName := include "kafka.fullname" . }} - {{- $replicas := .Values.replicas | int }} - {{- $servicePort := .Values.external.servicePort }} - {{- $firstListenerPort := .Values.external.firstListenerPort }} - {{- $dnsPrefix := printf "%s" .Release.Name }} - {{- $root := . }} - {{- range $i, $e := until $replicas }} - {{- $externalListenerPort := add $root.Values.external.firstListenerPort $i }} - {{- $responsiblePod := printf "%s-%d" (printf "%s" $fullName) $i }} - {{- $distinctPrefix := printf "%s-%d" $dnsPrefix $i }} - {{- $loadBalancerIPLen := len $root.Values.external.loadBalancerIP }} - ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{- if $root.Values.external.distinct }} - {{- if $root.Values.external.dns.useInternal }} - dns.alpha.kubernetes.io/internal: "{{ $distinctPrefix }}.{{ $root.Values.external.domain }}" - {{- end }} - {{- if $root.Values.external.dns.useExternal }} - external-dns.alpha.kubernetes.io/hostname: "{{ $distinctPrefix }}.{{ $root.Values.external.domain }}" - {{- end }} - {{- else }} - {{- if $root.Values.external.dns.useInternal }} - dns.alpha.kubernetes.io/internal: "{{ $dnsPrefix }}.{{ $root.Values.external.domain }}" - {{- end }} - {{- if $root.Values.external.dns.useExternal }} - external-dns.alpha.kubernetes.io/hostname: "{{ $dnsPrefix }}.{{ $root.Values.external.domain }}" - {{- end }} - {{- end }} - {{- if $root.Values.external.annotations }} -{{ toYaml $root.Values.external.annotations | indent 4 }} - {{- end }} - name: {{ $root.Release.Name }}-{{ $i }}-external - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.broker.labels" $root | nindent 4 }} - pod: {{ $responsiblePod | quote }} - {{- if $root.Values.external.labels }} -{{ toYaml $root.Values.external.labels | indent 4 }} - {{- end }} -spec: - type: {{ $root.Values.external.type }} - ports: - - name: external-broker - {{- if and (eq $root.Values.external.type "LoadBalancer") (not $root.Values.external.distinct) }} - port: {{ $firstListenerPort }} - {{- else }} - port: {{ $servicePort }} - {{- end }} - {{- if and (eq $root.Values.external.type "LoadBalancer") ($root.Values.external.distinct) }} - targetPort: {{ $servicePort }} - {{- else if and (eq $root.Values.external.type "LoadBalancer") (not $root.Values.external.distinct) }} - targetPort: {{ $firstListenerPort }} - {{- else }} - targetPort: {{ $externalListenerPort }} - {{- end }} - {{- if eq $root.Values.external.type "NodePort" }} - nodePort: {{ $externalListenerPort }} - {{- end }} - protocol: TCP - {{- if and (eq $root.Values.external.type "LoadBalancer") (eq $loadBalancerIPLen $replicas) }} - loadBalancerIP: {{ index $root.Values.external.loadBalancerIP $i }} - {{- end }} - {{- if $root.Values.external.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $root.Values.external.loadBalancerSourceRanges }} - - {{ . | quote}} - {{- end }} - {{- end }} - selector: - {{- include "kafka.broker.matchLabels" $root | nindent 4 }} - statefulset.kubernetes.io/pod-name: {{ $responsiblePod | quote }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/service-brokers.yaml b/rds/base/charts/jaeger/charts/kafka/templates/service-brokers.yaml deleted file mode 100644 index 6f64024..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/service-brokers.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kafka.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.broker.labels" . | nindent 4 }} -spec: - ports: - - name: broker - port: 9092 - targetPort: kafka -{{- if and .Values.prometheus.jmx.enabled .Values.prometheus.operator.enabled }} - - name: jmx-exporter - protocol: TCP - port: {{ .Values.jmx.port }} - targetPort: prometheus -{{- end }} - selector: - {{- include "kafka.broker.matchLabels" . | nindent 4 }} ---- -{{- if and .Values.prometheus.kafka.enabled .Values.prometheus.operator.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kafka.fullname" . }}-exporter - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} -spec: - ports: - - name: kafka-exporter - protocol: TCP - port: {{ .Values.prometheus.kafka.port }} - targetPort: {{ .Values.prometheus.kafka.port }} - selector: - {{- include "kafka.monitor.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/service-headless.yaml b/rds/base/charts/jaeger/charts/kafka/templates/service-headless.yaml deleted file mode 100644 index 4a6b99e..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/service-headless.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kafka.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.broker.labels" . | nindent 4 }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -{{- if .Values.headless.annotations }} -{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - ports: - - name: broker - port: {{ .Values.headless.port }} -{{- if .Values.headless.targetPort }} - targetPort: {{ .Values.headless.targetPort }} -{{- end }} - clusterIP: None - selector: - {{- include "kafka.broker.matchLabels" . | nindent 4 }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/servicemonitors.yaml b/rds/base/charts/jaeger/charts/kafka/templates/servicemonitors.yaml deleted file mode 100644 index 4d63960..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/servicemonitors.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ if and .Values.prometheus.jmx.enabled .Values.prometheus.operator.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "kafka.fullname" . }} - namespace: {{ include "serviceMonitor.namespace" . | default .Release.Namespace }} - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} - {{- toYaml .Values.prometheus.operator.serviceMonitor.selector | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "kafka.broker.matchLabels" . | nindent 6 }} - endpoints: - - port: jmx-exporter - interval: {{ .Values.prometheus.jmx.interval }} - {{- if .Values.prometheus.jmx.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.jmx.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} ---- -{{ if and .Values.prometheus.kafka.enabled .Values.prometheus.operator.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "kafka.fullname" . }}-exporter - namespace: {{ include "serviceMonitor.namespace" . }} - labels: - {{- include "kafka.monitor.labels" . | nindent 4 }} - {{ toYaml .Values.prometheus.operator.serviceMonitor.selector | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "kafka.monitor.matchLabels" . | nindent 6 }} - endpoints: - - port: kafka-exporter - interval: {{ .Values.prometheus.kafka.interval }} - {{- if .Values.prometheus.kafka.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.kafka.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/statefulset.yaml b/rds/base/charts/jaeger/charts/kafka/templates/statefulset.yaml deleted file mode 100644 index de3a284..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/statefulset.yaml +++ /dev/null @@ -1,273 +0,0 @@ -{{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "kafka.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kafka.broker.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "kafka.broker.matchLabels" . | nindent 6 }} - serviceName: {{ include "kafka.fullname" . }}-headless - podManagementPolicy: {{ .Values.podManagementPolicy }} - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - replicas: {{ default 3 .Values.replicas }} - template: - metadata: -{{- if or .Values.podAnnotations (and .Values.prometheus.jmx.enabled (not .Values.prometheus.operator.enabled)) }} - annotations: -{{- if and .Values.prometheus.jmx.enabled (not .Values.prometheus.operator.enabled) }} - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} -{{- end }} - labels: - {{- include "kafka.broker.labels" . | nindent 8 }} - {{- if .Values.podLabels }} - ## Custom pod labels -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - spec: -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} -{{- if .Values.serviceAccountName }} - serviceAccountName: {{ .Values.serviceAccountName }} -{{- end }} -{{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - containers: - {{- if .Values.prometheus.jmx.enabled }} - - name: metrics - image: "{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" - command: - - sh - - -exc - - | - trap "exit 0" TERM; \ - while :; do \ - java \ - -XX:+UnlockExperimentalVMOptions \ - -XX:+UseCGroupMemoryLimitForHeap \ - -XX:MaxRAMFraction=1 \ - -XshowSettings:vm \ - -jar \ - jmx_prometheus_httpserver.jar \ - {{ .Values.prometheus.jmx.port | quote }} \ - /etc/jmx-kafka/jmx-kafka-prometheus.yml & \ - wait $! || sleep 3; \ - done - ports: - - containerPort: {{ .Values.prometheus.jmx.port }} - name: prometheus - resources: -{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} - volumeMounts: - - name: jmx-config - mountPath: /etc/jmx-kafka - {{- end }} - - name: {{ include "kafka.name" . }}-broker - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" - livenessProbe: - exec: - command: - - sh - - -ec - - /usr/bin/jps | /bin/grep -q SupportedKafka - {{- if not .Values.livenessProbe }} - initialDelaySeconds: 30 - timeoutSeconds: 5 - {{- else }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30}} - {{- if .Values.livenessProbe.periodSeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - {{- end }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5}} - {{- if .Values.livenessProbe.successThreshold }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.livenessProbe.failureThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- end }} - readinessProbe: - tcpSocket: - port: kafka - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - ports: - - containerPort: 9092 - name: kafka - {{- if .Values.external.enabled }} - {{- $replicas := .Values.replicas | int }} - {{- $root := . }} - {{- range $i, $e := until $replicas }} - - containerPort: {{ add $root.Values.external.firstListenerPort $i }} - name: external-{{ $i }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.jmx.enabled }} - - containerPort: {{ .Values.jmx.port }} - name: jmx - {{- end }} - {{- if .Values.additionalPorts }} -{{ toYaml .Values.additionalPorts | indent 8 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - env: - {{- if .Values.prometheus.jmx.enabled }} - - name: JMX_PORT - value: "{{ .Values.jmx.port }}" - {{- end }} - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KAFKA_HEAP_OPTS - value: {{ .Values.kafkaHeapOptions }} - - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR - value: {{ include "kafka.replication.factor" . | quote }} - {{- if not (hasKey .Values.configurationOverrides "zookeeper.connect") }} - - name: KAFKA_ZOOKEEPER_CONNECT - value: {{ include "zookeeper.url" . | quote }} - {{- end }} - {{- if not (hasKey .Values.configurationOverrides "log.dirs") }} - - name: KAFKA_LOG_DIRS - value: {{ printf "%s/%s" .Values.persistence.mountPath .Values.logSubPath | quote }} - {{- end }} - {{- range $key, $value := .Values.configurationOverrides }} - - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.jmx.port }} - - name: KAFKA_JMX_PORT - value: "{{ .Values.jmx.port }}" - {{- end }} - {{- range $secret := .Values.secrets }} - {{- if not $secret.mountPath }} - {{- range $key := $secret.keys }} - - name: {{ (print ($secret.name | replace "-" "_") "_" $key) | upper }} - valueFrom: - secretKeyRef: - name: {{ $secret.name }} - key: {{ $key }} - {{- end }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.envOverrides }} - - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} - {{- end }} - # This is required because the Downward API does not yet support identification of - # pod numbering in statefulsets. Thus, we are required to specify a command which - # allows us to extract the pod ID for usage as the Kafka Broker ID. - # See: https://github.com/kubernetes/kubernetes/issues/31218 - command: - - sh - - -exc - - | - unset KAFKA_PORT && \ - export KAFKA_BROKER_ID=${POD_NAME##*-} && \ - {{- if eq .Values.external.type "LoadBalancer" }} - export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \ - {{- end }} - {{- if eq .Values.external.type "NodePort" }} - export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \ - {{- else }} - export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "kafka.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \ - {{- end }} - exec /etc/confluent/docker/run - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath | quote }} - {{- range $secret := .Values.secrets }} - {{- if $secret.mountPath }} - {{- if $secret.keys }} - {{- range $key := $secret.keys }} - - name: {{ include "kafka.fullname" $ }}-{{ $secret.name }} - mountPath: {{ $secret.mountPath }}/{{ $key }} - subPath: {{ $key }} - readOnly: true - {{- end }} - {{- else }} - - name: {{ include "kafka.fullname" $ }}-{{ $secret.name }} - mountPath: {{ $secret.mountPath }} - readOnly: true - {{- end }} - {{- end }} - {{- end }} - volumes: - {{- if not .Values.persistence.enabled }} - - name: datadir - emptyDir: {} - {{- end }} - {{- if .Values.prometheus.jmx.enabled }} - - name: jmx-config - configMap: - {{- if .Values.jmx.configMap.overrideName }} - name: {{ .Values.jmx.configMap.overrideName }} - {{- else }} - name: {{ include "kafka.fullname" . }}-metrics - {{- end }} - {{- end }} - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - {{- end }} - {{- range .Values.secrets }} - {{- if .mountPath }} - - name: {{ include "kafka.fullname" $ }}-{{ .name }} - secret: - secretName: {{ .name }} - {{- end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: datadir - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/rds/base/charts/jaeger/charts/kafka/templates/tests/test_topic_create_consume_produce.yaml b/rds/base/charts/jaeger/charts/kafka/templates/tests/test_topic_create_consume_produce.yaml deleted file mode 100644 index e7dd5c9..0000000 --- a/rds/base/charts/jaeger/charts/kafka/templates/tests/test_topic_create_consume_produce.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.testsEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-test-topic-create-consume-produce" - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: {{ .Release.Name }}-test-consume - image: {{ .Values.image }}:{{ .Values.imageTag }} - command: - - sh - - -c - - | - # Create the topic - kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists && \ - # Create a message - MESSAGE="`date -u`" && \ - # Produce a test message to the topic - echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "kafka.fullname" . }}:9092 --topic helm-test-topic-create-consume-produce && \ - # Consume a test message from the topic - kafka-console-consumer --bootstrap-server {{ include "kafka.fullname" . }}-headless:9092 --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE" - restartPolicy: Never -{{- end }} \ No newline at end of file diff --git a/rds/base/charts/jaeger/charts/kafka/values.yaml b/rds/base/charts/jaeger/charts/kafka/values.yaml deleted file mode 100644 index c9e608c..0000000 --- a/rds/base/charts/jaeger/charts/kafka/values.yaml +++ /dev/null @@ -1,511 +0,0 @@ -# ------------------------------------------------------------------------------ -# Kafka: -# ------------------------------------------------------------------------------ - -## The StatefulSet installs 3 pods by default -replicas: 3 - -## The kafka image repository -image: "confluentinc/cp-kafka" - -## The kafka image tag -imageTag: "5.0.1" # Confluent image for Kafka 2.0.0 - -## Specify a imagePullPolicy -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images -imagePullPolicy: "IfNotPresent" - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -resources: {} - # limits: - # cpu: 200m - # memory: 1536Mi - # requests: - # cpu: 100m - # memory: 1024Mi -kafkaHeapOptions: "-Xmx1G -Xms1G" - -## Optional Container Security context -securityContext: {} - -## The StatefulSet Update Strategy which Kafka will use when changes are applied. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: "OnDelete" - -## Start and stop pods in Parallel or OrderedReady (one-by-one.) Note - Can not change after first release. -## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy -podManagementPolicy: OrderedReady - -## Useful if using any custom authorizer -## Pass in some secrets to use (if required) -# secrets: -# - name: myKafkaSecret -# keys: -# - username -# - password -# # mountPath: /opt/kafka/secret -# - name: myZkSecret -# keys: -# - user -# - pass -# mountPath: /opt/zookeeper/secret - - -## The subpath within the Kafka container's PV where logs will be stored. -## This is combined with `persistence.mountPath`, to create, by default: /opt/kafka/data/logs -logSubPath: "logs" - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Use an alternate serviceAccount -## Useful when using images in custom repositories -# serviceAccountName: - -## Set a pod priorityClassName -# priorityClassName: high-priority - -## Pod scheduling preferences (by default keep pods within a release on separate nodes). -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## By default we don't set affinity -affinity: {} -## Alternatively, this typical example defines: -## antiAffinity (to keep Kafka pods on separate pods) -## and affinity (to encourage Kafka pods to be collocated with Zookeeper pods) -# affinity: -# podAntiAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# - labelSelector: -# matchExpressions: -# - key: app -# operator: In -# values: -# - kafka -# topologyKey: "kubernetes.io/hostname" -# podAffinity: -# preferredDuringSchedulingIgnoredDuringExecution: -# - weight: 50 -# podAffinityTerm: -# labelSelector: -# matchExpressions: -# - key: app -# operator: In -# values: -# - zookeeper -# topologyKey: "kubernetes.io/hostname" - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -nodeSelector: {} - -## Readiness probe config. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -## -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - -## Period to wait for broker graceful shutdown (sigterm) before pod is killed (sigkill) -## ref: https://kubernetes-v1-4.github.io/docs/user-guide/production-pods/#lifecycle-hooks-and-termination-notice -## ref: https://kafka.apache.org/10/documentation.html#brokerconfigs controlled.shutdown.* -terminationGracePeriodSeconds: 60 - -# Tolerations for nodes that have taints on them. -# Useful if you want to dedicate nodes to just run kafka -# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] -# tolerations: -# - key: "key" -# operator: "Equal" -# value: "value" -# effect: "NoSchedule" - -## Headless service. -## -headless: - # annotations: - # targetPort: - port: 9092 - -## External access. -## -external: - enabled: false - # type can be either NodePort or LoadBalancer - type: NodePort - # annotations: - # service.beta.kubernetes.io/openstack-internal-load-balancer: "true" - # Labels to be added to external services - # labels: - # aLabel: "value" - dns: - useInternal: false - useExternal: true - # If using external service type LoadBalancer and external dns, set distinct to true below. - # This creates an A record for each statefulset pod/broker. You should then map the - # A record of the broker to the EXTERNAL IP given by the LoadBalancer in your DNS server. - distinct: false - servicePort: 19092 - firstListenerPort: 31090 - domain: cluster.local - loadBalancerIP: [] - loadBalancerSourceRanges: [] - init: - image: "lwolf/kubectl_deployer" - imageTag: "0.4" - imagePullPolicy: "IfNotPresent" - -# Annotation to be added to Kafka pods -podAnnotations: {} - -# Labels to be added to Kafka pods -podLabels: {} - # service: broker - # team: developers - -podDisruptionBudget: {} - # maxUnavailable: 1 # Limits how many Kafka pods may be unavailable due to voluntary disruptions. - -## Configuration Overrides. Specify any Kafka settings you would like set on the StatefulSet -## here in map format, as defined in the official docs. -## ref: https://kafka.apache.org/documentation/#brokerconfigs -## -configurationOverrides: - "confluent.support.metrics.enable": false # Disables confluent metric submission - # "auto.leader.rebalance.enable": true - # "auto.create.topics.enable": true - # "controlled.shutdown.enable": true - # "controlled.shutdown.max.retries": 100 - - ## Options required for external access via NodePort - ## ref: - ## - http://kafka.apache.org/documentation/#security_configbroker - ## - https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic - ## - ## Setting "advertised.listeners" here appends to "PLAINTEXT://${POD_IP}:9092,", ensure you update the domain - ## If external service type is Nodeport: - # "advertised.listeners": |- - # EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID})) - ## If external service type is LoadBalancer and distinct is true: - # "advertised.listeners": |- - # EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092 - ## If external service type is LoadBalancer and distinct is false: - # "advertised.listeners": |- - # EXTERNAL://${LOAD_BALANCER_IP}:31090 - ## Uncomment to define the EXTERNAL Listener protocol - # "listener.security.protocol.map": |- - # PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - -## set extra ENVs -# key: "value" -envOverrides: {} - - -## A collection of additional ports to expose on brokers (formatted as normal containerPort yaml) -# Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar -additionalPorts: {} - -## Persistence configuration. Specify if and how to persist data to a persistent volume. -## -persistence: - enabled: true - - ## The size of the PersistentVolume to allocate to each Kafka Pod in the StatefulSet. For - ## production servers this number should likely be much larger. - ## - size: "1Gi" - - ## The location within the Kafka container where the PV will mount its storage and Kafka will - ## store its logs. - ## - mountPath: "/opt/kafka/data" - - ## Kafka data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: - -jmx: - ## Rules to apply to the Prometheus JMX Exporter. Note while lots of stats have been cleaned and exposed, - ## there are still more stats to clean up and expose, others will never get exposed. They keep lots of duplicates - ## that can be derived easily. The configMap in this chart cleans up the metrics it exposes to be in a Prometheus - ## format, eg topic, broker are labels and not part of metric name. Improvements are gladly accepted and encouraged. - configMap: - - ## Allows disabling the default configmap, note a configMap is needed - enabled: true - - ## Allows setting values to generate confimap - ## To allow all metrics through (warning its crazy excessive) comment out below `overrideConfig` and set - ## `whitelistObjectNames: []` - overrideConfig: {} - # jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:5555/jmxrmi - # lowercaseOutputName: true - # lowercaseOutputLabelNames: true - # ssl: false - # rules: - # - pattern: ".*" - - ## If you would like to supply your own ConfigMap for JMX metrics, supply the name of that - ## ConfigMap as an `overrideName` here. - overrideName: "" - - ## Port the jmx metrics are exposed in native jmx format, not in Prometheus format - port: 5555 - - ## JMX Whitelist Objects, can be set to control which JMX metrics are exposed. Only whitelisted - ## values will be exposed via JMX Exporter. They must also be exposed via Rules. To expose all metrics - ## (warning its crazy excessive and they aren't formatted in a prometheus style) (1) `whitelistObjectNames: []` - ## (2) commented out above `overrideConfig`. - whitelistObjectNames: # [] - - kafka.controller:* - - kafka.server:* - - java.lang:* - - kafka.network:* - - kafka.log:* - -## Prometheus Exporters / Metrics -## -prometheus: - ## Prometheus JMX Exporter: exposes the majority of Kafkas metrics - jmx: - enabled: false - - ## The image to use for the metrics collector - image: solsson/kafka-prometheus-jmx-exporter@sha256 - - ## The image tag to use for the metrics collector - imageTag: a23062396cd5af1acdf76512632c20ea6be76885dfc20cd9ff40fb23846557e8 - - ## Interval at which Prometheus scrapes metrics, note: only used by Prometheus Operator - interval: 10s - - ## Timeout at which Prometheus timeouts scrape run, note: only used by Prometheus Operator - scrapeTimeout: 10s - - ## Port jmx-exporter exposes Prometheus format metrics to scrape - port: 5556 - - resources: {} - # limits: - # cpu: 200m - # memory: 1Gi - # requests: - # cpu: 100m - # memory: 100Mi - - ## Prometheus Kafka Exporter: exposes complimentary metrics to JMX Exporter - kafka: - enabled: false - - ## The image to use for the metrics collector - image: danielqsj/kafka-exporter - - ## The image tag to use for the metrics collector - imageTag: v1.2.0 - - ## Interval at which Prometheus scrapes metrics, note: only used by Prometheus Operator - interval: 10s - - ## Timeout at which Prometheus timeouts scrape run, note: only used by Prometheus Operator - scrapeTimeout: 10s - - ## Port kafka-exporter exposes for Prometheus to scrape metrics - port: 9308 - - ## Resource limits - resources: {} -# limits: -# cpu: 200m -# memory: 1Gi -# requests: -# cpu: 100m -# memory: 100Mi - - # Tolerations for nodes that have taints on them. - # Useful if you want to dedicate nodes to just run kafka-exporter - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # tolerations: - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - ## Pod scheduling preferences (by default keep pods within a release on separate nodes). - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## By default we don't set affinity - affinity: {} - ## Alternatively, this typical example defines: - ## affinity (to encourage Kafka Exporter pods to be collocated with Kafka pods) - # affinity: - # podAffinity: - # preferredDuringSchedulingIgnoredDuringExecution: - # - weight: 50 - # podAffinityTerm: - # labelSelector: - # matchExpressions: - # - key: app - # operator: In - # values: - # - kafka - # topologyKey: "kubernetes.io/hostname" - - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - - operator: - ## Are you using Prometheus Operator? - enabled: false - - serviceMonitor: - # Namespace in which to install the ServiceMonitor resource. - namespace: monitoring - # Use release namespace instead - releaseNamespace: false - - ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr) - ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65) - ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298) - selector: - prometheus: kube-prometheus - - prometheusRule: - ## Add Prometheus Rules? - enabled: false - - ## Namespace in which to install the PrometheusRule resource. - namespace: monitoring - # Use release namespace instead - releaseNamespace: false - - ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr) - ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65) - ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298) - selector: - prometheus: kube-prometheus - - ## Some example rules. - ## e.g. max(kafka_controller_kafkacontroller_activecontrollercount_value{service="my-kafka-release"}) by (service) < 1 - rules: - - alert: KafkaNoActiveControllers - annotations: - message: The number of active controllers in {{ "{{" }} $labels.namespace {{ "}}" }} is less than 1. This usually means that some of the Kafka nodes aren't communicating properly. If it doesn't resolve itself you can try killing the pods (one by one whilst monitoring the under-replicated partitions graph). - expr: max(kafka_controller_kafkacontroller_activecontrollercount_value) by (namespace) < 1 - for: 5m - labels: - severity: critical - - alert: KafkaMultipleActiveControllers - annotations: - message: The number of active controllers in {{ "{{" }} $labels.namespace {{ "}}" }} is greater than 1. This usually means that some of the Kafka nodes aren't communicating properly. If it doesn't resolve itself you can try killing the pods (one by one whilst monitoring the under-replicated partitions graph). - expr: max(kafka_controller_kafkacontroller_activecontrollercount_value) by (namespace) > 1 - for: 5m - labels: - severity: critical - -## Kafka Config job configuration -## -configJob: - ## Specify the number of retries before considering kafka-config job as failed. - ## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy - backoffLimit: 6 - -## Topic creation and configuration. -## The job will be run on a deployment only when the config has been changed. -## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.) -## - If 'partitions', 'replicationFactor' and 'reassignPartitions' are specified we reassign the partitions to -## increase the replication factor of an existing topic. -## - If 'partitions' is specified we 'alter' the number of partitions. This will -## silently and safely fail if the new setting isn’t strictly larger than the old (i.e. a NOOP.) Do be aware of the -## implications for keyed topics (ref: https://docs.confluent.io/current/kafka/post-deployment.html#admin-operations) -## - If 'defaultConfig' is specified it's deleted from the topic configuration. If it isn't present, -## it will silently and safely fail. -## - If 'config' is specified it's added to the topic configuration. -## -## Note: To increase the 'replicationFactor' of a topic, 'reassignPartitions' must be set to true (see above). -## -topics: [] - # - name: myExistingTopicConfig - # config: "cleanup.policy=compact,delete.retention.ms=604800000" - # - name: myExistingTopicReassignPartitions - # partitions: 8 - # replicationFactor: 5 - # reassignPartitions: true - # - name: myExistingTopicPartitions - # partitions: 8 - # - name: myNewTopicWithConfig - # partitions: 8 - # replicationFactor: 3 - # defaultConfig: "segment.bytes,segment.ms" - # config: "cleanup.policy=compact,delete.retention.ms=604800000" - # - name: myAclTopicPartitions - # partitions: 8 - # acls: - # - user: read - # operations: [ Read ] - # - user: read_and_write - # operations: - # - Read - # - Write - # - user: all - # operations: [ All ] - -## Enable/disable the chart's tests. Useful if using this chart as a dependency of -## another chart and you don't want these tests running when trying to develop and -## test your own chart. -testsEnabled: true - -# ------------------------------------------------------------------------------ -# Zookeeper: -# ------------------------------------------------------------------------------ - -zookeeper: - ## If true, install the Zookeeper chart alongside Kafka - ## ref: https://github.com/kubernetes/charts/tree/master/incubator/zookeeper - enabled: true - - ## Configure Zookeeper resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: ~ - - ## Environmental variables to set in Zookeeper - env: - ## The JVM heap size to allocate to Zookeeper - ZK_HEAP_SIZE: "1G" - - persistence: - enabled: false - ## The amount of PV storage allocated to each Zookeeper pod in the statefulset - # size: "2Gi" - - ## Specify a Zookeeper imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - image: - PullPolicy: "IfNotPresent" - - ## If the Zookeeper Chart is disabled a URL and port are required to connect - url: "" - port: 2181 - - ## Pod scheduling preferences (by default keep pods within a release on separate nodes). - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## By default we don't set affinity: - affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - topologyKey: "kubernetes.io/hostname" - # labelSelector: - # matchLabels: - # release: zookeeper diff --git a/rds/base/charts/jaeger/requirements.lock b/rds/base/charts/jaeger/requirements.lock deleted file mode 100644 index 3df5f5b..0000000 --- a/rds/base/charts/jaeger/requirements.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: cassandra - repository: file://charts/cassandra - version: 0.15.2 -- name: elasticsearch - repository: file://charts/elasticsearch - version: 7.8.1 -- name: kafka - repository: file://charts/kafka - version: 0.20.6 -digest: sha256:c83f2652150b6feb9e1637810bcb9ac271917958b7776792f28d3eb210eb7c2b -generated: "2022-08-18T15:36:39.919682019+02:00" diff --git a/rds/base/charts/jaeger/requirements.yaml b/rds/base/charts/jaeger/requirements.yaml deleted file mode 100644 index c6bdaaa..0000000 --- a/rds/base/charts/jaeger/requirements.yaml +++ /dev/null @@ -1,14 +0,0 @@ -dependencies: - - name: cassandra - version: ^0.15.0 - repository: file://charts/cassandra - condition: provisionDataStore.cassandra - - name: elasticsearch - version: ^7.5.1 - repository: file://charts/elasticsearch - condition: provisionDataStore.elasticsearch - - name: kafka - version: ^0.20.6 - repository: file://charts/kafka - condition: provisionDataStore.kafka -version: 0.34.0 diff --git a/rds/base/charts/jaeger/templates/NOTES.txt b/rds/base/charts/jaeger/templates/NOTES.txt deleted file mode 100644 index f9664d2..0000000 --- a/rds/base/charts/jaeger/templates/NOTES.txt +++ /dev/null @@ -1,27 +0,0 @@ - -################################################################### -### IMPORTANT: The use of .env: {...} is deprecated. ### -### Please use .extraEnv: [] instead. ### -################################################################### - -You can log into the Jaeger Query UI here: - -{{- if contains "NodePort" .Values.query.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jaeger.fullname" . }}-query) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - -{{- else if contains "LoadBalancer" .Values.query.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "jaeger.fullname" . }}-query' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jaeger.fullname" . }}-query -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ -{{- else if contains "ClusterIP" .Values.query.service.type }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=query" -o jsonpath="{.items[0].metadata.name}") - echo http://127.0.0.1:8080/ - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:16686 -{{- end }} diff --git a/rds/base/charts/jaeger/templates/_helpers.tpl b/rds/base/charts/jaeger/templates/_helpers.tpl deleted file mode 100644 index 96cba36..0000000 --- a/rds/base/charts/jaeger/templates/_helpers.tpl +++ /dev/null @@ -1,370 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "jaeger.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "jaeger.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "jaeger.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "jaeger.labels" -}} -helm.sh/chart: {{ include "jaeger.chart" . }} -{{ include "jaeger.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "jaeger.selectorLabels" -}} -app.kubernetes.io/name: {{ include "jaeger.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the cassandra schema service account to use -*/}} -{{- define "jaeger.cassandraSchema.serviceAccountName" -}} -{{- if .Values.schema.serviceAccount.create -}} - {{ default (printf "%s-cassandra-schema" (include "jaeger.fullname" .)) .Values.schema.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.schema.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the spark service account to use -*/}} -{{- define "jaeger.spark.serviceAccountName" -}} -{{- if .Values.spark.serviceAccount.create -}} - {{ default (printf "%s-spark" (include "jaeger.fullname" .)) .Values.spark.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.spark.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the esIndexCleaner service account to use -*/}} -{{- define "jaeger.esIndexCleaner.serviceAccountName" -}} -{{- if .Values.esIndexCleaner.serviceAccount.create -}} - {{ default (printf "%s-es-index-cleaner" (include "jaeger.fullname" .)) .Values.esIndexCleaner.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.esIndexCleaner.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the hotrod service account to use -*/}} -{{- define "jaeger.hotrod.serviceAccountName" -}} -{{- if .Values.hotrod.serviceAccount.create -}} - {{ default (printf "%s-hotrod" (include "jaeger.fullname" .)) .Values.hotrod.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.hotrod.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the query service account to use -*/}} -{{- define "jaeger.query.serviceAccountName" -}} -{{- if .Values.query.serviceAccount.create -}} - {{ default (include "jaeger.query.name" .) .Values.query.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.query.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the agent service account to use -*/}} -{{- define "jaeger.agent.serviceAccountName" -}} -{{- if .Values.agent.serviceAccount.create -}} - {{ default (include "jaeger.agent.name" .) .Values.agent.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.agent.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the collector service account to use -*/}} -{{- define "jaeger.collector.serviceAccountName" -}} -{{- if .Values.collector.serviceAccount.create -}} - {{ default (include "jaeger.collector.name" .) .Values.collector.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.collector.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the ingester service account to use -*/}} -{{- define "jaeger.ingester.serviceAccountName" -}} -{{- if .Values.ingester.serviceAccount.create -}} - {{ default (include "jaeger.ingester.name" .) .Values.ingester.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.ingester.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified query name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "jaeger.query.name" -}} -{{- $nameGlobalOverride := printf "%s-query" (include "jaeger.fullname" .) -}} -{{- if .Values.query.fullnameOverride -}} -{{- printf "%s" .Values.query.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $nameGlobalOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified agent name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "jaeger.agent.name" -}} -{{- $nameGlobalOverride := printf "%s-agent" (include "jaeger.fullname" .) -}} -{{- if .Values.agent.fullnameOverride -}} -{{- printf "%s" .Values.agent.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $nameGlobalOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified collector name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "jaeger.collector.name" -}} -{{- $nameGlobalOverride := printf "%s-collector" (include "jaeger.fullname" .) -}} -{{- if .Values.collector.fullnameOverride -}} -{{- printf "%s" .Values.collector.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $nameGlobalOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified ingester name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "jaeger.ingester.name" -}} -{{- $nameGlobalOverride := printf "%s-ingester" (include "jaeger.fullname" .) -}} -{{- if .Values.ingester.fullnameOverride -}} -{{- printf "%s" .Values.ingester.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $nameGlobalOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{- define "cassandra.host" -}} -{{- if .Values.provisionDataStore.cassandra -}} -{{- if .Values.storage.cassandra.nameOverride }} -{{- printf "%s" .Values.storage.cassandra.nameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name "cassandra" | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- else }} -{{- .Values.storage.cassandra.host }} -{{- end -}} -{{- end -}} - -{{- define "cassandra.contact_points" -}} -{{- $port := .Values.storage.cassandra.port | toString }} -{{- if .Values.provisionDataStore.cassandra -}} -{{- if .Values.storage.cassandra.nameOverride }} -{{- $host := printf "%s" .Values.storage.cassandra.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- printf "%s:%s" $host $port }} -{{- else }} -{{- $host := printf "%s-%s" .Release.Name "cassandra" | trunc 63 | trimSuffix "-" -}} -{{- printf "%s:%s" $host $port }} -{{- end -}} -{{- else }} -{{- printf "%s:%s" .Values.storage.cassandra.host $port }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "elasticsearch.client.url" -}} -{{- $port := .Values.storage.elasticsearch.port | toString -}} -{{- printf "%s://%s:%s" .Values.storage.elasticsearch.scheme .Values.storage.elasticsearch.host $port }} -{{- end -}} - -{{- define "jaeger.hotrod.tracing.host" -}} -{{- default (include "jaeger.agent.name" .) .Values.hotrod.tracing.host -}} -{{- end -}} - - -{{/* -Configure list of IP CIDRs allowed access to load balancer (if supported) -*/}} -{{- define "loadBalancerSourceRanges" -}} -{{- if .service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- end -}} - -{{- define "helm-toolkit.utils.joinListWithComma" -}} -{{- $local := dict "first" true -}} -{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} -{{- end -}} - - -{{/* -Cassandra related environment variables -*/}} -{{- define "cassandra.env" -}} -- name: CASSANDRA_SERVERS - value: {{ include "cassandra.host" . }} -- name: CASSANDRA_PORT - value: {{ .Values.storage.cassandra.port | quote }} -{{ if .Values.storage.cassandra.tls.enabled }} -- name: CASSANDRA_TLS_ENABLED - value: "true" -- name: CASSANDRA_TLS_SERVER_NAME - valueFrom: - secretKeyRef: - name: {{ .Values.storage.cassandra.tls.secretName }} - key: commonName -- name: CASSANDRA_TLS_KEY - value: "/cassandra-tls/client-key.pem" -- name: CASSANDRA_TLS_CERT - value: "/cassandra-tls/client-cert.pem" -- name: CASSANDRA_TLS_CA - value: "/cassandra-tls/ca-cert.pem" -{{- end }} -{{- if .Values.storage.cassandra.keyspace }} -- name: CASSANDRA_KEYSPACE - value: {{ .Values.storage.cassandra.keyspace }} -{{- end }} -- name: CASSANDRA_USERNAME - value: {{ .Values.storage.cassandra.user }} -- name: CASSANDRA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.storage.cassandra.existingSecret }}{{ .Values.storage.cassandra.existingSecret }}{{- else }}{{ include "jaeger.fullname" . }}-cassandra{{- end }} - key: password -{{- range $key, $value := .Values.storage.cassandra.env }} -- name: {{ $key | quote }} - value: {{ $value | quote }} -{{ end -}} -{{- if .Values.storage.cassandra.extraEnv }} -{{ toYaml .Values.storage.cassandra.extraEnv }} -{{- end }} -{{- end -}} - -{{/* -Elasticsearch related environment variables -*/}} -{{- define "elasticsearch.env" -}} -- name: ES_SERVER_URLS - value: {{ include "elasticsearch.client.url" . }} -- name: ES_USERNAME - value: {{ .Values.storage.elasticsearch.user }} -{{- if .Values.storage.elasticsearch.usePassword }} -- name: ES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.storage.elasticsearch.existingSecret }}{{ .Values.storage.elasticsearch.existingSecret }}{{- else }}{{ include "jaeger.fullname" . }}-elasticsearch{{- end }} - key: {{ default "password" .Values.storage.elasticsearch.existingSecretKey }} -{{- end }} -{{- if .Values.storage.elasticsearch.indexPrefix }} -- name: ES_INDEX_PREFIX - value: {{ .Values.storage.elasticsearch.indexPrefix }} -{{- end }} -{{- range $key, $value := .Values.storage.elasticsearch.env }} -- name: {{ $key | quote }} - value: {{ $value | quote }} -{{ end -}} -{{- if .Values.storage.elasticsearch.extraEnv }} -{{ toYaml .Values.storage.elasticsearch.extraEnv }} -{{- end }} -{{- end -}} - -{{/* -Cassandra or Elasticsearch related environment variables depending on which is used -*/}} -{{- define "storage.env" -}} -{{- if eq .Values.storage.type "cassandra" -}} -{{ include "cassandra.env" . }} -{{- else if eq .Values.storage.type "elasticsearch" -}} -{{ include "elasticsearch.env" . }} -{{- end -}} -{{- end -}} - -{{/* -Cassandra related command line options -*/}} -{{- define "cassandra.cmdArgs" -}} -{{- range $key, $value := .Values.storage.cassandra.cmdlineParams -}} -{{- if $value -}} -- --{{ $key }}={{ $value }} -{{- else }} -- --{{ $key }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Elasticsearch related command line options -*/}} -{{- define "elasticsearch.cmdArgs" -}} -{{- range $key, $value := .Values.storage.elasticsearch.cmdlineParams -}} -{{- if $value -}} -- --{{ $key }}={{ $value }} -{{- else }} -- --{{ $key }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Cassandra or Elasticsearch related command line options depending on which is used -*/}} -{{- define "storage.cmdArgs" -}} -{{- if eq .Values.storage.type "cassandra" -}} -{{- include "cassandra.cmdArgs" . -}} -{{- else if eq .Values.storage.type "elasticsearch" -}} -{{- include "elasticsearch.cmdArgs" . -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/agent-ds.yaml b/rds/base/charts/jaeger/templates/agent-ds.yaml deleted file mode 100644 index 2b4f8b7..0000000 --- a/rds/base/charts/jaeger/templates/agent-ds.yaml +++ /dev/null @@ -1,142 +0,0 @@ -{{- if .Values.agent.enabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "jaeger.agent.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: agent -{{- if .Values.agent.annotations }} - annotations: - {{- toYaml .Values.agent.annotations | nindent 4 }} -{{- end }} -spec: - selector: - matchLabels: - {{- include "jaeger.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: agent - template: - metadata: -{{- if .Values.agent.podAnnotations }} - annotations: - {{- toYaml .Values.agent.podAnnotations | nindent 8 }} -{{- end }} - labels: - {{- include "jaeger.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: agent -{{- if .Values.agent.podLabels }} - {{- toYaml .Values.agent.podLabels | nindent 8 }} -{{- end }} - spec: - securityContext: - {{- toYaml .Values.agent.podSecurityContext | nindent 8 }} - {{- if .Values.agent.useHostNetwork }} - hostNetwork: true - {{- end }} - dnsPolicy: {{ .Values.agent.dnsPolicy }} - {{- with .Values.agent.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - serviceAccountName: {{ template "jaeger.agent.serviceAccountName" . }} - {{- with .Values.agent.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ template "jaeger.agent.name" . }} - securityContext: - {{- toYaml .Values.agent.securityContext | nindent 10 }} - image: {{ .Values.agent.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.agent.pullPolicy }} - args: - {{- range $key, $value := .Values.agent.cmdlineParams }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - env: - {{- if .Values.agent.extraEnv }} - {{- toYaml .Values.agent.extraEnv | nindent 10 }} - {{- end }} - {{- if not (hasKey .Values.agent.cmdlineParams "reporter.grpc.host-port") }} - - name: REPORTER_GRPC_HOST_PORT - value: {{ include "jaeger.collector.name" . }}:{{ .Values.collector.service.grpc.port }} - {{- end }} - ports: - - name: zipkin-compact - containerPort: {{ .Values.agent.service.zipkinThriftPort }} - protocol: UDP - {{- if .Values.agent.daemonset.useHostPort }} - hostPort: {{ .Values.agent.service.zipkinThriftPort }} - {{- end }} - - name: jaeger-compact - containerPort: {{ .Values.agent.service.compactPort }} - protocol: UDP - {{- if .Values.agent.daemonset.useHostPort }} - hostPort: {{ .Values.agent.service.compactPort }} - {{- end }} - - name: jaeger-binary - containerPort: {{ .Values.agent.service.binaryPort }} - protocol: UDP - {{- if .Values.agent.daemonset.useHostPort }} - hostPort: {{ .Values.agent.service.binaryPort }} - {{- end }} - - name: http - containerPort: {{ .Values.agent.service.samplingPort }} - protocol: TCP - {{- if .Values.agent.daemonset.useHostPort }} - hostPort: {{ .Values.agent.service.samplingPort }} - {{- end }} - - name: admin - containerPort: 14271 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: admin - readinessProbe: - httpGet: - path: / - port: admin - resources: - {{- toYaml .Values.agent.resources | nindent 10 }} - volumeMounts: - {{- range .Values.agent.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.agent.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - volumes: - {{- range .Values.agent.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.agent.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- with .Values.agent.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.agent.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.agent.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/agent-sa.yaml b/rds/base/charts/jaeger/templates/agent-sa.yaml deleted file mode 100644 index 211119f..0000000 --- a/rds/base/charts/jaeger/templates/agent-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.agent.enabled .Values.agent.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: agent -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/agent-servicemonitor.yaml b/rds/base/charts/jaeger/templates/agent-servicemonitor.yaml deleted file mode 100644 index 10be1e8..0000000 --- a/rds/base/charts/jaeger/templates/agent-servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and (.Values.agent.enabled) (.Values.agent.serviceMonitor.enabled)}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "jaeger.agent.name" . }} - {{- if .Values.agent.serviceMonitor.namespace }} - namespace: {{ .Values.agent.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.agent.serviceMonitor.additionalLabels }} - {{- toYaml .Values.agent.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.agent.serviceMonitor.annotations }} - annotations: - {{- toYaml .Values.agent.serviceMonitor.annotations | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: admin - path: /metrics - {{- if .Values.agent.serviceMonitor.interval }} - interval: {{ .Values.agent.serviceMonitor.interval }} - {{- end }} - {{- if .Values.agent.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.agent.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/component: agent - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/agent-svc.yaml b/rds/base/charts/jaeger/templates/agent-svc.yaml deleted file mode 100644 index 1bb71fe..0000000 --- a/rds/base/charts/jaeger/templates/agent-svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.agent.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "jaeger.agent.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: agent -{{- if .Values.agent.service.annotations }} - annotations: - {{- toYaml .Values.agent.service.annotations | nindent 4 }} -{{- end }} -spec: - ports: - - name: zipkin-compact - port: {{ .Values.agent.service.zipkinThriftPort }} - protocol: UDP - targetPort: zipkin-compact - - name: jaeger-compact - port: {{ .Values.agent.service.compactPort }} - protocol: UDP - targetPort: jaeger-compact - - name: jaeger-binary - port: {{ .Values.agent.service.binaryPort }} - protocol: UDP - targetPort: jaeger-binary - - name: http - port: {{ .Values.agent.service.samplingPort }} - protocol: TCP - targetPort: http - - name: admin - port: 14271 - protocol: TCP - targetPort: admin - type: {{ .Values.agent.service.type }} - selector: - {{- include "jaeger.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: agent -{{- template "loadBalancerSourceRanges" .Values.agent }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/cassandra-schema-job.yaml b/rds/base/charts/jaeger/templates/cassandra-schema-job.yaml deleted file mode 100644 index 95487cf..0000000 --- a/rds/base/charts/jaeger/templates/cassandra-schema-job.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.collector.enabled -}} -{{- if eq .Values.storage.type "cassandra" -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "jaeger.fullname" . }}-cassandra-schema - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: cassandra-schema -{{- if .Values.schema.annotations }} - annotations: - {{- toYaml .Values.schema.annotations | nindent 4 }} -{{- end }} -spec: - activeDeadlineSeconds: {{ .Values.schema.activeDeadlineSeconds }} - template: - metadata: - name: {{ include "jaeger.fullname" . }}-cassandra-schema -{{- if .Values.schema.podAnnotations }} - annotations: - {{- toYaml .Values.schema.podAnnotations | nindent 8 }} -{{- end }} -{{- if .Values.schema.podLabels }} - labels: - {{- toYaml .Values.schema.podLabels | nindent 8 }} -{{- end }} - spec: - securityContext: - {{- toYaml .Values.schema.podSecurityContext | nindent 8 }} - serviceAccountName: {{ template "jaeger.cassandraSchema.serviceAccountName" . }} - {{- with .Values.schema.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ include "jaeger.fullname" . }}-cassandra-schema - image: {{ .Values.schema.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.schema.pullPolicy }} - securityContext: - {{- toYaml .Values.schema.securityContext | nindent 10 }} - env: - {{- if .Values.schema.extraEnv }} - {{- toYaml .Values.schema.extraEnv | nindent 10 }} - {{- end }} - {{ range $key, $value := .Values.schema.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{ end }} - {{- include "cassandra.env" . | nindent 10 }} - - name: CQLSH_HOST - value: {{ template "cassandra.host" . }} - {{ if .Values.storage.cassandra.tls.enabled }} - - name: CQLSH_SSL - value: "--ssl" - {{- end }} - - name: DATACENTER - value: {{ .Values.cassandra.config.dc_name | quote }} - {{- if .Values.storage.cassandra.keyspace }} - - name: KEYSPACE - value: {{ .Values.storage.cassandra.keyspace }} - {{- end }} - resources: - {{- toYaml .Values.schema.resources | nindent 10 }} - volumeMounts: - {{- range .Values.schema.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.storage.cassandra.tls.enabled }} - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/root/.cassandra/ca-cert.pem" - subPath: "ca-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/root/.cassandra/client-cert.pem" - subPath: "client-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/root/.cassandra/client-key.pem" - subPath: "client-key.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/root/.cassandra/cqlshrc" - subPath: "cqlshrc" - readOnly: true - {{- end }} - restartPolicy: OnFailure - volumes: - {{- range .Values.schema.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/cassandra-schema-sa.yaml b/rds/base/charts/jaeger/templates/cassandra-schema-sa.yaml deleted file mode 100644 index 2b3a2fd..0000000 --- a/rds/base/charts/jaeger/templates/cassandra-schema-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq .Values.storage.type "cassandra") .Values.schema.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.cassandraSchema.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: cassandra-schema -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/cassandra-secret.yaml b/rds/base/charts/jaeger/templates/cassandra-secret.yaml deleted file mode 100644 index 4fb7573..0000000 --- a/rds/base/charts/jaeger/templates/cassandra-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if and (eq .Values.storage.type "cassandra") .Values.storage.cassandra.usePassword (not .Values.storage.cassandra.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "jaeger.fullname" . }}-cassandra - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} -type: Opaque -data: - password: {{ .Values.storage.cassandra.password | b64enc | quote }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/collector-configmap.yaml b/rds/base/charts/jaeger/templates/collector-configmap.yaml deleted file mode 100644 index ab88378..0000000 --- a/rds/base/charts/jaeger/templates/collector-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.collector.samplingConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jaeger.fullname" . }}-sampling-strategies - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector -data: - strategies.json: |- -{{ tpl .Values.collector.samplingConfig . | indent 4 }} -{{- end }} - diff --git a/rds/base/charts/jaeger/templates/collector-deploy.yaml b/rds/base/charts/jaeger/templates/collector-deploy.yaml deleted file mode 100644 index 26bc400..0000000 --- a/rds/base/charts/jaeger/templates/collector-deploy.yaml +++ /dev/null @@ -1,181 +0,0 @@ -{{- if .Values.collector.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "jaeger.collector.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector -{{- if .Values.collector.annotations }} - annotations: - {{- toYaml .Values.collector.annotations | nindent 4 }} -{{- end }} -spec: -{{- if not .Values.collector.autoscaling.enabled }} - replicas: {{ .Values.collector.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "jaeger.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: collector - strategy: - type: Recreate - template: - metadata: - annotations: - checksum/config-env: {{ include (print $.Template.BasePath "/collector-configmap.yaml") . | sha256sum }} -{{- if .Values.collector.podAnnotations }} - {{- toYaml .Values.collector.podAnnotations | nindent 8 }} -{{- end }} - labels: - {{- include "jaeger.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: collector -{{- if .Values.collector.podLabels }} - {{- toYaml .Values.collector.podLabels | nindent 8 }} -{{- end }} - spec: - {{- with .Values.collector.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - securityContext: - {{- toYaml .Values.collector.podSecurityContext | nindent 8 }} - serviceAccountName: {{ template "jaeger.collector.serviceAccountName" . }} - {{- with .Values.collector.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ template "jaeger.collector.name" . }} - securityContext: - {{- toYaml .Values.collector.securityContext | nindent 10 }} - image: {{ .Values.collector.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.collector.pullPolicy }} - args: - {{- range $key, $value := .Values.collector.cmdlineParams -}} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end -}} - {{- if not .Values.ingester.enabled -}} - {{- include "storage.cmdArgs" . | nindent 10 }} - {{- end }} - env: - {{- if .Values.collector.service.zipkin }} - - name: COLLECTOR_ZIPKIN_HTTP_PORT - value: {{ .Values.collector.service.zipkin.port | quote }} - {{- end }} - {{- if .Values.ingester.enabled }} - - name: SPAN_STORAGE_TYPE - value: kafka - {{- range $key, $value := .Values.storage.kafka.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if .Values.storage.kafka.extraEnv }} - {{- toYaml .Values.storage.kafka.extraEnv | nindent 10 }} - {{- end }} - - name: KAFKA_PRODUCER_BROKERS - value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.storage.kafka.brokers }} - - name: KAFKA_PRODUCER_TOPIC - value: {{ .Values.storage.kafka.topic }} - - name: KAFKA_PRODUCER_AUTHENTICATION - value: {{ .Values.storage.kafka.authentication }} - {{ else }} - - name: SPAN_STORAGE_TYPE - value: {{ .Values.storage.type }} - {{- include "storage.env" . | nindent 10 }} - {{- end }} - {{- if .Values.collector.samplingConfig}} - - name: SAMPLING_STRATEGIES_FILE - value: /etc/conf/strategies.json - {{- end }} - ports: - - containerPort: {{ .Values.collector.service.grpc.port }} - name: grpc - protocol: TCP - - containerPort: {{ .Values.collector.service.http.port }} - name: http - protocol: TCP - - containerPort: 14269 - name: admin - protocol: TCP - {{- if .Values.collector.service.zipkin }} - - containerPort: {{ .Values.collector.service.zipkin.port }} - name: zipkin - protocol: TCP - {{- end }} - readinessProbe: - httpGet: - path: / - port: admin - livenessProbe: - httpGet: - path: / - port: admin - resources: - {{- toYaml .Values.collector.resources | nindent 10 }} - volumeMounts: - {{- range .Values.collector.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.collector.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.storage.cassandra.tls.enabled }} - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/ca-cert.pem" - subPath: "ca-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-cert.pem" - subPath: "client-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-key.pem" - subPath: "client-key.pem" - readOnly: true - {{- end }} - {{- if .Values.collector.samplingConfig}} - - name: strategies - mountPath: /etc/conf/ - {{- end }} - dnsPolicy: {{ .Values.collector.dnsPolicy }} - restartPolicy: Always - volumes: - {{- range .Values.collector.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.collector.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- if .Values.collector.samplingConfig}} - - name: strategies - configMap: - name: {{ include "jaeger.fullname" . }}-sampling-strategies - {{- end }} - {{- with .Values.collector.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.collector.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.collector.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/collector-hpa.yaml b/rds/base/charts/jaeger/templates/collector-hpa.yaml deleted file mode 100644 index c73f44a..0000000 --- a/rds/base/charts/jaeger/templates/collector-hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.collector.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "jaeger.collector.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "jaeger.collector.name" . }} - minReplicas: {{ .Values.collector.autoscaling.minReplicas }} - maxReplicas: {{ .Values.collector.autoscaling.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.collector.autoscaling.targetCPUUtilizationPercentage | default 80 }} - {{- if .Values.collector.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.collector.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/collector-sa.yaml b/rds/base/charts/jaeger/templates/collector-sa.yaml deleted file mode 100644 index 98b2f06..0000000 --- a/rds/base/charts/jaeger/templates/collector-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.collector.enabled .Values.collector.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.collector.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/collector-servicemonitor.yaml b/rds/base/charts/jaeger/templates/collector-servicemonitor.yaml deleted file mode 100644 index 8e01db1..0000000 --- a/rds/base/charts/jaeger/templates/collector-servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and (.Values.collector.enabled) (.Values.collector.serviceMonitor.enabled)}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "jaeger.collector.name" . }} - {{- if .Values.collector.serviceMonitor.namespace }} - namespace: {{ .Values.collector.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.collector.serviceMonitor.additionalLabels }} - {{- toYaml .Values.collector.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.collector.serviceMonitor.annotations }} - annotations: - {{- toYaml .Values.collector.serviceMonitor.annotations | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: admin - path: /metrics - {{- if .Values.collector.serviceMonitor.interval }} - interval: {{ .Values.collector.serviceMonitor.interval }} - {{- end }} - {{- if .Values.collector.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.collector.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/component: collector - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/collector-svc.yaml b/rds/base/charts/jaeger/templates/collector-svc.yaml deleted file mode 100644 index 165124a..0000000 --- a/rds/base/charts/jaeger/templates/collector-svc.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.collector.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "jaeger.collector.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: collector -{{- if .Values.collector.service.annotations }} - annotations: - {{- toYaml .Values.collector.service.annotations | nindent 4 }} -{{- end }} -spec: - ports: - - name: grpc - port: {{ .Values.collector.service.grpc.port }} -{{- if and (eq .Values.collector.service.type "NodePort") (.Values.collector.service.grpc.nodePort) }} - nodePort: {{ .Values.collector.service.grpc.nodePort }} -{{- end }} - protocol: TCP - targetPort: grpc - - name: http - port: {{ .Values.collector.service.http.port }} -{{- if and (eq .Values.collector.service.type "NodePort") (.Values.collector.service.http.nodePort) }} - nodePort: {{ .Values.collector.service.http.nodePort }} -{{- end }} - protocol: TCP - targetPort: http -{{- if .Values.collector.service.zipkin }} - - name: zipkin - port: {{ .Values.collector.service.zipkin.port }} -{{- if and (eq .Values.collector.service.type "NodePort") (.Values.collector.service.zipkin.nodePort) }} - nodePort: {{ .Values.collector.service.zipkin.nodePort }} -{{- end }} - protocol: TCP - targetPort: zipkin -{{- end }} - - name: admin - port: 14269 - targetPort: admin - selector: - {{- include "jaeger.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: collector - type: {{ .Values.collector.service.type }} -{{- template "loadBalancerSourceRanges" .Values.collector }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/elasticsearch-secret.yaml b/rds/base/charts/jaeger/templates/elasticsearch-secret.yaml deleted file mode 100644 index 14eb7bb..0000000 --- a/rds/base/charts/jaeger/templates/elasticsearch-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if and (eq .Values.storage.type "elasticsearch") .Values.storage.elasticsearch.usePassword (not .Values.storage.elasticsearch.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "jaeger.fullname" . }}-elasticsearch - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} -type: Opaque -data: - password: {{ .Values.storage.elasticsearch.password | b64enc | quote }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/es-index-cleaner-cronjob.yaml b/rds/base/charts/jaeger/templates/es-index-cleaner-cronjob.yaml deleted file mode 100644 index 10da669..0000000 --- a/rds/base/charts/jaeger/templates/es-index-cleaner-cronjob.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.esIndexCleaner.enabled -}} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ include "jaeger.fullname" . }}-es-index-cleaner - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: es-index-cleaner -{{- if .Values.esIndexCleaner.annotations }} - annotations: - {{- toYaml .Values.esIndexCleaner.annotations | nindent 4 }} -{{- end }} -spec: - concurrencyPolicy: "Forbid" - schedule: {{ .Values.esIndexCleaner.schedule | quote }} - successfulJobsHistoryLimit: {{ .Values.esIndexCleaner.successfulJobsHistoryLimit }} - failedJobsHistoryLimit: {{ .Values.esIndexCleaner.failedJobsHistoryLimit }} - suspend: false - jobTemplate: - spec: - template: - metadata: - {{- if .Values.esIndexCleaner.podAnnotations }} - annotations: - {{- toYaml .Values.esIndexCleaner.podAnnotations | nindent 12 }} - {{- end }} - labels: - {{- include "jaeger.selectorLabels" . | nindent 12 }} - app.kubernetes.io/component: es-index-cleaner - {{- if .Values.esIndexCleaner.podLabels }} - {{- toYaml .Values.esIndexCleaner.podLabels | nindent 12 }} - {{- end }} - spec: - serviceAccountName: {{ template "jaeger.esIndexCleaner.serviceAccountName" . }} - {{- with .Values.esIndexCleaner.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - {{- toYaml .Values.esIndexCleaner.podSecurityContext | nindent 12 }} - containers: - - name: {{ include "jaeger.fullname" . }}-es-index-cleaner - securityContext: - {{- toYaml .Values.esIndexCleaner.securityContext | nindent 14 }} - image: "{{ .Values.esIndexCleaner.image }}:{{ .Values.esIndexCleaner.tag }}" - imagePullPolicy: {{ .Values.esIndexCleaner.pullPolicy }} - args: - - {{ .Values.esIndexCleaner.numberOfDays | quote }} - - {{ include "elasticsearch.client.url" . }} - env: - {{- if .Values.esIndexCleaner.extraEnv }} - {{- toYaml .Values.esIndexCleaner.extraEnv | nindent 14 }} - {{- end }} - {{ include "elasticsearch.env" . | nindent 14 }} - resources: - {{- toYaml .Values.esIndexCleaner.resources | nindent 14 }} - volumeMounts: - {{- range .Values.esIndexCleaner.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.esIndexCleaner.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - restartPolicy: OnFailure - {{- with .Values.esIndexCleaner.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.esIndexCleaner.affinity }} - affinity: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.esIndexCleaner.tolerations }} - tolerations: - {{- toYaml . | nindent 12 }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/es-index-cleaner-sa.yaml b/rds/base/charts/jaeger/templates/es-index-cleaner-sa.yaml deleted file mode 100644 index cd26fa7..0000000 --- a/rds/base/charts/jaeger/templates/es-index-cleaner-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.esIndexCleaner.enabled .Values.esIndexCleaner.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.esIndexCleaner.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: es-index-cleaner -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/hotrod-deploy.yaml b/rds/base/charts/jaeger/templates/hotrod-deploy.yaml deleted file mode 100644 index 9dbb9ff..0000000 --- a/rds/base/charts/jaeger/templates/hotrod-deploy.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.hotrod.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jaeger.fullname" . }}-hotrod - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: hotrod -spec: - replicas: {{ .Values.hotrod.replicaCount }} - selector: - matchLabels: - {{- include "jaeger.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: hotrod - template: - metadata: - labels: - {{- include "jaeger.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: hotrod - spec: - securityContext: - {{- toYaml .Values.hotrod.podSecurityContext | nindent 8 }} - serviceAccountName: {{ template "jaeger.hotrod.serviceAccountName" . }} - {{- with .Values.hotrod.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ include "jaeger.fullname" . }}-hotrod - securityContext: - {{- toYaml .Values.hotrod.securityContext | nindent 12 }} - image: {{ .Values.hotrod.image.repository }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.hotrod.image.pullPolicy }} - env: - - name: JAEGER_AGENT_HOST - value: {{ template "jaeger.hotrod.tracing.host" . }} - - name: JAEGER_AGENT_PORT - value: {{ .Values.hotrod.tracing.port | quote }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.hotrod.resources | nindent 12 }} - {{- with .Values.hotrod.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.hotrod.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.hotrod.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/hotrod-ing.yaml b/rds/base/charts/jaeger/templates/hotrod-ing.yaml deleted file mode 100644 index f9a9009..0000000 --- a/rds/base/charts/jaeger/templates/hotrod-ing.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.hotrod.enabled -}} -{{- if .Values.hotrod.ingress.enabled -}} -{{- $serviceName := include "jaeger.fullname" . -}} -{{- $servicePort := .Values.hotrod.service.port -}} -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: {{ include "jaeger.fullname" . }}-hotrod - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: hotrod -{{- if .Values.hotrod.ingress.annotations }} - annotations: - {{- toYaml .Values.hotrod.ingress.annotations | nindent 4 }} -{{- end }} -spec: - rules: - {{- range $host := .Values.hotrod.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }}-hotrod - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.hotrod.ingress.tls }} - tls: - {{- toYaml .Values.hotrod.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/hotrod-sa.yaml b/rds/base/charts/jaeger/templates/hotrod-sa.yaml deleted file mode 100644 index 1674e6d..0000000 --- a/rds/base/charts/jaeger/templates/hotrod-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.hotrod.enabled .Values.hotrod.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.hotrod.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: hotrod -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/hotrod-svc.yaml b/rds/base/charts/jaeger/templates/hotrod-svc.yaml deleted file mode 100644 index 41fdef9..0000000 --- a/rds/base/charts/jaeger/templates/hotrod-svc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.hotrod.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "jaeger.fullname" . }}-hotrod - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: hotrod -{{- if .Values.hotrod.service.annotations }} - annotations: - {{- toYaml .Values.hotrod.service.annotations | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.hotrod.service.type }} - ports: - - name: http - port: {{ .Values.hotrod.service.port }} - protocol: TCP - targetPort: http - selector: - {{- include "jaeger.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: hotrod -{{- template "loadBalancerSourceRanges" .Values.hotrod }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/ingester-deploy.yaml b/rds/base/charts/jaeger/templates/ingester-deploy.yaml deleted file mode 100644 index 6532f09..0000000 --- a/rds/base/charts/jaeger/templates/ingester-deploy.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{- if .Values.ingester.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "jaeger.fullname" . }}-ingester - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: ingester -{{- if .Values.ingester.annotations }} - annotations: - {{- toYaml .Values.ingester.annotations | nindent 4 }} -{{- end }} -spec: -{{- if not .Values.ingester.autoscaling.enabled }} - replicas: {{ .Values.ingester.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "jaeger.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: ingester - strategy: - type: Recreate - template: - metadata: - annotations: -{{- if .Values.ingester.podAnnotations }} - {{- toYaml .Values.ingester.podAnnotations | nindent 8 }} -{{- end }} - labels: - {{- include "jaeger.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: ingester -{{- if .Values.ingester.podLabels }} - {{- toYaml .Values.ingester.podLabels | nindent 8 }} -{{- end }} - spec: - securityContext: - {{- toYaml .Values.ingester.podSecurityContext | nindent 8 }} - {{- with .Values.ingester.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - {{- toYaml .Values.ingester.nodeSelector | nindent 8 }} -{{- if .Values.ingester.tolerations }} - tolerations: - {{- toYaml .Values.ingester.tolerations | nindent 8 }} -{{- end }} - containers: - - name: {{ include "jaeger.fullname" . }}-ingester - securityContext: - {{- toYaml .Values.ingester.securityContext | nindent 10 }} - image: {{ .Values.ingester.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.ingester.pullPolicy }} - args: - {{- range $key, $value := .Values.ingester.cmdlineParams }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- include "storage.cmdArgs" . | nindent 10 }} - env: - {{- if .Values.ingester.extraEnv }} - {{- toYaml .Values.ingester.extraEnv | nindent 10 }} - {{- end }} - - name: SPAN_STORAGE_TYPE - value: {{ .Values.storage.type }} - {{- include "storage.env" . | nindent 10 }} - - name: KAFKA_CONSUMER_BROKERS - value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.storage.kafka.brokers }} - - name: KAFKA_CONSUMER_TOPIC - value: {{ .Values.storage.kafka.topic }} - - name: KAFKA_CONSUMER_AUTHENTICATION - value: {{ .Values.storage.kafka.authentication }} - ports: - - containerPort: 14270 - name: admin - protocol: TCP - readinessProbe: - httpGet: - path: / - port: admin - livenessProbe: - httpGet: - path: / - port: admin - resources: - {{- toYaml .Values.ingester.resources | nindent 10 }} - volumeMounts: - {{- range .Values.ingester.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.ingester.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.storage.cassandra.tls.enabled }} - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/ca-cert.pem" - subPath: "ca-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-cert.pem" - subPath: "client-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-key.pem" - subPath: "client-key.pem" - readOnly: true - {{- end }} - dnsPolicy: {{ .Values.ingester.dnsPolicy }} - restartPolicy: Always - volumes: - {{- range .Values.ingester.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.ingester.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/ingester-hpa.yaml b/rds/base/charts/jaeger/templates/ingester-hpa.yaml deleted file mode 100644 index 8cd9298..0000000 --- a/rds/base/charts/jaeger/templates/ingester-hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.ingester.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "jaeger.ingester.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: ingester -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "jaeger.ingester.name" . }} - minReplicas: {{ .Values.ingester.autoscaling.minReplicas }} - maxReplicas: {{ .Values.ingester.autoscaling.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.ingester.autoscaling.targetCPUUtilizationPercentage | default 80 }} - {{- if .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.ingester.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/ingester-sa.yaml b/rds/base/charts/jaeger/templates/ingester-sa.yaml deleted file mode 100644 index 9ea02b5..0000000 --- a/rds/base/charts/jaeger/templates/ingester-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.ingester.enabled .Values.ingester.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.ingester.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: ingester -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/ingester-servicemonitor.yaml b/rds/base/charts/jaeger/templates/ingester-servicemonitor.yaml deleted file mode 100644 index 1897c1e..0000000 --- a/rds/base/charts/jaeger/templates/ingester-servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and (.Values.ingester.enabled) (.Values.ingester.serviceMonitor.enabled)}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "jaeger.ingester.name" . }} - {{- if .Values.ingester.serviceMonitor.namespace }} - namespace: {{ .Values.ingester.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: ingester - {{- if .Values.ingester.serviceMonitor.additionalLabels }} - {{- toYaml .Values.ingester.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.ingester.serviceMonitor.annotations }} - annotations: - {{- toYaml .Values.ingester.serviceMonitor.annotations | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: admin - path: /metrics - {{- if .Values.ingester.serviceMonitor.interval }} - interval: {{ .Values.ingester.serviceMonitor.interval }} - {{- end }} - {{- if .Values.ingester.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.ingester.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/component: ingester - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/ingester-svc.yaml b/rds/base/charts/jaeger/templates/ingester-svc.yaml deleted file mode 100644 index 659f07b..0000000 --- a/rds/base/charts/jaeger/templates/ingester-svc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.ingester.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "jaeger.ingester.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: ingester -{{- if .Values.ingester.service.annotations }} - annotations: - {{- toYaml .Values.ingester.service.annotations | nindent 4 }} -{{- end }} -spec: - ports: - - name: admin - port: 14270 - targetPort: admin - selector: - {{- include "jaeger.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: ingester - type: {{ .Values.ingester.service.type }} -{{- template "loadBalancerSourceRanges" .Values.ingester }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/query-configmap.yaml b/rds/base/charts/jaeger/templates/query-configmap.yaml deleted file mode 100644 index 3643c73..0000000 --- a/rds/base/charts/jaeger/templates/query-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.query.config }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jaeger.fullname" . }}-ui-configuration - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query -data: - query-ui-config.json: |- -{{ tpl .Values.query.config . | indent 4 }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/query-deploy.yaml b/rds/base/charts/jaeger/templates/query-deploy.yaml deleted file mode 100644 index 90f53e2..0000000 --- a/rds/base/charts/jaeger/templates/query-deploy.yaml +++ /dev/null @@ -1,212 +0,0 @@ -{{- if .Values.query.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "jaeger.query.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query -{{- if .Values.query.annotations }} - annotations: - {{- toYaml .Values.query.annotations | nindent 4 }} -{{- end }} -spec: - replicas: {{ .Values.query.replicaCount }} - selector: - matchLabels: - {{- include "jaeger.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: query - strategy: - type: Recreate - template: - metadata: -{{- if .Values.query.podAnnotations }} - annotations: - {{- toYaml .Values.query.podAnnotations | nindent 8 }} -{{- end }} - labels: - {{- include "jaeger.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: query -{{- if .Values.query.podLabels }} - {{- toYaml .Values.query.podLabels | nindent 8 }} -{{- end }} - spec: - {{- with .Values.query.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - securityContext: - {{- toYaml .Values.query.podSecurityContext | nindent 8 }} - serviceAccountName: {{ template "jaeger.query.serviceAccountName" . }} - {{- with .Values.query.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ template "jaeger.query.name" . }} - securityContext: - {{- toYaml .Values.query.securityContext | nindent 10 }} - image: {{ .Values.query.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.query.pullPolicy }} - args: - {{- range $key, $value := .Values.query.cmdlineParams }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- include "storage.cmdArgs" . | nindent 10 }} - env: - {{- if .Values.query.extraEnv }} - {{- toYaml .Values.query.extraEnv | nindent 10 }} - {{- end }} - - name: SPAN_STORAGE_TYPE - value: {{ .Values.storage.type }} - {{- include "storage.env" . | nindent 10 }} - {{- if .Values.query.basePath }} - - name: QUERY_BASE_PATH - value: {{ .Values.query.basePath | quote }} - {{- end }} - - name: JAEGER_AGENT_PORT - value: "6831" - {{- if .Values.query.config}} - - name: QUERY_UI_CONFIG - value: /etc/conf/query-ui-config.json - {{- end }} - ports: - - name: query - containerPort: 16686 - protocol: TCP - - name: admin - containerPort: 16687 - protocol: TCP - resources: - {{- toYaml .Values.query.resources | nindent 10 }} - volumeMounts: - {{- range .Values.query.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.query.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.storage.cassandra.tls.enabled }} - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/ca-cert.pem" - subPath: "ca-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-cert.pem" - subPath: "client-cert.pem" - readOnly: true - - name: {{ .Values.storage.cassandra.tls.secretName }} - mountPath: "/cassandra-tls/client-key.pem" - subPath: "client-key.pem" - readOnly: true - {{- end }} - {{- if .Values.query.config}} - - name: ui-configuration - mountPath: /etc/conf/ - {{- end }} - livenessProbe: - httpGet: - path: / - port: admin - readinessProbe: - httpGet: - path: / - port: admin -{{- if .Values.query.agentSidecar.enabled }} - - name: {{ template "jaeger.agent.name" . }}-sidecar - securityContext: - {{- toYaml .Values.query.securityContext | nindent 10 }} - image: {{ .Values.agent.image }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.agent.pullPolicy }} - args: - {{- range $key, $value := .Values.agent.cmdlineParams }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - env: - {{- if not (hasKey .Values.agent.cmdlineParams "reporter.grpc.host-port") }} - - name: REPORTER_GRPC_HOST_PORT - value: {{ include "jaeger.collector.name" . }}:{{ .Values.collector.service.grpc.port }} - {{- end }} - ports: - - name: admin - containerPort: 14271 - protocol: TCP - volumeMounts: - {{- range .Values.agent.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.agent.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - livenessProbe: - httpGet: - path: / - port: admin - readinessProbe: - httpGet: - path: / - port: admin -{{- end }} - dnsPolicy: {{ .Values.query.dnsPolicy }} - restartPolicy: Always - volumes: - {{- range .Values.query.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.query.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- if .Values.query.config}} - - name: ui-configuration - configMap: - name: {{ include "jaeger.fullname" . }}-ui-configuration - {{- end }} -{{- if .Values.query.agentSidecar.enabled }} - {{- range .Values.agent.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- range .Values.agent.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} -{{- end }} - {{- with .Values.query.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.query.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/query-ing.yaml b/rds/base/charts/jaeger/templates/query-ing.yaml deleted file mode 100644 index 88ba4eb..0000000 --- a/rds/base/charts/jaeger/templates/query-ing.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.query.ingress.enabled -}} -{{- $servicePort := .Values.query.service.port -}} -{{- $basePath := .Values.query.basePath -}} -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: {{ template "jaeger.query.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.query.ingress.annotations }} - annotations: - {{- toYaml .Values.query.ingress.annotations | nindent 4 }} - {{- end }} -spec: - rules: - {{- range $host := .Values.query.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ $basePath }} - backend: - serviceName: {{ template "jaeger.query.name" $ }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.query.ingress.tls }} - tls: - {{- toYaml .Values.query.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/query-sa.yaml b/rds/base/charts/jaeger/templates/query-sa.yaml deleted file mode 100644 index 32171bc..0000000 --- a/rds/base/charts/jaeger/templates/query-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.query.enabled .Values.query.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.query.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/query-servicemonitor.yaml b/rds/base/charts/jaeger/templates/query-servicemonitor.yaml deleted file mode 100644 index 12c8cfe..0000000 --- a/rds/base/charts/jaeger/templates/query-servicemonitor.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and (.Values.query.enabled) (.Values.query.serviceMonitor.enabled)}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "jaeger.query.name" . }} - {{- if .Values.query.serviceMonitor.namespace }} - namespace: {{ .Values.query.serviceMonitor.namespace }} - {{- else }} - {{- end }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.query.serviceMonitor.additionalLabels }} - {{- toYaml .Values.query.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.query.serviceMonitor.annotations }} - annotations: - {{- toYaml .Values.query.serviceMonitor.annotations | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: admin - path: /metrics - {{- if .Values.query.serviceMonitor.interval }} - interval: {{ .Values.query.serviceMonitor.interval }} - {{- end }} - {{- if .Values.query.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.query.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/component: query - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/rds/base/charts/jaeger/templates/query-svc.yaml b/rds/base/charts/jaeger/templates/query-svc.yaml deleted file mode 100644 index 6a5095f..0000000 --- a/rds/base/charts/jaeger/templates/query-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.query.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "jaeger.query.name" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: query -{{- if .Values.query.service.annotations }} - annotations: - {{- toYaml .Values.query.service.annotations | nindent 4 }} -{{- end }} -spec: - ports: - - name: query - port: {{ .Values.query.service.port }} - protocol: TCP - targetPort: query -{{- if and (eq .Values.query.service.type "NodePort") (.Values.query.service.nodePort) }} - nodePort: {{ .Values.query.service.nodePort }} -{{- end }} - - name: admin - port: 16687 - protocol: TCP - targetPort: admin - selector: - {{- include "jaeger.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: query - type: {{ .Values.query.service.type }} -{{- template "loadBalancerSourceRanges" .Values.query }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/spark-cronjob.yaml b/rds/base/charts/jaeger/templates/spark-cronjob.yaml deleted file mode 100644 index 1b99725..0000000 --- a/rds/base/charts/jaeger/templates/spark-cronjob.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.spark.enabled -}} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ include "jaeger.fullname" . }}-spark - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: spark -{{- if .Values.spark.annotations }} - annotations: - {{- toYaml .Values.spark.annotations | nindent 4 }} -{{- end }} -spec: - schedule: {{ .Values.spark.schedule | quote }} - successfulJobsHistoryLimit: {{ .Values.spark.successfulJobsHistoryLimit }} - failedJobsHistoryLimit: {{ .Values.spark.failedJobsHistoryLimit }} - jobTemplate: - spec: - template: - metadata: - labels: - {{- include "jaeger.selectorLabels" . | nindent 12 }} - app.kubernetes.io/component: spark - {{- if .Values.spark.podLabels }} - {{- toYaml .Values.spark.podLabels | nindent 12 }} - {{- end }} - spec: - serviceAccountName: {{ template "jaeger.spark.serviceAccountName" . }} - {{- with .Values.spark.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - containers: - - name: {{ include "jaeger.fullname" . }}-spark - image: {{ .Values.spark.image }}:{{ .Values.spark.tag }} - imagePullPolicy: {{ .Values.spark.pullPolicy }} - args: - {{- range $key, $value := .Values.spark.cmdlineParams }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - env: - - name: STORAGE - value: {{ .Values.storage.type }} - {{- include "storage.env" . | nindent 14 }} - {{- if .Values.spark.extraEnv }} - {{- toYaml .Values.spark.extraEnv | nindent 14 }} - {{- end }} - - name: CASSANDRA_CONTACT_POINTS - value: {{ include "cassandra.contact_points" . }} - - name: ES_NODES - value: {{ include "elasticsearch.client.url" . }} - - name: ES_NODES_WAN_ONLY - value: {{ .Values.storage.elasticsearch.nodesWanOnly | quote }} - resources: - {{- toYaml .Values.spark.resources | nindent 14 }} - volumeMounts: - {{- range .Values.spark.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.spark.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - restartPolicy: OnFailure - volumes: - {{- range .Values.spark.extraConfigmapMounts }} - - name: {{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- range .Values.spark.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- with .Values.spark.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.spark.affinity }} - affinity: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.spark.tolerations }} - tolerations: - {{- toYaml . | nindent 12 }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/jaeger/templates/spark-sa.yaml b/rds/base/charts/jaeger/templates/spark-sa.yaml deleted file mode 100644 index 6ac0732..0000000 --- a/rds/base/charts/jaeger/templates/spark-sa.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.spark.enabled .Values.spark.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "jaeger.spark.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "jaeger.labels" . | nindent 4 }} - app.kubernetes.io/component: spark -{{- end -}} diff --git a/rds/base/charts/jaeger/values.yaml b/rds/base/charts/jaeger/values.yaml deleted file mode 100644 index 4f70601..0000000 --- a/rds/base/charts/jaeger/values.yaml +++ /dev/null @@ -1,538 +0,0 @@ -# Default values for jaeger. -# This is a YAML-formatted file. -# Jaeger values are grouped by component. Cassandra values override subchart values - -provisionDataStore: - cassandra: true - elasticsearch: false - kafka: false - -tag: 1.18.0 - -nameOverride: "" -fullnameOverride: "" - -storage: - # allowed values (cassandra, elasticsearch) - type: cassandra - cassandra: - host: cassandra - port: 9042 - tls: - enabled: false - secretName: cassandra-tls-secret - user: user - usePassword: true - password: password - keyspace: jaeger_v1_test - ## Use existing secret (ignores previous password) - # existingSecret: - ## Cassandra related env vars to be configured on the concerned components - extraEnv: [] - # - name: CASSANDRA_SERVERS - # value: cassandra - # - name: CASSANDRA_PORT - # value: 9042 - # - name: CASSANDRA_KEYSPACE - # value: jaeger_v1_test - # - name: CASSANDRA_TLS_ENABLED - # value: false - ## Cassandra related cmd line opts to be configured on the concerned components - cmdlineParams: {} - # cassandra.servers: cassandra - # cassandra.port: 9042 - # cassandra.keyspace: jaeger_v1_test - # cassandra.tls.enabled: false - elasticsearch: - scheme: http - host: elasticsearch-master - port: 9200 - user: elastic - usePassword: true - password: changeme - # indexPrefix: test - ## Use existing secret (ignores previous password) - # existingSecret: - # existingSecretKey: - nodesWanOnly: false - extraEnv: [] - ## ES related env vars to be configured on the concerned components - # - name: ES_SERVER_URLS - # value: http://elasticsearch-master:9200 - # - name: ES_USERNAME - # value: elastic - # - name: ES_INDEX_PREFIX - # value: test - ## ES related cmd line opts to be configured on the concerned components - cmdlineParams: {} - # es.server-urls: http://elasticsearch-master:9200 - # es.username: elastic - # es.index-prefix: test - kafka: - brokers: - - kafka:9092 - topic: jaeger_v1_test - authentication: none - extraEnv: [] - -# Begin: Override values on the Cassandra subchart to customize for Jaeger -cassandra: - persistence: - # To enable persistence, please see the documentation for the Cassandra chart - enabled: false - config: - cluster_name: jaeger - seed_size: 1 - dc_name: dc1 - rack_name: rack1 - endpoint_snitch: GossipingPropertyFileSnitch -# End: Override values on the Cassandra subchart to customize for Jaeger - -# Begin: Override values on the Kafka subchart to customize for Jaeger -kafka: - replicas: 1 - configurationOverrides: - "auto.create.topics.enable": true - zookeeper: - replicaCount: 1 -# End: Override values on the Kafka subchart to customize for Jaeger - -# Begin: Default values for the various components of Jaeger -# This chart has been based on the Kubernetes integration found in the following repo: -# https://github.com/jaegertracing/jaeger-kubernetes/blob/master/production/jaeger-production-template.yml -# -# This is the jaeger-cassandra-schema Job which sets up the Cassandra schema for -# use by Jaeger -schema: - annotations: {} - image: jaegertracing/jaeger-cassandra-schema - imagePullSecrets: [] - pullPolicy: IfNotPresent - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi - serviceAccount: - create: true - name: - podAnnotations: {} - podLabels: {} - securityContext: {} - podSecurityContext: {} - ## Deadline for cassandra schema creation job - activeDeadlineSeconds: 300 - extraEnv: [] - # - name: MODE - # value: prod - # - name: TRACE_TTL - # value: 172800 - # - name: DEPENDENCIES_TTL - # value: 0 - -# For configurable values of the elasticsearch if provisioned, please see: -# https://github.com/elastic/helm-charts/tree/master/elasticsearch#configuration -elasticsearch: {} - -ingester: - enabled: false - podSecurityContext: {} - securityContext: {} - annotations: {} - image: jaegertracing/jaeger-ingester - imagePullSecrets: [] - pullPolicy: IfNotPresent - dnsPolicy: ClusterFirst - cmdlineParams: {} - replicaCount: 1 - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 10 - # targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - service: - annotations: {} - # List of IP ranges that are allowed to access the load balancer (if supported) - loadBalancerSourceRanges: [] - type: ClusterIP - resources: {} - # limits: - # cpu: 1 - # memory: 1Gi - # requests: - # cpu: 500m - # memory: 512Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - podAnnotations: {} - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - extraSecretMounts: [] - extraConfigmapMounts: [] - - serviceMonitor: - enabled: false - additionalLabels: {} - -agent: - podSecurityContext: {} - securityContext: {} - enabled: true - annotations: {} - image: jaegertracing/jaeger-agent - imagePullSecrets: [] - pullPolicy: IfNotPresent - cmdlineParams: {} - extraEnv: [] - daemonset: - useHostPort: false - service: - annotations: {} - # List of IP ranges that are allowed to access the load balancer (if supported) - loadBalancerSourceRanges: [] - type: ClusterIP - # zipkinThriftPort :accept zipkin.thrift over compact thrift protocol - zipkinThriftPort: 5775 - # compactPort: accept jaeger.thrift over compact thrift protocol - compactPort: 6831 - # binaryPort: accept jaeger.thrift over binary thrift protocol - binaryPort: 6832 - # samplingPort: (HTTP) serve configs, sampling strategies - samplingPort: 5778 - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - podAnnotations: {} - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - extraSecretMounts: [] - # - name: jaeger-tls - # mountPath: /tls - # subPath: "" - # secretName: jaeger-tls - # readOnly: true - extraConfigmapMounts: [] - # - name: jaeger-config - # mountPath: /config - # subPath: "" - # configMap: jaeger-config - # readOnly: true - useHostNetwork: false - dnsPolicy: ClusterFirst - priorityClassName: "" - - serviceMonitor: - enabled: false - additionalLabels: {} - -collector: - podSecurityContext: {} - securityContext: {} - enabled: true - annotations: {} - image: jaegertracing/jaeger-collector - imagePullSecrets: [] - pullPolicy: IfNotPresent - dnsPolicy: ClusterFirst - cmdlineParams: {} - replicaCount: 1 - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 10 - # targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - service: - annotations: {} - # List of IP ranges that are allowed to access the load balancer (if supported) - loadBalancerSourceRanges: [] - type: ClusterIP - grpc: - port: 14250 - # nodePort: - # httpPort: can accept spans directly from clients in jaeger.thrift format - http: - port: 14268 - # nodePort: - # can accept Zipkin spans in JSON or Thrift - zipkin: {} - # port: 9411 - # nodePort: - resources: {} - # limits: - # cpu: 1 - # memory: 1Gi - # requests: - # cpu: 500m - # memory: 512Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - podAnnotations: {} - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - extraSecretMounts: [] - # - name: jaeger-tls - # mountPath: /tls - # subPath: "" - # secretName: jaeger-tls - # readOnly: true - extraConfigmapMounts: [] - # - name: jaeger-config - # mountPath: /config - # subPath: "" - # configMap: jaeger-config - # readOnly: true - # samplingConfig: |- - # { - # "service_strategies": [ - # { - # "service": "foo", - # "type": "probabilistic", - # "param": 0.8, - # "operation_strategies": [ - # { - # "operation": "op1", - # "type": "probabilistic", - # "param": 0.2 - # }, - # { - # "operation": "op2", - # "type": "probabilistic", - # "param": 0.4 - # } - # ] - # }, - # { - # "service": "bar", - # "type": "ratelimiting", - # "param": 5 - # } - # ], - # "default_strategy": { - # "type": "probabilistic", - # "param": 1 - # } - # } - priorityClassName: "" - serviceMonitor: - enabled: false - additionalLabels: {} - -query: - enabled: true - podSecurityContext: {} - securityContext: {} - agentSidecar: - enabled: true - annotations: {} - image: jaegertracing/jaeger-query - imagePullSecrets: [] - pullPolicy: IfNotPresent - dnsPolicy: ClusterFirst - cmdlineParams: {} - extraEnv: [] - replicaCount: 1 - service: - annotations: {} - type: ClusterIP - # List of IP ranges that are allowed to access the load balancer (if supported) - loadBalancerSourceRanges: [] - port: 80 - # Specify a specific node port when type is NodePort - # nodePort: 32500 - ingress: - enabled: false - annotations: {} - # Used to create an Ingress record. - # hosts: - # - chart-example.local - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - podAnnotations: {} - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - extraConfigmapMounts: [] - # - name: jaeger-config - # mountPath: /config - # subPath: "" - # configMap: jaeger-config - # readOnly: true - priorityClassName: "" - serviceMonitor: - enabled: false - additionalLabels: {} - # config: |- - # { - # "dependencies": { - # "dagMaxNumServices": 200, - # "menuEnabled": true - # }, - # "archiveEnabled": true, - # "tracking": { - # "gaID": "UA-000000-2", - # "trackErrors": true - # } - # } - -spark: - enabled: false - annotations: {} - image: jaegertracing/spark-dependencies - imagePullSecrets: [] - tag: latest - pullPolicy: Always - cmdlineParams: {} - extraEnv: [] - schedule: "49 23 * * *" - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - extraSecretMounts: [] - extraConfigmapMounts: [] - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - -esIndexCleaner: - enabled: false - securityContext: - runAsUser: 1000 - podSecurityContext: - runAsUser: 1000 - annotations: {} - image: jaegertracing/jaeger-es-index-cleaner - imagePullSecrets: [] - tag: latest - pullPolicy: Always - cmdlineParams: {} - extraEnv: [] - schedule: "55 23 * * *" - successfulJobsHistoryLimit: 3 - failedJobsHistoryLimit: 3 - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi - numberOfDays: 7 - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - extraSecretMounts: [] - extraConfigmapMounts: [] - podAnnotations: {} - ## Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} -# End: Default values for the various components of Jaeger - -hotrod: - enabled: false - podSecurityContext: {} - securityContext: {} - replicaCount: 1 - image: - repository: jaegertracing/example-hotrod - pullPolicy: Always - pullSecrets: [] - service: - annotations: {} - name: hotrod - type: ClusterIP - # List of IP ranges that are allowed to access the load balancer (if supported) - loadBalancerSourceRanges: [] - port: 80 - ingress: - enabled: false - # Used to create Ingress record (should be used with service.type: ClusterIP). - hosts: - - chart-example.local - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - serviceAccount: - create: true - name: - nodeSelector: {} - tolerations: [] - affinity: {} - tracing: - host: null - port: 6831 diff --git a/rds/base/charts/layer0_describo/.helmignore b/rds/base/charts/layer0_describo/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer0_describo/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer0_describo/Chart.lock b/rds/base/charts/layer0_describo/Chart.lock deleted file mode 100644 index 0a9e907..0000000 --- a/rds/base/charts/layer0_describo/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: file://../postgresql - version: 10.14.3 -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:812d36067d088cad7eeb94005e23171d9532f1dc2b8f23bd633db1b795c4a577 -generated: "2023-02-07T10:30:53.443729026+01:00" diff --git a/rds/base/charts/layer0_describo/Chart.yaml b/rds/base/charts/layer0_describo/Chart.yaml deleted file mode 100644 index ded3346..0000000 --- a/rds/base/charts/layer0_describo/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer0-describo -version: 0.2.9 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - describo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: postgresql - version: 10.14.3 - repository: file://../postgresql - tags: - - storage - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer0-describo-common - diff --git a/rds/base/charts/layer0_describo/charts/common-0.1.2.tgz b/rds/base/charts/layer0_describo/charts/common-0.1.2.tgz deleted file mode 100644 index b3acafe..0000000 Binary files a/rds/base/charts/layer0_describo/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer0_describo/charts/postgresql-10.14.3.tgz b/rds/base/charts/layer0_describo/charts/postgresql-10.14.3.tgz deleted file mode 100644 index e436438..0000000 Binary files a/rds/base/charts/layer0_describo/charts/postgresql-10.14.3.tgz and /dev/null differ diff --git a/rds/base/charts/layer0_describo/defaults/nginx.conf b/rds/base/charts/layer0_describo/defaults/nginx.conf deleted file mode 100644 index 68e4d86..0000000 --- a/rds/base/charts/layer0_describo/defaults/nginx.conf +++ /dev/null @@ -1,82 +0,0 @@ -upstream api_socket_nodes { - ip_hash; - server 127.0.0.1:8080; -} - -server { - listen 80; - listen [::]:80; - server_name 127.0.0.1; - - proxy_buffering off; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - try_files $uri $uri/ /index.html; - } - - location ~ ^/api/(.*) { - #resolver 127.0.0.11 valid=30s; - set $api 127.0.0.1; - add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - #proxy_set_header Authorization $http_authorization; - # auth_request_set $token $upstream_http_x_auth_request_access_token; - # add_header 'Authorization' $token; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_send_timeout 120; - proxy_read_timeout 120; - send_timeout 120; - proxy_pass http://$api:8080/$1$is_args$args; - } - - location /socket.io/ { - proxy_http_version 1.1; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://api_socket_nodes/socket.io/; - } - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} diff --git a/rds/base/charts/layer0_describo/defaults/type-definitions-lookup.json b/rds/base/charts/layer0_describo/defaults/type-definitions-lookup.json deleted file mode 100644 index d3a628c..0000000 --- a/rds/base/charts/layer0_describo/defaults/type-definitions-lookup.json +++ /dev/null @@ -1,16 +0,0 @@ -[ - { "name": "Person", "help": "A person (alive, dead, undead, or fictional)." }, - { "name": "Thing", "help": "The most generic type of item." }, - { - "name": "Organization", - "help": "An organization such as a school, NGO, corporation, club, etc." - }, - { - "name": "CreativeWork", - "help": "The most generic kind of creative work, including books, movies, photographs, software programs, etc." - }, - { - "name": "Dataset", - "help": "A body of structured information describing some topic(s) of interest." - } -] diff --git a/rds/base/charts/layer0_describo/defaults/type-definitions.json b/rds/base/charts/layer0_describo/defaults/type-definitions.json deleted file mode 100644 index 5fa4d81..0000000 --- a/rds/base/charts/layer0_describo/defaults/type-definitions.json +++ /dev/null @@ -1,200 +0,0 @@ -{ - "Person": { - "id": "http://schema.org/Person", - "name": "Person", - "help": "A person (alive, dead, undead, or fictional).", - "subClassOf": [ - "Thing" - ], - "allowAdditionalProperties": false, - "inputs": [ - { - "id": "http://schema.org/address", - "name": "address", - "help": "Physical address of the item.", - "multiple": false, - "type": [ - "Text" - ] - }, - { - "id": "http://schema.org/affiliation", - "name": "affiliation", - "help": "An organization that this person is affiliated with. For example, a school/university, a club, or a team.", - "multiple": false, - "type": [ - "Organization" - ] - }, - { - "id": "http://schema.org/email", - "name": "email", - "help": "Email address.", - "multiple": false, - "type": [ - "Text" - ] - }, - { - "id": "http://schema.org/familyName", - "name": "familyName", - "help": "Family name. In the U.S., the last name of a Person.", - "multiple": false, - "type": [ - "Text" - ] - }, - { - "id": "http://schema.org/givenName", - "name": "givenName", - "help": "Given name. In the U.S., the first name of a Person.", - "multiple": false, - "type": [ - "Text" - ] - } - ], - "linksTo": [ - "Organization" - ], - "hierarchy": [ - "Person", - "Thing" - ] - }, - "Thing": { - "id": "http://schema.org/Thing", - "name": "Thing", - "help": "The most generic type of item.", - "subClassOf": [], - "allowAdditionalProperties": false, - "inputs": [ - { - "id": "http://schema.org/description", - "name": "description", - "help": "A description of the item.", - "multiple": false, - "type": [ - "Text" - ] - }, - { - "id": "http://schema.org/name", - "name": "name", - "help": "The name of the item.", - "multiple": false, - "type": [ - "Text" - ] - } - ], - "linksTo": [ - "CreativeWork", - "Organization", - "Person" - ], - "hierarchy": [ - "Thing" - ] - }, - "Organization": { - "id": "http://schema.org/Organization", - "name": "Organization", - "help": "An organization such as a school, NGO, corporation, club, etc.", - "subClassOf": [ - "Thing" - ], - "allowAdditionalProperties": false, - "inputs": [ - { - "id": "http://schema.org/address", - "name": "address", - "help": "Physical address of the item.", - "multiple": false, - "type": [ - "Text" - ] - } - ], - "linksTo": [], - "hierarchy": [ - "Organization", - "Thing" - ] - }, - "CreativeWork": { - "id": "http://schema.org/CreativeWork", - "name": "CreativeWork", - "help": "The most generic kind of creative work, including books, movies, photographs, software programs, etc.", - "subClassOf": [ - "Thing" - ], - "allowAdditionalProperties": false, - "inputs": [ - { - "id": "http://schema.org/author", - "name": "creator", - "help": "The author of this content or rating. Please note that author is special in that HTML 5 provides a special mechanism for indicating authorship via the rel tag. That is equivalent to this and may be used interchangeably. ", - "multiple": false, - "type": [ - "Person", - "Organization" - ] - } - ], - "linksTo": [ - "Organization", - "Person" - ], - "hierarchy": [ - "CreativeWork", - "Thing" - ] - }, - "Dataset": { - "id": "http://schema.org/Dataset", - "name": "Dataset", - "help": "A body of structured information describing some topic(s) of interest.", - "subClassOf": [ - "CreativeWork" - ], - "allowAdditionalProperties": false, - "inputs": [ - { - "id": "http://schema.org/datePublished", - "name": "datePublished", - "help": "Date of first broadcast/publication.", - "multiple": false, - "type": [ - "Date" - ] - }, - { - "id": "http://schema.org/zenodocategory", - "name": "zenodocategory", - "help": "The Zenodo Category: [ 'publication/book', 'publication section', '...', 'dataset', 'image/plot', '...' ]", - "multiple": false, - "type": [ - "Text" - ] - }, - { - "id": "http://schema.org/osfcategory", - "name": "osfcategory", - "help": "The OSF Category: [ 'analysis', 'communication', '...', 'procedure', 'instrumentation', '...' ]", - "multiple": false, - "type": [ - "Text" - ] - } - ], - "linksTo": [ - "CreativeWork" - ], - "hierarchy": [ - "Dataset", - "CreativeWork", - "Thing" - ] - } -} \ No newline at end of file diff --git a/rds/base/charts/layer0_describo/templates/NOTES.txt b/rds/base/charts/layer0_describo/templates/NOTES.txt deleted file mode 100644 index e670bfc..0000000 --- a/rds/base/charts/layer0_describo/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "layer0_describo.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "layer0_describo.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "layer0_describo.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "layer0_describo.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/rds/base/charts/layer0_describo/templates/_helpers.tpl b/rds/base/charts/layer0_describo/templates/_helpers.tpl deleted file mode 100644 index 8b726c2..0000000 --- a/rds/base/charts/layer0_describo/templates/_helpers.tpl +++ /dev/null @@ -1,91 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer0_describo.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer0_describo.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer0_describo.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper describo image name -*/}} -{{- define "image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- if .repository -}} -{{- $repositoryName = .repository -}} -{{- end -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.image }} - {{- if .global.image.registry }} - {{- $registryName = .global.image.registry -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper describo image name -*/}} -{{- define "layer0_describo.apiImage" -}} -{{- include "image" (dict "imageRoot" .Values.image "global" .Values.global "repository" .Values.image.apiRepository) -}} -{{- end -}} - -{{- define "layer0_describo.uiImage" -}} -{{ include "image" (dict "imageRoot" .Values.image "global" .Values.global "repository" .Values.image.uiRepository ) }} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer0_describo.labels" -}} -app.kubernetes.io/name: {{ include "layer0_describo.name" . }} -helm.sh/chart: {{ include "layer0_describo.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - -{{- define "layer0_describo.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain }} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain }} -{{- else }}localhost{{- end -}} -{{- end -}} diff --git a/rds/base/charts/layer0_describo/templates/configmap.yaml b/rds/base/charts/layer0_describo/templates/configmap.yaml deleted file mode 100644 index 7d08a0d..0000000 --- a/rds/base/charts/layer0_describo/templates/configmap.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- $domains := .Values.domains -}} - {{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} - {{- end -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: describoconfig - namespace: {{ .Release.Namespace }} -data: - DB_HOST: {{ .Values.postgresql.fullnameOverride | quote }} - DB_PORT: {{ .Values.postgresql.service.port | quote }} - DB_USER: {{ .Values.postgresql.postgresqlUsername | quote }} - DB_PASSWORD: {{ .Values.postgresql.postgresqlPassword | quote }} - DB_DATABASE: {{ .Values.postgresql.postgresqlDatabase | quote }} - NODE_ENV: "production" - LOG_LEVEL: {{ .Values.environment.LOG_LEVEL | quote }} - ADMIN_PASSWORD: {{ .Values.environment.ADMIN_PASSWORD | quote }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: describo-configuration-file - namespace: {{ .Release.Namespace }} -data: - {{- $files := .Files }} - {{- range tuple "nginx.conf" "type-definitions-lookup.json" "type-definitions.json" }} - {{ . }}: |- -{{ printf "defaults/%s" . | $files.Get | indent 4 }} - {{- end }} - configuration.json: |- - { - "ui": { - "siteName": "Sciebo - Describo Online", - "logo": "http://www.researchobject.org/ro-crate/assets/img/ro-crate.svg", - "login": "", - "services": { - "owncloud": false, - "reva": false, - "s3": false, - "onedrive": false - }, - "basePath": "/", - "maxSessionLifetime": "86400", - "maxEntitiesPerTemplate": "100" - }, - "api": { - "port": 8080, - "periodicProcessInterval": 300, - "applications": [ - { - "name": "Owncloud ScieboRDS", - "secret": "{{ .Values.global.describo.api_secret }}" - } - ] - } - } diff --git a/rds/base/charts/layer0_describo/templates/deployment.yaml b/rds/base/charts/layer0_describo/templates/deployment.yaml deleted file mode 100644 index 1fe67c4..0000000 --- a/rds/base/charts/layer0_describo/templates/deployment.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer0_describo.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer0_describo.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer0_describo.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer0_describo.labels" . | indent 8 }} - spec: - volumes: - - name: describo-configuration - configMap: - name: describo-configuration-file - items: - - key: configuration.json - path: configuration.json - - key: type-definitions-lookup.json - path: type-definitions-lookup.json - - key: type-definitions.json - path: type-definitions.json - - key: nginx.conf - path: nginx.conf - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: "api" - image: {{ template "layer0_describo.apiImage" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: describo-configuration - mountPath: /srv/api/configuration.json - subPath: configuration.json - readOnly: true - - name: describo-configuration - mountPath: /srv/profiles/type-definitions-lookup.json - subPath: type-definitions-lookup.json - readOnly: true - - name: describo-configuration - mountPath: /srv/profiles/type-definitions.json - subPath: type-definitions.json - readOnly: true - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: describo-pg-passwd - key: postgresql-password - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: admin-passwd - key: passwd - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: describoconfig - resources: - {{- toYaml .Values.resources | nindent 12 }} - - name: "ui" - image: {{ template "layer0_describo.uiImage" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: describo-configuration - mountPath: /etc/nginx/conf.d/default.conf - subPath: nginx.conf - readOnly: true - env: - - name: "VUE_APP_BASE_URL" - value: "{{ .Values.ingress.path }}" - - name: "NODE_ENV" - value: "production" - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - ports: - - name: http - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: / - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer0_describo/templates/ingress.yaml b/rds/base/charts/layer0_describo/templates/ingress.yaml deleted file mode 100644 index 1e679a0..0000000 --- a/rds/base/charts/layer0_describo/templates/ingress.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- $fullName := include "layer0_describo.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: -{{ include "layer0_describo.labels" . | indent 4 }} - annotations: -{{- include "common.ingressAnnotations" . | nindent 4 }} -spec: - {{- if (include "common.tlsSecretName" .) }} - tls: - - hosts: - - {{ .Values.global.describo.domain }} - secretName: {{ include "common.tlsSecretName" . }} - {{- end }} - rules: - - host: {{ .Values.global.describo.domain }} - http: - paths: - - path: {{ .Values.ingress.path }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - # number: 80 - name: http \ No newline at end of file diff --git a/rds/base/charts/layer0_describo/templates/service.yaml b/rds/base/charts/layer0_describo/templates/service.yaml deleted file mode 100644 index c730fe2..0000000 --- a/rds/base/charts/layer0_describo/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer0_describo.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer0_describo.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer0_describo.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer0_describo/templates/tests/test-connection.yaml b/rds/base/charts/layer0_describo/templates/tests/test-connection.yaml deleted file mode 100644 index c21eae5..0000000 --- a/rds/base/charts/layer0_describo/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer0_describo.fullname" . }}-test-research" - labels: -{{ include "layer0_describo.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer0_describo.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer0_describo/values.yaml b/rds/base/charts/layer0_describo/values.yaml deleted file mode 100644 index 8fb3036..0000000 --- a/rds/base/charts/layer0_describo/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -replicaCount: 1 - -image: - tag: 0.26.6 - pullPolicy: Always - registry: docker.io - uiRepository: arkisto/describo-online-ui - apiRepository: arkisto/describo-online-api - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: service - research-data-services.org/layer: layer0 - -fullnameOverride: layer0-describo - -service: - type: ClusterIP - port: 80 - targetPort: 80 - -ingress: - path: / - annotations: - nginx.org/server-snippets: | - location /socket.io/ { - proxy_http_version 1.1; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://layer0-describo/socket.io/; - } -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -persistence: - enabled: true - accessModes: - - ReadWriteOnce - size: 1Gi - annotations: {} - -environment: - LOG_LEVEL: info - ADMIN_PASSWORD: adminpass - -# domains for webdav addresses (currently owncloud only) -domains: - - name: owncloud.local - ADDRESS: https://owncloud.local/owncloud - OAUTH_CLIENT_ID: ABC - OAUTH_CLIENT_SECRET: XYZ - -postgresql: - image: - tag: 14.1.0 - service: - port: "5432" - fullnameOverride: postgresql - postgresqlDatabase: "describo" - postgresqlUsername: "admin" - postgresqlPassword: "admin" - -global: - describo: - domain: "" diff --git a/rds/base/charts/layer0_helper_describo_token_updater/.helmignore b/rds/base/charts/layer0_helper_describo_token_updater/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer0_helper_describo_token_updater/Chart.lock b/rds/base/charts/layer0_helper_describo_token_updater/Chart.lock deleted file mode 100644 index 0b92850..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:907f03fdcae7108b8137782291baf28aad5dff00fe221ee3bb3bebd8d1101c9c -generated: "2023-02-07T10:30:53.980764318+01:00" diff --git a/rds/base/charts/layer0_helper_describo_token_updater/Chart.yaml b/rds/base/charts/layer0_helper_describo_token_updater/Chart.yaml deleted file mode 100644 index ab3a0d5..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer0-helper-describo-token-updater -version: 0.2.1 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - describo - - describo-online - - updater - - layer3-token-storage -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer0-helper-describo-token-updater-common - diff --git a/rds/base/charts/layer0_helper_describo_token_updater/charts/common-0.1.2.tgz b/rds/base/charts/layer0_helper_describo_token_updater/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer0_helper_describo_token_updater/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer0_helper_describo_token_updater/templates/_helpers.tpl b/rds/base/charts/layer0_helper_describo_token_updater/templates/_helpers.tpl deleted file mode 100644 index 3c91063..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer0_helper_describo_token_updater.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "layer0_helper_describo_token_updater.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer0_helper_describo_token_updater.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer0_helper_describo_token_updater.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer0_helper_describo_token_updater.labels" -}} -app.kubernetes.io/name: {{ include "layer0_helper_describo_token_updater.name" . }} -helm.sh/chart: {{ include "layer0_helper_describo_token_updater.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer0_helper_describo_token_updater.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer0_helper_describo_token_updater.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer0_helper_describo_token_updater/templates/configmap.yaml b/rds/base/charts/layer0_helper_describo_token_updater/templates/configmap.yaml deleted file mode 100644 index 19e35e5..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: describohelperconfig - namespace: {{ .Release.Namespace }} -data: - {{- with (mustMergeOverwrite (.Values.global | default dict) .Values.environment) }} - REDIS_HELPER_HOST: {{ .REDIS_HELPER_HOST | default "redis" | quote }} - REDIS_HELPER_PORT: {{ .REDIS_HELPER_PORT | default "6379" | quote }} - REDIS_CHANNEL: {{ .REDIS_CHANNEL | default "TokenStorage_Refresh_Token" | quote }} - {{- end }} - DESCRIBO_API_ENDPOINT: {{ .Values.environment.DESCRIBO_API_ENDPOINT | quote }} - DESCRIBO_API_SECRET: {{ .Values.global.describo.api_secret }} diff --git a/rds/base/charts/layer0_helper_describo_token_updater/templates/deployment.yaml b/rds/base/charts/layer0_helper_describo_token_updater/templates/deployment.yaml deleted file mode 100644 index 2e5d16e..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/templates/deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer0_helper_describo_token_updater.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer0_helper_describo_token_updater.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer0_helper_describo_token_updater.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer0_helper_describo_token_updater.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer0_helper_describo_token_updater.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: describohelperconfig - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer0_helper_describo_token_updater/values.yaml b/rds/base/charts/layer0_helper_describo_token_updater/values.yaml deleted file mode 100644 index af62849..0000000 --- a/rds/base/charts/layer0_helper_describo_token_updater/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/port_helper_describo_token_updater - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: service - research-data-services.org/layer: layer0 - -fullnameOverride: layer0-helper-describo-token-updater - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - DESCRIBO_API_ENDPOINT: http://layer0-describo:80/api/session/application - -global: - describo: - api_secret: "" diff --git a/rds/base/charts/layer0_web/.helmignore b/rds/base/charts/layer0_web/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer0_web/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer0_web/Chart.lock b/rds/base/charts/layer0_web/Chart.lock deleted file mode 100644 index 3e310b8..0000000 --- a/rds/base/charts/layer0_web/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:9f1061b59aef21bbca3bc05796009e900a75e94f1b37107e92b756f2c0a6e1d7 -generated: "2023-02-07T10:30:54.433292998+01:00" diff --git a/rds/base/charts/layer0_web/Chart.yaml b/rds/base/charts/layer0_web/Chart.yaml deleted file mode 100644 index 254ecf8..0000000 --- a/rds/base/charts/layer0_web/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer0-web -version: 0.3.3 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer0-web-common - diff --git a/rds/base/charts/layer0_web/charts/common-0.1.2.tgz b/rds/base/charts/layer0_web/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer0_web/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer0_web/templates/NOTES.txt b/rds/base/charts/layer0_web/templates/NOTES.txt deleted file mode 100644 index afe8df8..0000000 --- a/rds/base/charts/layer0_web/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "layer0_web.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "layer0_web.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "layer0_web.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "layer0_web.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/rds/base/charts/layer0_web/templates/_helpers.tpl b/rds/base/charts/layer0_web/templates/_helpers.tpl deleted file mode 100644 index d24cdf2..0000000 --- a/rds/base/charts/layer0_web/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer0_web.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer0_web.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer0_web.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer0_web.labels" -}} -app.kubernetes.io/name: {{ include "layer0_web.name" . }} -helm.sh/chart: {{ include "layer0_web.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer0_web.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer0_web.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer0_web/templates/configmap.yaml b/rds/base/charts/layer0_web/templates/configmap.yaml deleted file mode 100644 index 44a05c6..0000000 --- a/rds/base/charts/layer0_web/templates/configmap.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- $domains := .Values.domains -}} -{{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} -{{- end -}} - -{{- if not $domains -}} - {{- if .Values.environment.ADRESS -}} - {{- $name := dict "name" (.Values.environment.ADRESS | trimPrefix "https://" | trimPrefix "http://") -}} - {{- $domains = (list (merge .Values.environment $name)) -}} - {{- else -}} - {{- $domains = list (merge .Values.environment) -}} - {{- end -}} -{{- end -}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: webconfig - namespace: {{ .Release.Namespace }} -data: - EMBED_MODE: "{{ .Values.environment.EMBED_MODE }}" - FLASK_ORIGINS: {{ (append (append .Values.environment.FLASK_ORIGINS (printf "https://%s" .Values.global.rds.domain)) (printf "http://%s" .Values.global.rds.domain)) | toJson | squote }} - SECRET_KEY: "{{ .Values.environment.SECRET_KEY }}" - DESCRIBO_API_ENDPOINT: "{{ .Values.environment.DESCRIBO_API_ENDPOINT }}" - DESCRIBO_API_SECRET: {{ .Values.global.describo.api_secret | quote }} - VUE_APP_DESCRIBO_URL: https://{{ .Values.global.describo.domain }}/application - VUE_APP_FRONTENDHOST: https://{{ .Values.global.rds.domain }} - VUE_APP_SOCKETIO_HOST: https://{{ .Values.global.rds.domain }} - SOCKETIO_HOST: https://{{ .Values.global.rds.domain }} - SOCKETIO_PATH: "{{ .Values.environment.SOCKETIO_PATH }}" - VUE_APP_BASE_URL: "{{ .Values.environment.VUE_APP_BASE_URL }}" - {{- with (mustMergeOverwrite (.Values.global | default dict) .Values.environment) }} - REDIS_HELPER_HOST: {{ .REDIS_HELPER_HOST | default "redis-helper" | quote }} - REDIS_HELPER_PORT: {{ .REDIS_HELPER_PORT | default "6379" | quote }} - REDIS_HOST: {{ .REDIS_HOST | default "redis" | quote }} - REDIS_PORT: {{ .REDIS_PORT | default "6379" | quote }} - {{- end }} - PROMETHEUS_MULTIPROC_DIR: "/tmp" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: domainsconfig - namespace: {{ .Release.Namespace }} -data: - domains.json: |- -{{- $domains | toJson | nindent 4 }} diff --git a/rds/base/charts/layer0_web/templates/deployment.yaml b/rds/base/charts/layer0_web/templates/deployment.yaml deleted file mode 100644 index 0ef5e2d..0000000 --- a/rds/base/charts/layer0_web/templates/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer0_web.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer0_web.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer0_web.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer0_web.labels" . | indent 8 }} - spec: - volumes: - - name: domainsconfig - configMap: - name: domainsconfig - items: - - key: domains.json - path: domains.json - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer0_web.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: domainsconfig - mountPath: /srv/domains.json - subPath: domains.json - readOnly: true -{{- if.Values.global.domains }} - env: - {{- range $domain := .Values.global.domains }} - {{- $name := $domain.name -}} - {{- $upper_name := regexReplaceAll "\\W+" $name "_" | upper -}} - {{- $lower_name := regexReplaceAll "\\W+" $name "-" | lower -}} - {{- $client_id := printf "%s_%s" $upper_name "OAUTH_CLIENT_ID" }} - {{- $client_secret := printf "%s_%s" $upper_name "OAUTH_CLIENT_SECRET" }} - - name: {{ $client_id }} - valueFrom: - secretKeyRef: - name: layer1-port-owncloud-{{ $lower_name }} - key: oauth-client-id - - name: {{ $client_secret }} - valueFrom: - secretKeyRef: - name: layer1-port-owncloud-{{ $lower_name }} - key: oauth-client-secret - {{- end }} -{{- end }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: webconfig - ports: - - name: http - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - - name: metrics - containerPort: 9999 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: metrics - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: metrics - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer0_web/templates/ingress.yaml b/rds/base/charts/layer0_web/templates/ingress.yaml deleted file mode 100644 index 913be76..0000000 --- a/rds/base/charts/layer0_web/templates/ingress.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- $fullName := include "layer0_web.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: -{{ include "layer0_web.labels" . | indent 4 }} - annotations: -{{- include "common.ingressAnnotations" . | nindent 4 }} -spec: - {{- if (include "common.tlsSecretName" .) }} - tls: - - hosts: - - {{ .Values.global.rds.domain }} - secretName: {{ include "common.tlsSecretName" . }} - {{- end }} - rules: - - host: {{ .Values.global.rds.domain }} - http: - paths: - - path: {{ .Values.ingress.path }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - # number: 80 - name: http \ No newline at end of file diff --git a/rds/base/charts/layer0_web/templates/service.yaml b/rds/base/charts/layer0_web/templates/service.yaml deleted file mode 100644 index eea2890..0000000 --- a/rds/base/charts/layer0_web/templates/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer0_web.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer0_web.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - - port: 9999 - targetPort: metrics - protocol: TCP - name: metrics - selector: - app.kubernetes.io/name: {{ include "layer0_web.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer0_web/templates/tests/test-connection.yaml b/rds/base/charts/layer0_web/templates/tests/test-connection.yaml deleted file mode 100644 index cc5462a..0000000 --- a/rds/base/charts/layer0_web/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer0_web.fullname" . }}-test-research" - labels: -{{ include "layer0_web.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer0_web.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer0_web/values.yaml b/rds/base/charts/layer0_web/values.yaml deleted file mode 100644 index 226979a..0000000 --- a/rds/base/charts/layer0_web/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/rds_web - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: rds-ingress - research-data-services.org/layer: layer0 - -fullnameOverride: layer0-web - -service: - type: ClusterIP - port: 80 - targetPort: 80 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9999" - -ingress: - path: / - annotations: - nginx.org/server-snippets: | - location /socket.io/ { - proxy_http_version 1.1; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://layer0-web/socket.io/; - } -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - EMBED_MODE: true - FLASK_ORIGINS: - - "http://localhost:8080" - - "http://localhost:8085" - - "http://localhost:8000" - - "http://localhost:9100" - SECRET_KEY: 1234 - DESCRIBO_API_ENDPOINT: http://layer0-describo/api/session/application - #SOCKETIO_HOST: https:// - SOCKETIO_PATH: /socket.io/ - VUE_APP_BASE_URL: / - -global: - rds: - domain: hey - describo: - domain: hej - api_secret: asd - -# domains: -# - name: owncloud.local # have to be equal to the second part of cloudID in owncloud -# ADDRESS: https://owncloud.local/owncloud -# OAUTH_CLIENT_ID: ABC -# OAUTH_CLIENT_SECRET: XYZ -# # filter settings for services for this domain. This is very usable, if you want to connect a single RDS instance to multiple installations. -# # So you can show some specific services only for some ownclouds and show other services to others. Domainname in only and except have to be the same as in domains -# filters: -# # example! -# only: # only this services will be shown to users of this domain -# - "layer1-port-zenodo" -# except: # all other services will be shown to users of this domain -# - "layer1-port-openscienceframework" -# # if only and except are used at the same time, the system will filter for only first and then for except. So except should be a subset of only, otherwise it is doing nothing. diff --git a/rds/base/charts/layer1_port_openscienceframework/.helmignore b/rds/base/charts/layer1_port_openscienceframework/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer1_port_openscienceframework/Chart.lock b/rds/base/charts/layer1_port_openscienceframework/Chart.lock deleted file mode 100644 index 9fd77bc..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:7aaa9dc5d2b77fe20b6c86434b0c1b5ec1755a923fca94ab95b35f07eec006e8 -generated: "2023-02-07T10:30:54.931573465+01:00" diff --git a/rds/base/charts/layer1_port_openscienceframework/Chart.yaml b/rds/base/charts/layer1_port_openscienceframework/Chart.yaml deleted file mode 100644 index 2df521a..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer1-port-openscienceframework -version: 0.2.3 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - openscienceframework -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer1-port-openscienceframewor-common - - diff --git a/rds/base/charts/layer1_port_openscienceframework/charts/common-0.1.2.tgz b/rds/base/charts/layer1_port_openscienceframework/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer1_port_openscienceframework/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer1_port_openscienceframework/templates/_helpers.tpl b/rds/base/charts/layer1_port_openscienceframework/templates/_helpers.tpl deleted file mode 100644 index 9ba1fb6..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer1_port_openscienceframework.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "layer1_port_openscienceframework.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer1_port_openscienceframework.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer1_port_openscienceframework.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer1_port_openscienceframework.labels" -}} -app.kubernetes.io/name: {{ include "layer1_port_openscienceframework.name" . }} -helm.sh/chart: {{ include "layer1_port_openscienceframework.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer1_port_openscienceframework.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer1_port_openscienceframework.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer1_port_openscienceframework/templates/configmap.yaml b/rds/base/charts/layer1_port_openscienceframework/templates/configmap.yaml deleted file mode 100644 index 550a8c5..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/templates/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: portosfconfig - namespace: {{ .Release.Namespace }} -data: - OPENSCIENCEFRAMEWORK_ADDRESS: {{ .Values.environment.ADDRESS | quote }} - OPENSCIENCEFRAMEWORK_API_ADDRESS: {{ .Values.environment.API_ADDRESS | quote }} - OPENSCIENCEFRAMEWORK_DISPLAYNAME: {{ .Values.environment.DISPLAYNAME | quote }} - OPENSCIENCEFRAMEWORK_INFO_URL: {{ .Values.environment.INFO_URL | quote }} - OPENSCIENCEFRAMEWORK_HELP_URL: {{ .Values.environment.HELP_URL | quote }} - OPENSCIENCEFRAMEWORK_ICON: {{ .Values.environment.ICON | quote }} - OPENSCIENCEFRAMEWORK_METADATA_PROFILE: {{ .Values.environment.METADATA_PROFILE | quote }} - OPENSCIENCEFRAMEWORK_PROJECT_LINK_TEMPLATE: {{ .Values.environment.PROJECT_LINK_TEMPLATE | quote }} - diff --git a/rds/base/charts/layer1_port_openscienceframework/templates/deployment.yaml b/rds/base/charts/layer1_port_openscienceframework/templates/deployment.yaml deleted file mode 100644 index 1f37869..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer1_port_openscienceframework.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_openscienceframework.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer1_port_openscienceframework.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer1_port_openscienceframework.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer1_port_openscienceframework.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: OPENSCIENCEFRAMEWORK_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: osf-client - key: osf-client-id - - name: OPENSCIENCEFRAMEWORK_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: osf-client - key: osf-client-secret - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: portosfconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer1_port_openscienceframework/templates/service.yaml b/rds/base/charts/layer1_port_openscienceframework/templates/service.yaml deleted file mode 100644 index 61b3ffc..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer1_port_openscienceframework.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_openscienceframework.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer1_port_openscienceframework.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer1_port_openscienceframework/templates/tests/test-connection.yaml b/rds/base/charts/layer1_port_openscienceframework/templates/tests/test-connection.yaml deleted file mode 100644 index f82564f..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer1_port_openscienceframework.fullname" . }}-test-research" - labels: -{{ include "layer1_port_openscienceframework.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer1_port_openscienceframework.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer1_port_openscienceframework/values.yaml b/rds/base/charts/layer1_port_openscienceframework/values.yaml deleted file mode 100644 index 93427b3..0000000 --- a/rds/base/charts/layer1_port_openscienceframework/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/port_openscienceframework - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: connector - research-data-services.org/layer: layer1 - -fullnameOverride: layer1-port-openscienceframework - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -domain: localhost -ingress: - tls: - secretName: sciebords-tls-public - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - ADDRESS: https://accounts.test.osf.io - API_ADDRESS: https://api.test.osf.io/v2 - OAUTH_CLIENT_ID: "" - OAUTH_CLIENT_SECRET: "" - DISPLAYNAME: "" - INFO_URL: "" - HELP_URL: "" - ICON: "" - METADATA_PROFILE: "" - PROJECT_LINK_TEMPLATE: "" diff --git a/rds/base/charts/layer1_port_owncloud/.helmignore b/rds/base/charts/layer1_port_owncloud/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer1_port_owncloud/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer1_port_owncloud/Chart.lock b/rds/base/charts/layer1_port_owncloud/Chart.lock deleted file mode 100644 index dd11068..0000000 --- a/rds/base/charts/layer1_port_owncloud/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:f9388dc66957a72d1d42857c8c87b9e4c2c81fb5fcdc5829b366219fa64c77bd -generated: "2023-02-07T10:30:55.413462484+01:00" diff --git a/rds/base/charts/layer1_port_owncloud/Chart.yaml b/rds/base/charts/layer1_port_owncloud/Chart.yaml deleted file mode 100644 index 64c53b3..0000000 --- a/rds/base/charts/layer1_port_owncloud/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer1-port-owncloud -version: 0.3.3 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer1-port-owncloud-common - diff --git a/rds/base/charts/layer1_port_owncloud/charts/common-0.1.2.tgz b/rds/base/charts/layer1_port_owncloud/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer1_port_owncloud/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer1_port_owncloud/templates/_helpers.tpl b/rds/base/charts/layer1_port_owncloud/templates/_helpers.tpl deleted file mode 100644 index 7febb7e..0000000 --- a/rds/base/charts/layer1_port_owncloud/templates/_helpers.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer1_port_owncloud.name" -}} -{{- printf "%s-%s" (default .Chart.Name .Values.nameOverride) (.name | replace "." "-" | replace ":" "-") -}} -{{- end -}} - -{{/* -Format the name of the image as a dictionary. -*/}} -{{- define "layer1_port_owncloud.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer1_port_owncloud.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-%s" (.Values.fullnameOverride | trunc 63 | trimSuffix "-") (.name | replace "." "-" | replace ":" "-") -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer1_port_owncloud.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer1_port_owncloud.labels" -}} -app.kubernetes.io/name: {{ include "layer1_port_owncloud.name" . }} -helm.sh/chart: {{ include "layer1_port_owncloud.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - -{{- define "layer1_port_owncloud.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer1_port_owncloud.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/layer1_port_owncloud/templates/configmap.yaml b/rds/base/charts/layer1_port_owncloud/templates/configmap.yaml deleted file mode 100644 index 3d4b717..0000000 --- a/rds/base/charts/layer1_port_owncloud/templates/configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- $domains := .Values.domains -}} -{{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} -{{- end -}} - -{{- if not $domains -}} -{{- $name := (dict "name" (.Values.environment.ADDRESS | replace "https://" "" | replace "http://" "")) -}} -{{- $domains = (list (merge .Values.environment $name)) -}} -{{- end -}} - -{{- range $domains }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: portowncloudconfig-{{ .name | replace "." "-" | replace ":" "-" }} - namespace: {{ $.Values.global.namespace.name | default $.Release.Namespace }} -data: - OWNCLOUD_OAUTH_CLIENT_ID: {{ .OAUTH_CLIENT_ID | quote }} - OWNCLOUD_INSTALLATION_URL: {{ .ADDRESS | quote }} - OWNCLOUD_OAUTH_CLIENT_SECRET: {{ .OAUTH_CLIENT_SECRET | quote }} - OWNCLOUD_DISPLAYNAME: {{ .DISPLAYNAME | quote }} - OWNCLOUD_INFO_URL: {{ .INFO_URL | quote }} - OWNCLOUD_HELP_URL: {{ .HELP_URL | quote }} - OWNCLOUD_ICON: {{ .ICON | quote }} - SERVICENAME: {{ .name | replace "." "-" | replace ":" "-" }} - {{ if not .INTERNAL_ADDRESS }} - OWNCLOUD_INTERNAL_INSTALLATION_URL: {{ .ADDRESS | quote }} - {{ end }} - {{ if .INTERNAL_ADDRESS }} - OWNCLOUD_INTERNAL_INSTALLATION_URL: {{ .INTERNAL_ADDRESS | quote }} - {{ end }} -{{- end }} diff --git a/rds/base/charts/layer1_port_owncloud/templates/deployment.yaml b/rds/base/charts/layer1_port_owncloud/templates/deployment.yaml deleted file mode 100644 index bcaa8af..0000000 --- a/rds/base/charts/layer1_port_owncloud/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- $domains := .Values.domains -}} -{{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} -{{- end -}} - -{{- if not $domains -}} - {{- $name := (dict "name" (.Values.environment.ADDRESS | trimPrefix "https://" | trimPrefix "http://")) -}} - {{- $domains = (list (merge .Values.environment $name)) -}} -{{- end -}} - -{{- range $domains }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer1_port_owncloud.fullname" (mergeOverwrite $ .) }} - namespace: {{ $.Values.global.namespace.name | default $.Release.Namespace }} - labels: -{{ include "layer1_port_owncloud.labels" (mergeOverwrite $ .) | indent 4 }} -spec: - replicas: {{ $.Values.replicaCount }} - selector: - matchLabels: -{{ include "layer1_port_owncloud.labels" (mergeOverwrite $ .) | indent 6 }} - template: - metadata: - labels: -{{ include "layer1_port_owncloud.labels" (mergeOverwrite $ .) | indent 8 }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ $.Chart.Name }} - image: {{ template "layer1_port_owncloud.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - env: - - name: OWNCLOUD_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: layer1-port-owncloud-{{ .name | replace "." "-" | replace ":" "-" }} - key: "oauth-client-id" - - name: OWNCLOUD_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: layer1-port-owncloud-{{ .name | replace "." "-" | replace ":" "-" }} - key: "oauth-client-secret" - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: portowncloudconfig-{{ .name | replace "." "-" | replace ":" "-" }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml $.Values.resources | nindent 12 }} - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/layer1_port_owncloud/templates/service.yaml b/rds/base/charts/layer1_port_owncloud/templates/service.yaml deleted file mode 100644 index 2429e74..0000000 --- a/rds/base/charts/layer1_port_owncloud/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- $domains := .Values.domains -}} -{{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} -{{- end -}} - -{{- if not $domains -}} -{{- $name := (dict "name" (.Values.environment.ADDRESS | replace "https://" "" | replace "http://" "")) -}} -{{- $domains = (list (merge .Values.environment $name)) -}} -{{- end -}} - -{{- range $domains }} ---- -apiVersion: v1 -kind: Service -metadata: - {{- with $.Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer1_port_owncloud.fullname" (mergeOverwrite $ .) }} - namespace: {{ $.Values.global.namespace.name | default $.Release.Namespace }} - labels: -{{ include "layer1_port_owncloud.labels" (mergeOverwrite $ .) | indent 4 }} -spec: - type: {{ $.Values.service.type }} - ports: - - port: {{ $.Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer1_port_owncloud.name" (mergeOverwrite $ .) }} - app.kubernetes.io/instance: {{ $.Release.Name }} -{{- end }} diff --git a/rds/base/charts/layer1_port_owncloud/templates/tests/test-connection.yaml b/rds/base/charts/layer1_port_owncloud/templates/tests/test-connection.yaml deleted file mode 100644 index be51921..0000000 --- a/rds/base/charts/layer1_port_owncloud/templates/tests/test-connection.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- $domains := .Values.domains -}} -{{- if .Values.global }} - {{- if .Values.global.domains }} - {{- $domains = .Values.global.domains -}} - {{- end -}} -{{- end -}} - -{{- if not $domains -}} - {{- $name := (dict "name" (.Values.environment.ADDRESS | trimPrefix "https://" | trimPrefix "http://")) -}} - {{- $domains = (list (merge .Values.environment $name)) -}} -{{- end -}} - -{{- range $domains }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer1_port_owncloud.fullname" (mergeOverwrite $ .) }}-test-research" - labels: -{{ include "layer1_port_owncloud.labels" (mergeOverwrite $ .) | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer1_port_owncloud.fullname" (mergeOverwrite $ .) }}:{{ $.Values.service.port }}'] - restartPolicy: Never -{{- end -}} diff --git a/rds/base/charts/layer1_port_owncloud/values.yaml b/rds/base/charts/layer1_port_owncloud/values.yaml deleted file mode 100644 index eecd97f..0000000 --- a/rds/base/charts/layer1_port_owncloud/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Default values for layer1_port_owncloud. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/port_owncloud - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: connector - research-data-services.org/layer: layer1 - -nameOverride: "" -fullnameOverride: "layer1-port-owncloud" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -domain: localhost -ingress: - tls: - secretName: sciebords-tls-public - -environment: - ADDRESS: "https://test-adress.de" - DISPLAYNAME: "" - INFO_URL: "" - HELP_URL: "" - ICON: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -global: - namespace: - name: "test-namespace" diff --git a/rds/base/charts/layer1_port_reva/.helmignore b/rds/base/charts/layer1_port_reva/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer1_port_reva/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer1_port_reva/Chart.lock b/rds/base/charts/layer1_port_reva/Chart.lock deleted file mode 100644 index c8bb132..0000000 --- a/rds/base/charts/layer1_port_reva/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:c45fe9bebe36f65d76dc5793030e0ad762dc46d290d98837e2a85cc6e6329914 -generated: "2023-02-07T10:30:55.892945969+01:00" diff --git a/rds/base/charts/layer1_port_reva/Chart.yaml b/rds/base/charts/layer1_port_reva/Chart.yaml deleted file mode 100644 index 8059850..0000000 --- a/rds/base/charts/layer1_port_reva/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer1-port-reva -version: 0.2.0 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - reva -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer1-port-reva-common - diff --git a/rds/base/charts/layer1_port_reva/charts/common-0.1.2.tgz b/rds/base/charts/layer1_port_reva/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer1_port_reva/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer1_port_reva/templates/_helpers.tpl b/rds/base/charts/layer1_port_reva/templates/_helpers.tpl deleted file mode 100644 index 8893977..0000000 --- a/rds/base/charts/layer1_port_reva/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer1_port_reva.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer1_port_reva.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer1_port_reva.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer1_port_reva.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer1_port_reva.labels" -}} -app.kubernetes.io/name: {{ include "layer1_port_reva.name" . }} -helm.sh/chart: {{ include "layer1_port_reva.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer1_port_reva.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer1_port_reva.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer1_port_reva/templates/configmap.yaml b/rds/base/charts/layer1_port_reva/templates/configmap.yaml deleted file mode 100644 index a7fd8c3..0000000 --- a/rds/base/charts/layer1_port_reva/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: portrevaconfig - namespace: {{ .Release.Namespace }} -data: - RDS_REVA_HOST: {{ .Values.environment.RDS_REVA_HOST | quote }} - RDS_REVA_USER: {{ .Values.environment.RDS_REVA_USER | quote }} - RDS_REVA_PASSWORD: {{ .Values.environment.RDS_REVA_PASSWORD | quote }} \ No newline at end of file diff --git a/rds/base/charts/layer1_port_reva/templates/deployment.yaml b/rds/base/charts/layer1_port_reva/templates/deployment.yaml deleted file mode 100644 index 083cc9b..0000000 --- a/rds/base/charts/layer1_port_reva/templates/deployment.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer1_port_reva.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_reva.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer1_port_reva.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer1_port_reva.labels" . | indent 8 }} - spec: - initContainers: - - name: init-tokenstorage - image: busybox:1.28 - command: ['sh', '-c', "until nslookup layer3-token-storage.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for layer3-token-storage; sleep 2; done"] - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer1_port_reva.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: portrevaconfig - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer1_port_reva/templates/service.yaml b/rds/base/charts/layer1_port_reva/templates/service.yaml deleted file mode 100644 index d18e43a..0000000 --- a/rds/base/charts/layer1_port_reva/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer1_port_reva.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_reva.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer1_port_reva.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer1_port_reva/templates/tests/test-connection.yaml b/rds/base/charts/layer1_port_reva/templates/tests/test-connection.yaml deleted file mode 100644 index 7666e8b..0000000 --- a/rds/base/charts/layer1_port_reva/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer1_port_reva.fullname" . }}-test-research" - labels: -{{ include "layer1_port_reva.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer1_port_reva.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer1_port_reva/values.yaml b/rds/base/charts/layer1_port_reva/values.yaml deleted file mode 100644 index 8723c62..0000000 --- a/rds/base/charts/layer1_port_reva/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: omnivox/port-reva - tag: latest - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: connector - research-data-services.org/layer: layer1 - -fullnameOverride: layer1-port-reva - -service: - type: ClusterIP - port: 80 - targetPort: 80 - annotations: - prometheus.io/scrape: "true" - -domain: localhost -ingress: - tls: - secretName: sciebords-tls-public - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - RDS_REVA_HOST: sciencemesh-test.uni-muenster.de:9600 - RDS_REVA_USER: "" - RDS_REVA_PASSWORD: "" diff --git a/rds/base/charts/layer1_port_zenodo/.helmignore b/rds/base/charts/layer1_port_zenodo/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer1_port_zenodo/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer1_port_zenodo/Chart.lock b/rds/base/charts/layer1_port_zenodo/Chart.lock deleted file mode 100644 index b3a17db..0000000 --- a/rds/base/charts/layer1_port_zenodo/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:d1d50002fef4797c2a48d9d32c63033f562681492a57c98311330067b5359984 -generated: "2023-02-07T10:30:56.387781762+01:00" diff --git a/rds/base/charts/layer1_port_zenodo/Chart.yaml b/rds/base/charts/layer1_port_zenodo/Chart.yaml deleted file mode 100644 index e04b01f..0000000 --- a/rds/base/charts/layer1_port_zenodo/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer1-port-zenodo -version: 0.2.2 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer1-port-zenodo-common - diff --git a/rds/base/charts/layer1_port_zenodo/charts/common-0.1.2.tgz b/rds/base/charts/layer1_port_zenodo/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer1_port_zenodo/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer1_port_zenodo/templates/_helpers.tpl b/rds/base/charts/layer1_port_zenodo/templates/_helpers.tpl deleted file mode 100644 index 0e5fdbc..0000000 --- a/rds/base/charts/layer1_port_zenodo/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer1_port_zenodo.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer1_port_zenodo.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer1_port_zenodo.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer1_port_zenodo.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer1_port_zenodo.labels" -}} -app.kubernetes.io/name: {{ include "layer1_port_zenodo.name" . }} -helm.sh/chart: {{ include "layer1_port_zenodo.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer1_port_zenodo.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer1_port_zenodo.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer1_port_zenodo/templates/configmap.yaml b/rds/base/charts/layer1_port_zenodo/templates/configmap.yaml deleted file mode 100644 index abc5518..0000000 --- a/rds/base/charts/layer1_port_zenodo/templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: portzenodoconfig - namespace: {{ .Release.Namespace }} -data: - ZENODO_ADDRESS: {{ .Values.environment.ADDRESS | quote }} - ZENODO_DISPLAYNAME: {{ .Values.environment.DISPLAYNAME | quote }} - ZENODO_INFO_URL: {{ .Values.environment.INFO_URL | quote }} - ZENODO_HELP_URL: {{ .Values.environment.HELP_URL | quote }} - ZENODO_ICON: {{ .Values.environment.ICON | quote }} - ZENODO_METADATA_PROFILE: {{ .Values.environment.METADATA_PROFILE | quote }} - ZENODO_PROJECT_LINK_TEMPLATE: {{ .Values.environment.PROJECT_LINK_TEMPLATE | quote }} diff --git a/rds/base/charts/layer1_port_zenodo/templates/deployment.yaml b/rds/base/charts/layer1_port_zenodo/templates/deployment.yaml deleted file mode 100644 index 4462eac..0000000 --- a/rds/base/charts/layer1_port_zenodo/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer1_port_zenodo.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_zenodo.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer1_port_zenodo.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer1_port_zenodo.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer1_port_zenodo.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: ZENODO_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: zenodo-client - key: zenodo-client-id - - name: ZENODO_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: zenodo-client - key: zenodo-client-secret - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: portzenodoconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer1_port_zenodo/templates/service.yaml b/rds/base/charts/layer1_port_zenodo/templates/service.yaml deleted file mode 100644 index fa50a8d..0000000 --- a/rds/base/charts/layer1_port_zenodo/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer1_port_zenodo.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer1_port_zenodo.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer1_port_zenodo.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer1_port_zenodo/templates/tests/test-connection.yaml b/rds/base/charts/layer1_port_zenodo/templates/tests/test-connection.yaml deleted file mode 100644 index 88e42e0..0000000 --- a/rds/base/charts/layer1_port_zenodo/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer1_port_zenodo.fullname" . }}-test-research" - labels: -{{ include "layer1_port_zenodo.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer1_port_zenodo.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer1_port_zenodo/values.yaml b/rds/base/charts/layer1_port_zenodo/values.yaml deleted file mode 100644 index fc01509..0000000 --- a/rds/base/charts/layer1_port_zenodo/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/port_zenodo - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: connector - research-data-services.org/layer: layer1 - -fullnameOverride: layer1-port-zenodo - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -domain: localhost -ingress: - tls: - secretName: sciebords-tls-public - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - ADDRESS: https://sandbox.zenodo.org - OAUTH_CLIENT_ID: "" - OAUTH_CLIENT_SECRET: "" - DISPLAYNAME: "" - INFO_URL: "" - HELP_URL: "" - ICON: "" - METADATA_PROFILE: "" - PROJECT_LINK_TEMPLATE: "" diff --git a/rds/base/charts/layer2_exporter_service/.helmignore b/rds/base/charts/layer2_exporter_service/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer2_exporter_service/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer2_exporter_service/Chart.lock b/rds/base/charts/layer2_exporter_service/Chart.lock deleted file mode 100644 index 3b6a514..0000000 --- a/rds/base/charts/layer2_exporter_service/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:a6c0de64f7566cd8e27dbc5e3fcf34a3df54d6333bff2e6cb61b8c172bddc240 -generated: "2023-02-07T10:30:56.892693816+01:00" diff --git a/rds/base/charts/layer2_exporter_service/Chart.yaml b/rds/base/charts/layer2_exporter_service/Chart.yaml deleted file mode 100644 index 0ea4bcc..0000000 --- a/rds/base/charts/layer2_exporter_service/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer2-exporter-service -version: 0.2.3 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer2-exporter-service-common - diff --git a/rds/base/charts/layer2_exporter_service/charts/common-0.1.2.tgz b/rds/base/charts/layer2_exporter_service/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer2_exporter_service/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer2_exporter_service/templates/_helpers.tpl b/rds/base/charts/layer2_exporter_service/templates/_helpers.tpl deleted file mode 100644 index c4e308f..0000000 --- a/rds/base/charts/layer2_exporter_service/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer2_exporter_service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer2_exporter_service.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer2_exporter_service.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer2_exporter_service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer2_exporter_service.labels" -}} -app.kubernetes.io/name: {{ include "layer2_exporter_service.name" . }} -helm.sh/chart: {{ include "layer2_exporter_service.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - -{{- define "layer2_exporter_service.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain }} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain }} -{{- else }}localhost{{- end -}} -{{- end -}} - -{{- define "layer2_exporter_service.secretName" -}} -{{- if .Values.global }} -{{- .Values.global.ingress.tls.secretName }} -{{- else }} -{{- .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer2_exporter_service/templates/configmap.yaml b/rds/base/charts/layer2_exporter_service/templates/configmap.yaml deleted file mode 100644 index afdec7a..0000000 --- a/rds/base/charts/layer2_exporter_service/templates/configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: serviceexporterconfig - namespace: {{ .Release.Namespace }} -data: - \ No newline at end of file diff --git a/rds/base/charts/layer2_exporter_service/templates/deployment.yaml b/rds/base/charts/layer2_exporter_service/templates/deployment.yaml deleted file mode 100644 index 9c20f82..0000000 --- a/rds/base/charts/layer2_exporter_service/templates/deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer2_exporter_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_exporter_service.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer2_exporter_service.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer2_exporter_service.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer2_exporter_service.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: serviceexporterconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer2_exporter_service/templates/service.yaml b/rds/base/charts/layer2_exporter_service/templates/service.yaml deleted file mode 100644 index 086f645..0000000 --- a/rds/base/charts/layer2_exporter_service/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer2_exporter_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_exporter_service.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer2_exporter_service.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer2_exporter_service/templates/tests/test-connection.yaml b/rds/base/charts/layer2_exporter_service/templates/tests/test-connection.yaml deleted file mode 100644 index 23a384f..0000000 --- a/rds/base/charts/layer2_exporter_service/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer2_exporter_service.fullname" . }}-test-research" - labels: -{{ include "layer2_exporter_service.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer2_exporter_service.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer2_exporter_service/values.yaml b/rds/base/charts/layer2_exporter_service/values.yaml deleted file mode 100644 index 529a0d1..0000000 --- a/rds/base/charts/layer2_exporter_service/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/use_case_exporter - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: service - research-data-services.org/layer: layer2 - -fullnameOverride: layer2-exporter-service - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/rds/base/charts/layer2_metadata_service/Chart.lock b/rds/base/charts/layer2_metadata_service/Chart.lock deleted file mode 100644 index ddcb7d3..0000000 --- a/rds/base/charts/layer2_metadata_service/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:318af01b93c9de85b7a5c9ebd15321e6eea000ce4d817337cfb8b083a1f6e92e -generated: "2023-02-07T10:30:57.413843137+01:00" diff --git a/rds/base/charts/layer2_metadata_service/Chart.yaml b/rds/base/charts/layer2_metadata_service/Chart.yaml deleted file mode 100644 index c8a61b3..0000000 --- a/rds/base/charts/layer2_metadata_service/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer2-metadata-service -version: 0.2.3 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer2-metadata-service-common - diff --git a/rds/base/charts/layer2_metadata_service/charts/common-0.1.2.tgz b/rds/base/charts/layer2_metadata_service/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer2_metadata_service/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer2_metadata_service/templates/_helpers.tpl b/rds/base/charts/layer2_metadata_service/templates/_helpers.tpl deleted file mode 100644 index 6c0d03f..0000000 --- a/rds/base/charts/layer2_metadata_service/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer2_metadata_service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer2_metadata_service.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer2_metadata_service.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer2_metadata_service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer2_metadata_service.labels" -}} -app.kubernetes.io/name: {{ include "layer2_metadata_service.name" . }} -helm.sh/chart: {{ include "layer2_metadata_service.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - -{{- define "layer2_metadata_service.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer2_metadata_service.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer2_metadata_service/templates/configmap.yaml b/rds/base/charts/layer2_metadata_service/templates/configmap.yaml deleted file mode 100644 index 43cce4b..0000000 --- a/rds/base/charts/layer2_metadata_service/templates/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: servicemetadataconfig - namespace: {{ .Release.Namespace }} -data: {} \ No newline at end of file diff --git a/rds/base/charts/layer2_metadata_service/templates/deployment.yaml b/rds/base/charts/layer2_metadata_service/templates/deployment.yaml deleted file mode 100644 index 7ce1e79..0000000 --- a/rds/base/charts/layer2_metadata_service/templates/deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer2_metadata_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_metadata_service.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer2_metadata_service.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer2_metadata_service.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer2_metadata_service.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: servicemetadataconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer2_metadata_service/templates/service.yaml b/rds/base/charts/layer2_metadata_service/templates/service.yaml deleted file mode 100644 index d6d37c1..0000000 --- a/rds/base/charts/layer2_metadata_service/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer2_metadata_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_metadata_service.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer2_metadata_service.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer2_metadata_service/templates/tests/test-connection.yaml b/rds/base/charts/layer2_metadata_service/templates/tests/test-connection.yaml deleted file mode 100644 index 479f2e2..0000000 --- a/rds/base/charts/layer2_metadata_service/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer2_metadata_service.fullname" . }}-test-research" - labels: -{{ include "layer2_metadata_service.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer2_metadata_service.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer2_metadata_service/values.yaml b/rds/base/charts/layer2_metadata_service/values.yaml deleted file mode 100644 index 928e4f5..0000000 --- a/rds/base/charts/layer2_metadata_service/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/use_case_metadata - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: service - research-data-services.org/layer: layer2 - -fullnameOverride: layer2-metadata-service - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/rds/base/charts/layer2_port_service/.helmignore b/rds/base/charts/layer2_port_service/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer2_port_service/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer2_port_service/Chart.lock b/rds/base/charts/layer2_port_service/Chart.lock deleted file mode 100644 index 1f085fb..0000000 --- a/rds/base/charts/layer2_port_service/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:dca3d3ef6fede10aab2defdabecdff2205a5bd66c7b36d1441f98635d4b84e37 -generated: "2023-02-07T10:30:57.939050904+01:00" diff --git a/rds/base/charts/layer2_port_service/Chart.yaml b/rds/base/charts/layer2_port_service/Chart.yaml deleted file mode 100644 index 4a2139d..0000000 --- a/rds/base/charts/layer2_port_service/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: layer2-port-service -version: 0.2.5 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer2-port-service-common - diff --git a/rds/base/charts/layer2_port_service/charts/common-0.1.2.tgz b/rds/base/charts/layer2_port_service/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer2_port_service/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer2_port_service/templates/_helpers.tpl b/rds/base/charts/layer2_port_service/templates/_helpers.tpl deleted file mode 100644 index 64f2ee6..0000000 --- a/rds/base/charts/layer2_port_service/templates/_helpers.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer2_port_service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer2_port_service.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer2_port_service.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer2_port_service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer2_port_service.labels" -}} -app.kubernetes.io/name: {{ include "layer2_port_service.name" . }} -helm.sh/chart: {{ include "layer2_port_service.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - - - -{{- define "layer2_port_service.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer2_port_service.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer2_port_service/templates/configmap.yaml b/rds/base/charts/layer2_port_service/templates/configmap.yaml deleted file mode 100644 index 9261ff7..0000000 --- a/rds/base/charts/layer2_port_service/templates/configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: serviceportconfig - namespace: {{ .Release.Namespace }} -data: - IGNORE_PROJECTS: {{ .Values.environment.IGNORE_PROJECTS | quote }} \ No newline at end of file diff --git a/rds/base/charts/layer2_port_service/templates/deployment.yaml b/rds/base/charts/layer2_port_service/templates/deployment.yaml deleted file mode 100644 index 5220825..0000000 --- a/rds/base/charts/layer2_port_service/templates/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer2_port_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_port_service.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer2_port_service.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer2_port_service.labels" . | indent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer2_port_service.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: mservice - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: serviceportconfig - {{- if .Values.environment.TOKENSERVICE_STATE_SECRET }} - env: - - name: TOKENSERVICE_STATE_SECRET - value: {{ .Values.environment.TOKENSERVICE_STATE_SECRET }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer2_port_service/templates/service.yaml b/rds/base/charts/layer2_port_service/templates/service.yaml deleted file mode 100644 index b2d67a6..0000000 --- a/rds/base/charts/layer2_port_service/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer2_port_service.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer2_port_service.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer2_port_service.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer2_port_service/templates/tests/test-connection.yaml b/rds/base/charts/layer2_port_service/templates/tests/test-connection.yaml deleted file mode 100644 index 7c12901..0000000 --- a/rds/base/charts/layer2_port_service/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer2_port_service.fullname" . }}-test-research" - labels: -{{ include "layer2_port_service.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer2_port_service.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer2_port_service/values.yaml b/rds/base/charts/layer2_port_service/values.yaml deleted file mode 100644 index b61b2a5..0000000 --- a/rds/base/charts/layer2_port_service/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/use_case_port_service - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: service - research-data-services.org/layer: layer2 - -fullnameOverride: layer2-port-service - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -environment: - IGNORE_PROJECTS: "True" - TOKENSERVICE_STATE_SECRET: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/rds/base/charts/layer3_research_manager/Chart.lock b/rds/base/charts/layer3_research_manager/Chart.lock deleted file mode 100644 index 00336e4..0000000 --- a/rds/base/charts/layer3_research_manager/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:96a625dec9b5cc24195264a79968fd43a4a7199bfd0b4e22c994e9e48736a6c2 -generated: "2023-02-07T10:30:58.462751504+01:00" diff --git a/rds/base/charts/layer3_research_manager/Chart.yaml b/rds/base/charts/layer3_research_manager/Chart.yaml deleted file mode 100644 index 76d0512..0000000 --- a/rds/base/charts/layer3_research_manager/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: The project manager to manage projects within RDS -name: layer3-research-manager -version: 0.3.4 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer3-research-manager-common - diff --git a/rds/base/charts/layer3_research_manager/charts/common-0.1.2.tgz b/rds/base/charts/layer3_research_manager/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer3_research_manager/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer3_research_manager/templates/_helpers.tpl b/rds/base/charts/layer3_research_manager/templates/_helpers.tpl deleted file mode 100644 index 92f9220..0000000 --- a/rds/base/charts/layer3_research_manager/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer3_research_manager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer3_research_manager.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer3_research_manager.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer3_research_manager.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer3_research_manager.labels" -}} -app.kubernetes.io/name: {{ include "layer3_research_manager.name" . }} -helm.sh/chart: {{ include "layer3_research_manager.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - -{{- define "layer3_research_manager.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer3_research_manager.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer3_research_manager/templates/configmap.yaml b/rds/base/charts/layer3_research_manager/templates/configmap.yaml deleted file mode 100644 index b2d4cd2..0000000 --- a/rds/base/charts/layer3_research_manager/templates/configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: layer3researchconfig - namespace: {{ .Release.Namespace }} -data: - REDIS_HOST: {{ .Values.global.REDIS_HOST | quote }} - REDIS_PORT: {{ .Values.global.REDIS_PORT | quote }} \ No newline at end of file diff --git a/rds/base/charts/layer3_research_manager/templates/deployment.yaml b/rds/base/charts/layer3_research_manager/templates/deployment.yaml deleted file mode 100644 index dbf1a54..0000000 --- a/rds/base/charts/layer3_research_manager/templates/deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer3_research_manager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer3_research_manager.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer3_research_manager.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer3_research_manager.labels" . | indent 8 }} - spec: - initContainers: - - name: deploy - image: redis - command: [ "sh" ] - args: [ "-c", 'while [ "$(redis-cli -h $REDIS_PORT_6379_TCP_ADDR ping)" != "PONG" ]; do sleep 2; done' ] - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer3_research_manager.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: layer3researchconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer3_research_manager/templates/service.yaml b/rds/base/charts/layer3_research_manager/templates/service.yaml deleted file mode 100644 index 5f979f8..0000000 --- a/rds/base/charts/layer3_research_manager/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer3_research_manager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer3_research_manager.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer3_research_manager.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer3_research_manager/templates/tests/test-connection.yaml b/rds/base/charts/layer3_research_manager/templates/tests/test-connection.yaml deleted file mode 100644 index fbd51ee..0000000 --- a/rds/base/charts/layer3_research_manager/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer3_research_manager.fullname" . }}-test-research" - labels: -{{ include "layer3_research_manager.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer3_research_manager.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer3_research_manager/values.yaml b/rds/base/charts/layer3_research_manager/values.yaml deleted file mode 100644 index feef760..0000000 --- a/rds/base/charts/layer3_research_manager/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/central_service_research_manager - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: core - research-data-services.org/layer: layer3 - -fullnameOverride: layer3-research-manager - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - REDIS_HOST: redis - REDIS_PORT: 6379 - IN_MEMORY_AS_FAILOVER: "False" - -global: - REDIS_HOST: - REDIS_PORT: diff --git a/rds/base/charts/layer3_token_storage/.helmignore b/rds/base/charts/layer3_token_storage/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/layer3_token_storage/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/layer3_token_storage/Chart.lock b/rds/base/charts/layer3_token_storage/Chart.lock deleted file mode 100644 index 70e2be6..0000000 --- a/rds/base/charts/layer3_token_storage/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://../common - version: 0.1.2 -digest: sha256:d1c8c0cbbca95a7e19dbef5c25f6422bf2c632f5972f682e44d4f70bb8ca4b74 -generated: "2023-02-07T10:30:58.971766018+01:00" diff --git a/rds/base/charts/layer3_token_storage/Chart.yaml b/rds/base/charts/layer3_token_storage/Chart.yaml deleted file mode 100644 index cac8de2..0000000 --- a/rds/base/charts/layer3_token_storage/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -appVersion: "1.0" -description: The storage for tokens and passwords for services. -name: layer3-token-storage -version: 0.3.0 -home: https://www.research-data-services.org/ -type: application -keywords: - - research - - data - - services - - zenodo -maintainers: - - email: peter.heiss@uni-muenster.de - name: Heiss -sources: - - https://github.com/Sciebo-RDS/Sciebo-RDS -icon: https://www.research-data-services.org/img/sciebo.png -dependencies: - - name: common - version: ^0.1.0 - repository: file://../common - alias: layer3-token-storage-common - diff --git a/rds/base/charts/layer3_token_storage/charts/common-0.1.2.tgz b/rds/base/charts/layer3_token_storage/charts/common-0.1.2.tgz deleted file mode 100644 index 2374cbb..0000000 Binary files a/rds/base/charts/layer3_token_storage/charts/common-0.1.2.tgz and /dev/null differ diff --git a/rds/base/charts/layer3_token_storage/templates/_helpers.tpl b/rds/base/charts/layer3_token_storage/templates/_helpers.tpl deleted file mode 100644 index 149641a..0000000 --- a/rds/base/charts/layer3_token_storage/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "layer3_token_storage.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "layer3_token_storage.image" -}} -{{ include "common.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "layer3_token_storage.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "layer3_token_storage.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "layer3_token_storage.labels" -}} -app.kubernetes.io/name: {{ include "layer3_token_storage.name" . }} -helm.sh/chart: {{ include "layer3_token_storage.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.labels }} -{{ toYaml .Values.labels }} -{{- end -}} -{{- end -}} - -{{- define "layer3_token_storage.domain" -}} -{{- if .Values.global }} -{{- .Values.global.domain -}} -{{- else if hasKey .Values "domain" }} -{{- .Values.domain -}} -{{- else }}"localhost"{{- end -}} -{{- end -}} - -{{- define "layer3_token_storage.secretName" -}} -{{- if .Values.global}} -{{ .Values.global.ingress.tls.secretName }} -{{- else }} -{{ .Values.ingress.tls.secretName }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/rds/base/charts/layer3_token_storage/templates/configmap.yaml b/rds/base/charts/layer3_token_storage/templates/configmap.yaml deleted file mode 100644 index 6b1f797..0000000 --- a/rds/base/charts/layer3_token_storage/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: layer3tokenconfig - namespace: {{ .Release.Namespace }} -data: - {{- with (mustMergeOverwrite (.Values.global | default dict) .Values.environment) }} - REDIS_HELPER_HOST: {{ .REDIS_HELPER_HOST | default "redis" | quote }} - REDIS_HELPER_PORT: {{ .REDIS_HELPER_PORT | default "6379" | quote }} - REDIS_HOST: {{ .REDIS_HOST | default "redis" | quote }} - REDIS_PORT: {{ .REDIS_PORT | default "6379" | quote }} - REDIS_CHANNEL: {{ .REDIS_CHANNEL | default "TokenStorage_Refresh_Token" | quote }} - {{- end }} - use_inmemory_as_fallover: {{ .Values.environment.IN_MEMORY_AS_FAILOVER | quote }} \ No newline at end of file diff --git a/rds/base/charts/layer3_token_storage/templates/deployment.yaml b/rds/base/charts/layer3_token_storage/templates/deployment.yaml deleted file mode 100644 index 2f7055a..0000000 --- a/rds/base/charts/layer3_token_storage/templates/deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "layer3_token_storage.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer3_token_storage.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: -{{ include "layer3_token_storage.labels" . | indent 6 }} - template: - metadata: - labels: -{{ include "layer3_token_storage.labels" . | indent 8 }} - spec: - initContainers: - - name: deploy - image: redis - command: [ "sh" ] - args: [ "-c", 'while [ "$(redis-cli -h $REDIS_PORT_6379_TCP_ADDR ping)" != "PONG" ]; do sleep 2; done' ] - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "layer3_token_storage.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: proxy - - configMapRef: - name: globalenvvar - - configMapRef: - name: layer3tokenconfig - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - readinessProbe: - httpGet: - path: /metrics - port: http - periodSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rds/base/charts/layer3_token_storage/templates/service.yaml b/rds/base/charts/layer3_token_storage/templates/service.yaml deleted file mode 100644 index 5e7daa6..0000000 --- a/rds/base/charts/layer3_token_storage/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- with .Values.service.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} - name: {{ include "layer3_token_storage.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "layer3_token_storage.labels" . | indent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "layer3_token_storage.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/rds/base/charts/layer3_token_storage/templates/tests/test-connection.yaml b/rds/base/charts/layer3_token_storage/templates/tests/test-connection.yaml deleted file mode 100644 index 91830d0..0000000 --- a/rds/base/charts/layer3_token_storage/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "layer3_token_storage.fullname" . }}-test-research" - labels: -{{ include "layer3_token_storage.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "layer3_token_storage.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/rds/base/charts/layer3_token_storage/values.yaml b/rds/base/charts/layer3_token_storage/values.yaml deleted file mode 100644 index 6fc2d0f..0000000 --- a/rds/base/charts/layer3_token_storage/values.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Default values for layer3_token_storage. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - registry: zivgitlab.wwu.io - repository: sciebo-rds/sciebo-rds/central_service_token_storage - tag: release - pullPolicy: Always - -labels: - app.kubernetes.io/component: research-data-services.org - app.kubernetes.io/part-of: core - research-data-services.org/layer: layer3 - -fullnameOverride: layer3-token-storage - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - annotations: - prometheus.io/scrape: "true" - -domain: localhost -ingress: - tls: - secretName: sciebords-tls-public - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -environment: - # disable IN Memory, when redis is not available. Service will be exited, when in memory not enabled. - IN_MEMORY_AS_FAILOVER: "False" - REDIS_CHANNEL: "TokenStorage_Refresh_Token" diff --git a/rds/base/charts/postgresql/.helmignore b/rds/base/charts/postgresql/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/postgresql/Chart.lock b/rds/base/charts/postgresql/Chart.lock deleted file mode 100644 index dcd041c..0000000 --- a/rds/base/charts/postgresql/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://charts/common - version: 1.10.3 -digest: sha256:82aaf79ebedf82345360ed9d2271ced861bce18bf02165041364808bc5c23c3f -generated: "2023-02-07T10:30:59.478748345+01:00" diff --git a/rds/base/charts/postgresql/Chart.yaml b/rds/base/charts/postgresql/Chart.yaml deleted file mode 100644 index b692733..0000000 --- a/rds/base/charts/postgresql/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 11.14.0 -dependencies: -- name: common - repository: file://charts/common - version: 1.x.x - alias: postgresql-common -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -- https://www.postgresql.org/ -version: 10.14.3 diff --git a/rds/base/charts/postgresql/README.md b/rds/base/charts/postgresql/README.md deleted file mode 100644 index 0f04032..0000000 --- a/rds/base/charts/postgresql/README.md +++ /dev/null @@ -1,816 +0,0 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------ | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `""` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `""` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `""` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `""` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port` | `""` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | -------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### PostgreSQL parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `image.registry` | PostgreSQL image registry | `docker.io` | -| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `11.14.0-debian-10-r17` | -| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify image pull secrets | `[]` | -| `image.debug` | Specify if debug values should be set | `false` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r265` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `lifecycleHooks` | for the PostgreSQL container to automate configuration before or after startup | `{}` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the pod | `1001` | -| `containerSecurityContext.enabled` | Enable container security context | `true` | -| `containerSecurityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of an already existing service account. Setting this value disables the automatic service account creation | `""` | -| `serviceAccount.autoMount` | Auto-mount the service account token in the pod | `false` | -| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.readReplicas` | Number of read replicas replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.readReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `replication.singleService` | Create one service connecting to all read-replicas | `true` | -| `replication.uniqueServices` | Create a unique service for each independent read-replica | `false` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username) | `""` | -| `postgresqlUsername` | PostgreSQL user (has superuser privileges if username is `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | `""` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `""` | -| `usePasswordFile` | Mount PostgreSQL secret as a file instead of passing environment variable | `false` | -| `postgresqlDatabase` | PostgreSQL database | `""` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` | -| `extraEnv` | An array to add extra environment variables | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables | `""` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `""` | -| `postgresqlInitdbWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` | -| `postgresqlConfiguration` | PostgreSQL configuration | `{}` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `{}` | -| `primaryAsStandBy.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` | -| `primaryAsStandBy.primaryHost` | The Host of replication primary in the other cluster | `""` | -| `primaryAsStandBy.primaryPort` | The Port of replication primary in the other cluster | `""` | -| `pgHbaConfiguration` | PostgreSQL client authentication configuration | `""` | -| `configurationConfigMap` | ConfigMap with PostgreSQL configuration | `""` | -| `extendedConfConfigMap` | ConfigMap with PostgreSQL extended configuration | `""` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` | -| `initdbScriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` | -| `initdbUser` | Specify the PostgreSQL username to execute the initdb scripts | `""` | -| `initdbPassword` | Specify the PostgreSQL password to execute the initdb scripts | `""` | -| `containerPorts.postgresql` | PostgreSQL container port | `5432` | -| `audit.logHostname` | Log client hostnames | `false` | -| `audit.logConnections` | Add client log-in operations to the log file | `false` | -| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | -| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` | -| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` | -| `audit.clientMinMessages` | Message log level to share with the user | `error` | -| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` | -| `audit.logTimezone` | Timezone for the log timestamps | `""` | -| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | -| `postgresqlMaxConnections` | Maximum total connections | `""` | -| `postgresqlPostgresConnectionLimit` | Maximum connections for the postgres user | `""` | -| `postgresqlDbUserConnectionLimit` | Maximum connections for the non-admin user | `""` | -| `postgresqlTcpKeepalivesInterval` | TCP keepalives interval | `""` | -| `postgresqlTcpKeepalivesIdle` | TCP keepalives idle | `""` | -| `postgresqlTcpKeepalivesCount` | TCP keepalives count | `""` | -| `postgresqlStatementTimeout` | Statement timeout | `""` | -| `postgresqlPghbaRemoveFilters` | Comma-separated list of patterns to remove from the pg_hba.conf file | `""` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `""` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` | `""` | -| `ldap.server` | IP address or name of the LDAP server. | `""` | -| `ldap.port` | Port number on the LDAP server to connect to | `""` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `""` | -| `ldap.bindDN` | DN of user to bind to LDAP | `""` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `""` | -| `ldap.search_attr` | Attribute to match against the user name in the search | `""` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `""` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` | -| `ldap.tls` | Set to `1` to use TLS encryption | `""` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` | -| `service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for primary and read replica(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Set to `true` to `chmod 777 /dev/shm` on a initContainer (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs. Note that the size of the tmpfs counts against container's memory limit | `""` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `""` | -| `persistence.mountPath` | The path the volume will be mounted at, useful when using different | `/bitnami/postgresql` | -| `persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `""` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | -| `updateStrategy.type` | updateStrategy for PostgreSQL StatefulSet and its reads StatefulSets | `RollingUpdate` | -| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` | -| `primary.extraPodSpec` | Optionally specify extra PodSpec | `{}` | -| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | -| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` | -| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | -| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | -| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` | -| `primary.extraInitContainers` | Extra init containers to add to the pods (postgresql primary) | `[]` | -| `primary.extraVolumeMounts` | Extra volume mounts to add to the pods (postgresql primary) | `[]` | -| `primary.extraVolumes` | Extra volumes to add to the pods (postgresql primary) | `[]` | -| `primary.sidecars` | Extra containers to the pod | `[]` | -| `primary.service.type` | Allows using a different service type for primary | `""` | -| `primary.service.nodePort` | Allows using a different nodePort for primary | `""` | -| `primary.service.clusterIP` | Allows using a different clusterIP for primary | `""` | -| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | -| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` | -| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` | -| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` | -| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec | `{}` | -| `readReplicas.labels` | Map of labels to add to the statefulsets (postgresql readReplicas) | `{}` | -| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` | -| `readReplicas.podLabels` | Map of labels to add to the pods (postgresql readReplicas) | `{}` | -| `readReplicas.podAnnotations` | Map of annotations to add to the pods (postgresql readReplicas) | `{}` | -| `readReplicas.priorityClassName` | Priority Class to use for each pod (postgresql readReplicas) | `""` | -| `readReplicas.extraInitContainers` | Extra init containers to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.extraVolumeMounts` | Extra volume mounts to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.extraVolumes` | Extra volumes to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.sidecars` | Extra containers to the pod | `[]` | -| `readReplicas.service.type` | Allows using a different service type for readReplicas | `""` | -| `readReplicas.service.nodePort` | Allows using a different nodePort for readReplicas | `""` | -| `readReplicas.service.clusterIP` | Allows using a different clusterIP for readReplicas | `""` | -| `readReplicas.persistence.enabled` | Whether to enable PostgreSQL read replicas replicas persistence | `true` | -| `readReplicas.resources` | CPU/Memory resource requests/limits override for readReplicass. Will fallback to `values.resources` if not defined. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.crlFilename` | File containing a Certificate Revocation List | `""` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.resources` | Prometheus exporter container resources | `{}` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `""` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `""` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter image tag (immutable tags are recommended) | `0.10.0-debian-10-r133` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | -| `metrics.customMetrics` | Define additional custom metrics | `{}` | -| `metrics.extraEnvVars` | Extra environment variables to add to postgres-exporter | `[]` | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Customizing primary and read replica services in a replicated configuration - -At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. - -### Use a different PostgreSQL version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can add additional PostgreSQL configuration parameters using the `postgresqlExtendedConf` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. Alternatively, to replace the entire default configuration use `postgresqlConfiguration`. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL primary -primary: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -readReplicas: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` paremeter(s). Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release bitnami/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -#### Breaking changes - -- The term `master` has been replaced with `primary` and `slave` with `readReplicas` throughout the chart. Role names have changed from `master` and `slave` to `primary` and `read`. - -To upgrade to `10.0.0`, it should be done reusing the PVCs used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `postgresql`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: - -```console -$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the PostgreSQL statefulset. Notice the option `--cascade=false`: - -```console -$ kubectl delete statefulsets.apps postgresql-postgresql --cascade=false -``` - -Now the upgrade works: - -```console -$ helm upgrade postgresql bitnami/postgresql --set postgresqlPassword=$POSTGRESQL_PASSWORD --set persistence.existingClaim=$POSTGRESQL_PVC -``` - -You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one - -```console -$ kubectl delete pod postgresql-postgresql-0 -``` - -Finally, you should see the lines below in PostgreSQL container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") -... -postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... -... -``` - -### To 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) - -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running - -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail - -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset - -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works - -```console -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: - -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -### To 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -### To 7.1.0 - -Adds support for LDAP configuration. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -### To 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -### To 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### To 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### To 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### To 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - -- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/rds/base/charts/postgresql/charts/common-1.10.3.tgz b/rds/base/charts/postgresql/charts/common-1.10.3.tgz deleted file mode 100644 index d5aeb7f..0000000 Binary files a/rds/base/charts/postgresql/charts/common-1.10.3.tgz and /dev/null differ diff --git a/rds/base/charts/postgresql/charts/common/.helmignore b/rds/base/charts/postgresql/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/postgresql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/postgresql/charts/common/Chart.yaml b/rds/base/charts/postgresql/charts/common/Chart.yaml deleted file mode 100644 index cf934aa..0000000 --- a/rds/base/charts/postgresql/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.10.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.10.3 diff --git a/rds/base/charts/postgresql/charts/common/README.md b/rds/base/charts/postgresql/charts/common/README.md deleted file mode 100644 index cbbc31d..0000000 --- a/rds/base/charts/postgresql/charts/common/README.md +++ /dev/null @@ -1,328 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-------------------------|------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/rds/base/charts/postgresql/charts/common/templates/_affinities.tpl b/rds/base/charts/postgresql/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_capabilities.tpl b/rds/base/charts/postgresql/charts/common/templates/_capabilities.tpl deleted file mode 100644 index b94212b..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_errors.tpl b/rds/base/charts/postgresql/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_images.tpl b/rds/base/charts/postgresql/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_ingress.tpl b/rds/base/charts/postgresql/charts/common/templates/_ingress.tpl deleted file mode 100644 index f905f20..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_labels.tpl b/rds/base/charts/postgresql/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_names.tpl b/rds/base/charts/postgresql/charts/common/templates/_names.tpl deleted file mode 100644 index cf03231..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_secrets.tpl b/rds/base/charts/postgresql/charts/common/templates/_secrets.tpl deleted file mode 100644 index 60b84a7..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- if index $secret.data .key }} - {{- $password = index $secret.data .key }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_storage.tpl b/rds/base/charts/postgresql/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_tplvalues.tpl b/rds/base/charts/postgresql/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_utils.tpl b/rds/base/charts/postgresql/charts/common/templates/_utils.tpl deleted file mode 100644 index ea083a2..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/_warnings.tpl b/rds/base/charts/postgresql/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index a071ea4..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_redis.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index 5d72959..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis™ required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/templates/validations/_validations.tpl b/rds/base/charts/postgresql/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/rds/base/charts/postgresql/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/charts/common/values.yaml b/rds/base/charts/postgresql/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/rds/base/charts/postgresql/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/rds/base/charts/postgresql/ci/commonAnnotations.yaml b/rds/base/charts/postgresql/ci/commonAnnotations.yaml deleted file mode 100644 index 97e18a4..0000000 --- a/rds/base/charts/postgresql/ci/commonAnnotations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -commonAnnotations: - helm.sh/hook: "\"pre-install, pre-upgrade\"" - helm.sh/hook-weight: "-1" diff --git a/rds/base/charts/postgresql/ci/default-values.yaml b/rds/base/charts/postgresql/ci/default-values.yaml deleted file mode 100644 index fc2ba60..0000000 --- a/rds/base/charts/postgresql/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/rds/base/charts/postgresql/ci/shmvolume-disabled-values.yaml b/rds/base/charts/postgresql/ci/shmvolume-disabled-values.yaml deleted file mode 100644 index 347d3b4..0000000 --- a/rds/base/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -shmVolume: - enabled: false diff --git a/rds/base/charts/postgresql/files/README.md b/rds/base/charts/postgresql/files/README.md deleted file mode 100644 index 1813a2f..0000000 --- a/rds/base/charts/postgresql/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/rds/base/charts/postgresql/files/conf.d/README.md b/rds/base/charts/postgresql/files/conf.d/README.md deleted file mode 100644 index 184c187..0000000 --- a/rds/base/charts/postgresql/files/conf.d/README.md +++ /dev/null @@ -1,4 +0,0 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/rds/base/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/rds/base/charts/postgresql/files/docker-entrypoint-initdb.d/README.md deleted file mode 100644 index cba3809..0000000 --- a/rds/base/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/rds/base/charts/postgresql/templates/NOTES.txt b/rds/base/charts/postgresql/templates/NOTES.txt deleted file mode 100644 index f35ebc5..0000000 --- a/rds/base/charts/postgresql/templates/NOTES.txt +++ /dev/null @@ -1,89 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh - -{{- else }} - -PostgreSQL can be accessed via port {{ template "postgresql.servicePort" . }} on the following DNS names from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} -{{- if .Values.replication.singleService }} - {{ template "common.names.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} -{{- if .Values.replication.uniqueServices }} -{{- $replicaCount := .Values.replication.readReplicas | int }} -{{- $root := . }} -{{- range $i, $e := until $replicaCount }} - {{ template "common.names.fullname" $root }}-read-{{ $i }}.{{ $root.Release.Namespace }}.svc.cluster.local - Read only connection to replica {{ $i }} -{{- end }} -{{- end }} -{{- end }} - -{{- if not (eq (include "postgresql.username" .) "postgres") }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "common.names.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.names.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.servicePort" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.servicePort" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ template "postgresql.servicePort" . }}:{{ template "postgresql.servicePort" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.servicePort" . }} - -{{- end }} -{{- end }} - -{{- include "postgresql.validateValues" . -}} -{{- include "common.warnings.rollingTag" .Values.image -}} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} diff --git a/rds/base/charts/postgresql/templates/_helpers.tpl b/rds/base/charts/postgresql/templates/_helpers.tpl deleted file mode 100644 index 16e4456..0000000 --- a/rds/base/charts/postgresql/templates/_helpers.tpl +++ /dev/null @@ -1,361 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.primary.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "primary" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} -{{- $len := (default 16 .Length) | int -}} -{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} -{{- if $obj }} -{{- index $obj .Key | b64dec -}} -{{- else -}} -{{- randAlphaNum $len -}} -{{- end -}} -{{- end }} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "postgresql-postgres-password") -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "postgresql-password") -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "postgresql-replication-password") -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.servicePort" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- if .Values.tls.autoGenerated }} - {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- if .Values.tls.autoGenerated }} - {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}} -{{- else -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- if .Values.tls.autoGenerated }} - {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}} -{{- else -}} - {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS credentials secret object should be created -*/}} -{{- define "postgresql.createTlsSecret" -}} -{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsSecretName" -}} -{{- if .Values.tls.autoGenerated }} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- else -}} - {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/postgresql/templates/configmap.yaml b/rds/base/charts/postgresql/templates/configmap.yaml deleted file mode 100644 index df8f763..0000000 --- a/rds/base/charts/postgresql/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-configuration - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{- if kindIs "string" $value }} - {{ $key | snakecase }} = '{{ $value }}' - {{- else }} - {{ $key | snakecase }} = {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} diff --git a/rds/base/charts/postgresql/templates/extended-config-configmap.yaml b/rds/base/charts/postgresql/templates/extended-config-configmap.yaml deleted file mode 100644 index abbbf85..0000000 --- a/rds/base/charts/postgresql/templates/extended-config-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-extended-configuration - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{- if kindIs "string" $value }} - {{ $key | snakecase }} = '{{ $value }}' - {{- else }} - {{ $key | snakecase }} = {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/extra-list.yaml b/rds/base/charts/postgresql/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/rds/base/charts/postgresql/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/initialization-configmap.yaml b/rds/base/charts/postgresql/templates/initialization-configmap.yaml deleted file mode 100644 index 3e546fe..0000000 --- a/rds/base/charts/postgresql/templates/initialization-configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-init-scripts - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/metrics-configmap.yaml b/rds/base/charts/postgresql/templates/metrics-configmap.yaml deleted file mode 100644 index b711197..0000000 --- a/rds/base/charts/postgresql/templates/metrics-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/metrics-svc.yaml b/rds/base/charts/postgresql/templates/metrics-svc.yaml deleted file mode 100644 index 203aab2..0000000 --- a/rds/base/charts/postgresql/templates/metrics-svc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: primary -{{- end }} diff --git a/rds/base/charts/postgresql/templates/networkpolicy.yaml b/rds/base/charts/postgresql/templates/networkpolicy.yaml deleted file mode 100644 index 400351e..0000000 --- a/rds/base/charts/postgresql/templates/networkpolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.servicePort" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: read - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9187 - {{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/podsecuritypolicy.yaml b/rds/base/charts/postgresql/templates/podsecuritypolicy.yaml deleted file mode 100644 index 0eefb3b..0000000 --- a/rds/base/charts/postgresql/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.psp.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/rds/base/charts/postgresql/templates/prometheusrule.yaml b/rds/base/charts/postgresql/templates/prometheusrule.yaml deleted file mode 100644 index 1eff223..0000000 --- a/rds/base/charts/postgresql/templates/prometheusrule.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} -{{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace }} -{{- else }} - namespace: {{ .Release.Namespace }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/role.yaml b/rds/base/charts/postgresql/templates/role.yaml deleted file mode 100644 index 1366eda..0000000 --- a/rds/base/charts/postgresql/templates/role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -rules: - {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} - {{- if and $pspAvailable .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "common.names.fullname" . }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/rolebinding.yaml b/rds/base/charts/postgresql/templates/rolebinding.yaml deleted file mode 100644 index 988cb73..0000000 --- a/rds/base/charts/postgresql/templates/rolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "common.names.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/secrets.yaml b/rds/base/charts/postgresql/templates/secrets.yaml deleted file mode 100644 index d73bf2f..0000000 --- a/rds/base/charts/postgresql/templates/secrets.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - {{- if not (eq (include "postgresql.username" .) "postgres") }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/postgresql/templates/serviceaccount.yaml b/rds/base/charts/postgresql/templates/serviceaccount.yaml deleted file mode 100644 index 8e951b8..0000000 --- a/rds/base/charts/postgresql/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/servicemonitor.yaml b/rds/base/charts/postgresql/templates/servicemonitor.yaml deleted file mode 100644 index 60efc80..0000000 --- a/rds/base/charts/postgresql/templates/servicemonitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/statefulset-readreplicas.yaml b/rds/base/charts/postgresql/templates/statefulset-readreplicas.yaml deleted file mode 100644 index ad2a06a..0000000 --- a/rds/base/charts/postgresql/templates/statefulset-readreplicas.yaml +++ /dev/null @@ -1,430 +0,0 @@ -{{- if .Values.replication.enabled }} -{{- $readReplicasResources := coalesce .Values.readReplicas.resources .Values.resources -}} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "common.names.fullname" . }}-read" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: read - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.readReplicas.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.readReplicas.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "common.names.fullname" . }}-headless - replicas: {{ .Values.replication.readReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: read - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: read - role: read - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.readReplicas.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.podLabels "context" $) | nindent 8 }} - {{- end }} -{{- with .Values.readReplicas.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.readReplicas.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.readReplicas.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.readReplicas.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.readReplicas.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.readReplicas.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.readReplicas.extraInitContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.readReplicas.priorityClassName }} - priorityClassName: {{ .Values.readReplicas.priorityClassName }} - {{- end }} - containers: - - name: {{ template "common.names.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if $readReplicasResources }} - resources: {{- toYaml $readReplicasResources | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: {{ .Values.containerPorts.postgresql | quote }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "common.names.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.servicePort" . | quote }} - {{- if not (eq (include "postgresql.username" .) "postgres") }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - - name: POSTGRESQL_LOG_HOSTNAME - value: {{ .Values.audit.logHostname | quote }} - - name: POSTGRESQL_LOG_CONNECTIONS - value: {{ .Values.audit.logConnections | quote }} - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: {{ .Values.audit.logDisconnections | quote }} - {{- if .Values.audit.logLinePrefix }} - - name: POSTGRESQL_LOG_LINE_PREFIX - value: {{ .Values.audit.logLinePrefix | quote }} - {{- end }} - {{- if .Values.audit.logTimezone }} - - name: POSTGRESQL_LOG_TIMEZONE - value: {{ .Values.audit.logTimezone | quote }} - {{- end }} - {{- if .Values.audit.pgAuditLog }} - - name: POSTGRESQL_PGAUDIT_LOG - value: {{ .Values.audit.pgAuditLog | quote }} - {{- end }} - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: {{ .Values.audit.pgAuditLogCatalog | quote }} - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: {{ .Values.audit.clientMinMessages | quote }} - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} - {{- if .Values.postgresqlMaxConnections }} - - name: POSTGRESQL_MAX_CONNECTIONS - value: {{ .Values.postgresqlMaxConnections | quote }} - {{- end }} - {{- if .Values.postgresqlPostgresConnectionLimit }} - - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT - value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlDbUserConnectionLimit }} - - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT - value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesInterval }} - - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL - value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesIdle }} - - name: POSTGRESQL_TCP_KEEPALIVES_IDLE - value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} - {{- end }} - {{- if .Values.postgresqlStatementTimeout }} - - name: POSTGRESQL_STATEMENT_TIMEOUT - value: {{ .Values.postgresqlStatementTimeout | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesCount }} - - name: POSTGRESQL_TCP_KEEPALIVES_COUNT - value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} - {{- end }} - {{- if .Values.postgresqlPghbaRemoveFilters }} - - name: POSTGRESQL_PGHBA_REMOVE_FILTERS - value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ .Values.containerPorts.postgresql }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.readReplicas.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} -{{- if .Values.readReplicas.sidecars }} -{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ template "postgresql.tlsSecretName" . }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.readReplicas.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.readReplicas.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.readReplicas.extraPodSpec }} - {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.readReplicas.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} -{{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/statefulset.yaml b/rds/base/charts/postgresql/templates/statefulset.yaml deleted file mode 100644 index 49afa54..0000000 --- a/rds/base/charts/postgresql/templates/statefulset.yaml +++ /dev/null @@ -1,636 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.primary.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.primary.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "common.names.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: primary - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: primary - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- with .Values.primary.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.primary.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.primary.extraInitContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.primary.priorityClassName }} - priorityClassName: {{ .Values.primary.priorityClassName }} - {{- end }} - containers: - - name: {{ template "common.names.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: {{ .Values.containerPorts.postgresql | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.primaryAsStandBy.enabled }} - - name: POSTGRES_MASTER_HOST - value: {{ .Values.primaryAsStandBy.primaryHost }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ .Values.primaryAsStandBy.primaryPort | quote }} - {{- end }} - {{- if or .Values.replication.enabled .Values.primaryAsStandBy.enabled }} - - name: POSTGRES_REPLICATION_MODE - {{- if .Values.primaryAsStandBy.enabled }} - value: "slave" - {{- else }} - value: "master" - {{- end }} - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if not (eq (include "postgresql.username" .) "postgres") }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end }} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote }} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - - name: POSTGRESQL_LOG_HOSTNAME - value: {{ .Values.audit.logHostname | quote }} - - name: POSTGRESQL_LOG_CONNECTIONS - value: {{ .Values.audit.logConnections | quote }} - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: {{ .Values.audit.logDisconnections | quote }} - {{- if .Values.audit.logLinePrefix }} - - name: POSTGRESQL_LOG_LINE_PREFIX - value: {{ .Values.audit.logLinePrefix | quote }} - {{- end }} - {{- if .Values.audit.logTimezone }} - - name: POSTGRESQL_LOG_TIMEZONE - value: {{ .Values.audit.logTimezone | quote }} - {{- end }} - {{- if .Values.audit.pgAuditLog }} - - name: POSTGRESQL_PGAUDIT_LOG - value: {{ .Values.audit.pgAuditLog | quote }} - {{- end }} - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: {{ .Values.audit.pgAuditLogCatalog | quote }} - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: {{ .Values.audit.clientMinMessages | quote }} - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} - {{- if .Values.postgresqlMaxConnections }} - - name: POSTGRESQL_MAX_CONNECTIONS - value: {{ .Values.postgresqlMaxConnections | quote }} - {{- end }} - {{- if .Values.postgresqlPostgresConnectionLimit }} - - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT - value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlDbUserConnectionLimit }} - - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT - value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesInterval }} - - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL - value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesIdle }} - - name: POSTGRESQL_TCP_KEEPALIVES_IDLE - value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} - {{- end }} - {{- if .Values.postgresqlStatementTimeout }} - - name: POSTGRESQL_STATEMENT_TIMEOUT - value: {{ .Values.postgresqlStatementTimeout | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesCount }} - - name: POSTGRESQL_TCP_KEEPALIVES_COUNT - value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} - {{- end }} - {{- if .Values.postgresqlPghbaRemoveFilters }} - - name: POSTGRESQL_PGHBA_REMOVE_FILTERS - value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ .Values.containerPorts.postgresql }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- end }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} -{{- if .Values.primary.sidecars }} -{{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: {{- omit .Values.metrics.securityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.servicePort" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.servicePort" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ template "postgresql.tlsSecretName" . }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory -{{- with .Values.shmVolume.sizeLimit }} - sizeLimit: {{ . }} -{{- end }} - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- if .Values.primary.extraPodSpec }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} - {{- end }} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/svc-headless.yaml b/rds/base/charts/postgresql/templates/svc-headless.yaml deleted file mode 100644 index fbbfd40..0000000 --- a/rds/base/charts/postgresql/templates/svc-headless.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - # Use this annotation in addition to the actual publishNotReadyAddresses - # field below because the annotation will stop being respected soon but the - # field is broken in some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - namespace: {{ .Release.Namespace }} -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: {{ template "postgresql.servicePort" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/rds/base/charts/postgresql/templates/svc-read-set.yaml b/rds/base/charts/postgresql/templates/svc-read-set.yaml deleted file mode 100644 index 1808bd1..0000000 --- a/rds/base/charts/postgresql/templates/svc-read-set.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and .Values.replication.enabled .Values.replication.uniqueServices }} -{{- $serviceAnnotations := coalesce .Values.readReplicas.service.annotations .Values.service.annotations -}} - -{{- $fullName := include "common.names.fullname" . }} -{{- $replicaCount := .Values.replication.readReplicas | int }} -{{- $root := . }} - -{{- range $i, $e := until $replicaCount }} -{{- $targetPod := printf "%s-read-%d" (printf "%s" $fullName) $i }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }}-read-{{ $i }} - namespace: {{ .Release.Namespace }} - labels: - pod: {{ $targetPod }} - {{- include "common.labels.standard" $root | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} - namespace: {{ $root.Release.Namespace }} -spec: - type: ClusterIP - ports: - - name: tcp-postgresql - port: {{ template "postgresql.servicePort" $root }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" $root | nindent 4 }} - role: read - statefulset.kubernetes.io/pod-name: {{ $targetPod }} - -{{- end }} -{{- end }} diff --git a/rds/base/charts/postgresql/templates/svc-read.yaml b/rds/base/charts/postgresql/templates/svc-read.yaml deleted file mode 100644 index ed1005f..0000000 --- a/rds/base/charts/postgresql/templates/svc-read.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.replication.enabled .Values.replication.singleService }} -{{- $serviceAnnotations := coalesce .Values.readReplicas.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.readReplicas.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.readReplicas.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.readReplicas.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.readReplicas.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.readReplicas.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.servicePort" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: read -{{- end }} diff --git a/rds/base/charts/postgresql/templates/svc.yaml b/rds/base/charts/postgresql/templates/svc.yaml deleted file mode 100644 index a47efb9..0000000 --- a/rds/base/charts/postgresql/templates/svc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- $serviceAnnotations := coalesce .Values.primary.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.primary.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.primary.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.primary.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.primary.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.primary.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.servicePort" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: primary diff --git a/rds/base/charts/postgresql/templates/tls-secrets.yaml b/rds/base/charts/postgresql/templates/tls-secrets.yaml deleted file mode 100644 index c1e9ef2..0000000 --- a/rds/base/charts/postgresql/templates/tls-secrets.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if (include "postgresql.createTlsSecret" . )}} -{{- $ca := genCA "postgresql-ca" 365 }} -{{- $fullname := include "common.names.fullname" . }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} -{{- end }} diff --git a/rds/base/charts/postgresql/values.schema.json b/rds/base/charts/postgresql/values.schema.json deleted file mode 100644 index 66a2a9d..0000000 --- a/rds/base/charts/postgresql/values.schema.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "readReplicas": { - "type": "integer", - "title": "read Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/rds/base/charts/postgresql/values.yaml b/rds/base/charts/postgresql/values.yaml deleted file mode 100644 index b6f6d5e..0000000 --- a/rds/base/charts/postgresql/values.yaml +++ /dev/null @@ -1,996 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## @param global.postgresql.postgresqlDatabase PostgreSQL database (overrides `postgresqlDatabase`) - ## @param global.postgresql.postgresqlUsername PostgreSQL username (overrides `postgresqlUsername`) - ## @param global.postgresql.existingSecret Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) - ## @param global.postgresql.postgresqlPassword PostgreSQL admin password (overrides `postgresqlPassword`) - ## @param global.postgresql.servicePort PostgreSQL port (overrides `service.port` - ## @param global.postgresql.replicationPassword Replication user password (overrides `replication.password`) - ## - postgresql: - postgresqlDatabase: "" - postgresqlUsername: "" - existingSecret: "" - postgresqlPassword: "" - servicePort: "" - replicationPassword: "" - -## @section Common parameters -## - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section PostgreSQL parameters -## - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## @param image.registry PostgreSQL image registry -## @param image.repository PostgreSQL image repository -## @param image.tag PostgreSQL image tag (immutable tags are recommended) -## @param image.pullPolicy PostgreSQL image pull policy -## @param image.pullSecrets Specify image pull secrets -## @param image.debug Specify if debug values should be set -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.14.0-debian-10-r21 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r299 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container Security Context - ## @param volumePermissions.securityContext.runAsUser User ID for the init container - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 -## @param schedulerName Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param lifecycleHooks for the PostgreSQL container to automate configuration before or after startup -## -lifecycleHooks: {} -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param securityContext.enabled Enable security context -## @param securityContext.fsGroup Group ID for the pod -## -securityContext: - enabled: true - fsGroup: 1001 -## Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param containerSecurityContext.enabled Enable container security context -## @param containerSecurityContext.runAsUser User ID for the container -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.enabled Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) - ## - enabled: false - ## @param serviceAccount.name Name of an already existing service account. Setting this value disables the automatic service account creation - ## - name: "" - ## @param serviceAccount.autoMount Auto-mount the service account token in the pod - ## - autoMount: false -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later -## -psp: - create: false -## Creates role for ServiceAccount -## Required for PSP -## @param rbac.create Create Role and RoleBinding (required for PSP to work) -## -rbac: - create: false -## @param replication.enabled Enable replication -## @param replication.user Replication user -## @param replication.password Replication user password -## @param replication.readReplicas Number of read replicas replicas -## @param replication.synchronousCommit Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` -## @param replication.numSynchronousReplicas Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.readReplicas`. -## @param replication.applicationName Cluster application name. Useful for advanced replication settings -## @param replication.singleService Create one service connecting to all read-replicas -## @param replication.uniqueServices Create a unique service for each independent read-replica -## -replication: - enabled: false - user: repl_user - password: repl_password - readReplicas: 1 - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - ## - synchronousCommit: "off" - ## NOTE: It cannot be > readReplicas - ## - numSynchronousReplicas: 0 - applicationName: my_application - singleService: true - uniqueServices: false -## @param postgresqlPostgresPassword PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -## -postgresqlPostgresPassword: "" -## @param postgresqlUsername PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -postgresqlUsername: postgres -## @param postgresqlPassword PostgreSQL user password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -postgresqlPassword: "" -## @param existingSecret Name of existing secret to use for PostgreSQL passwords -## The secret has to contain the keys postgresql-password which is the password for postgresqlUsername when it is -## different of postgres, postgresql-postgres-password which will override postgresqlPassword, -## postgresql-replication-password which will override replication.password and postgresql-ldap-password which will be -## used to authenticate on LDAP. The value is evaluated as a template. -## e.g: -## existingSecret: secret -## -existingSecret: "" -## @param usePasswordFile Mount PostgreSQL secret as a file instead of passing environment variable -## -usePasswordFile: false -## @param postgresqlDatabase PostgreSQL database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -postgresqlDatabase: "" -## @param postgresqlDataDir PostgreSQL data dir folder -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data -## @param extraEnv An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -extraEnv: [] -## @param extraEnvVarsCM Name of a Config Map containing extra environment variables -## -extraEnvVarsCM: "" -## @param postgresqlInitdbArgs PostgreSQL initdb extra arguments -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlInitdbArgs: "" -## @param postgresqlInitdbWalDir Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlInitdbWalDir: "" -## @param postgresqlConfiguration PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -postgresqlConfiguration: {} -## @param postgresqlExtendedConf Extended Runtime Config Parameters (appended to main or default configuration) -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -postgresqlExtendedConf: {} -## Configure current cluster's primary server to be the standby server in other cluster. -## This will allow cross cluster replication and provide cross cluster high availability. -## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. -## @param primaryAsStandBy.enabled Whether to enable current cluster's primary as standby server of another cluster or not -## @param primaryAsStandBy.primaryHost The Host of replication primary in the other cluster -## @param primaryAsStandBy.primaryPort The Port of replication primary in the other cluster -## -primaryAsStandBy: - enabled: false - primaryHost: "" - primaryPort: "" -## @param pgHbaConfiguration PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -## pgHbaConfiguration: |- -## local all all trust -## host all all localhost trust -## host mydatabase mysuser 192.168.0.0/24 md5 -## -pgHbaConfiguration: "" -## @param configurationConfigMap ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -## -configurationConfigMap: "" -## @param extendedConfConfigMap ConfigMap with PostgreSQL extended configuration -## -extendedConfConfigMap: "" -## @param initdbScripts Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## e.g: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/sh -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -## -initdbScriptsConfigMap: "" -## @param initdbScriptsSecret Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -## -initdbScriptsSecret: "" -## @param initdbUser Specify the PostgreSQL username to execute the initdb scripts -## -initdbUser: "" -## @param initdbPassword Specify the PostgreSQL password to execute the initdb scripts -## -initdbPassword: "" - -## @param containerPorts.postgresql PostgreSQL container port -## -containerPorts: - postgresql: 5432 -## Audit settings -## https://github.com/bitnami/bitnami-docker-postgresql#auditing -## -audit: - ## @param audit.logHostname Log client hostnames - ## - logHostname: false - ## @param audit.logConnections Add client log-in operations to the log file - ## - logConnections: false - ## @param audit.logDisconnections Add client log-outs operations to the log file - ## - logDisconnections: false - ## @param audit.pgAuditLog Add operations to log using the pgAudit extension - ## - pgAuditLog: "" - ## @param audit.pgAuditLogCatalog Log catalog using pgAudit - ## - pgAuditLogCatalog: "off" - ## @param audit.clientMinMessages Message log level to share with the user - ## - clientMinMessages: error - ## @param audit.logLinePrefix Template for log line prefix (default if not set) - ## - logLinePrefix: "" - ## @param audit.logTimezone Timezone for the log timestamps - ## - logTimezone: "" -## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list) -## -postgresqlSharedPreloadLibraries: "pgaudit" -## @param postgresqlMaxConnections Maximum total connections -## -postgresqlMaxConnections: "" -## @param postgresqlPostgresConnectionLimit Maximum connections for the postgres user -## -postgresqlPostgresConnectionLimit: "" -## @param postgresqlDbUserConnectionLimit Maximum connections for the non-admin user -## -postgresqlDbUserConnectionLimit: "" -## @param postgresqlTcpKeepalivesInterval TCP keepalives interval -## -postgresqlTcpKeepalivesInterval: "" -## @param postgresqlTcpKeepalivesIdle TCP keepalives idle -## -postgresqlTcpKeepalivesIdle: "" -## @param postgresqlTcpKeepalivesCount TCP keepalives count -## -postgresqlTcpKeepalivesCount: "" -## @param postgresqlStatementTimeout Statement timeout -## -postgresqlStatementTimeout: "" -## @param postgresqlPghbaRemoveFilters Comma-separated list of patterns to remove from the pg_hba.conf file -## Cannot be used with custom pg_hba.conf -## -postgresqlPghbaRemoveFilters: "" -## @param terminationGracePeriodSeconds Seconds the pod needs to terminate gracefully -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## e.g: -## terminationGracePeriodSeconds: 30 -## -terminationGracePeriodSeconds: "" -## LDAP configuration -## @param ldap.enabled Enable LDAP support -## @param ldap.url LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` -## @param ldap.server IP address or name of the LDAP server. -## @param ldap.port Port number on the LDAP server to connect to -## @param ldap.prefix String to prepend to the user name when forming the DN to bind -## @param ldap.suffix String to append to the user name when forming the DN to bind -## @param ldap.baseDN Root DN to begin the search for the user in -## @param ldap.bindDN DN of user to bind to LDAP -## @param ldap.bind_password Password for the user to bind to LDAP -## @param ldap.search_attr Attribute to match against the user name in the search -## @param ldap.search_filter The search filter to use when doing search+bind authentication -## @param ldap.scheme Set to `ldaps` to use LDAPS -## @param ldap.tls Set to `1` to use TLS encryption -## -ldap: - enabled: false - url: "" - server: "" - port: "" - prefix: "" - suffix: "" - baseDN: "" - bindDN: "" - bind_password: "" - search_attr: "" - search_filter: "" - scheme: "" - tls: "" -## PostgreSQL service configuration -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.clusterIP Static clusterIP or None for headless services - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.port PostgreSQL port - ## - port: 5432 - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.annotations Annotations for PostgreSQL service - ## - annotations: {} - ## @param service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] -## Start primary and read(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for primary and read replica(s) Pod(s) - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove the above limitation. - ## - enabled: true - ## @param shmVolume.chmod.enabled Set to `true` to `chmod 777 /dev/shm` on a initContainer (ignored if `volumePermissions.enabled` is `false`) - ## - chmod: - enabled: true - ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs. Note that the size of the tmpfs counts against container's memory limit - ## e.g: - ## sizeLimit: 1Gi - ## - sizeLimit: "" -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - existingClaim: "" - ## @param persistence.mountPath The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services - ## - subPath: "" - ## @param persistence.storageClass PVC Storage Class for PostgreSQL volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessModes PVC Access Mode for PostgreSQL volume - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for PostgreSQL volume - ## - size: 8Gi - ## @param persistence.annotations Annotations for the PVC - ## - annotations: {} - ## @param persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} -## @param updateStrategy.type updateStrategy for PostgreSQL StatefulSet and its reads StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: - type: RollingUpdate -## -## PostgreSQL Primary parameters -## -primary: - ## @param primary.podAffinityPreset PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param primary.podAntiAffinityPreset PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## PostgreSQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param primary.nodeAffinityPreset.type PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param primary.nodeAffinityPreset.key PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param primary.nodeAffinityPreset.values PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param primary.affinity Affinity for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param primary.extraPodSpec Optionally specify extra PodSpec - ## - extraPodSpec: {} - ## @param primary.labels Map of labels to add to the statefulset (postgresql primary) - ## - labels: {} - ## @param primary.annotations Annotations for PostgreSQL primary pods - ## - annotations: {} - ## @param primary.podLabels Map of labels to add to the pods (postgresql primary) - ## - podLabels: {} - ## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary) - ## - podAnnotations: {} - ## @param primary.priorityClassName Priority Class to use for each pod (postgresql primary) - ## - priorityClassName: "" - ## @param primary.extraInitContainers Extra init containers to add to the pods (postgresql primary) - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - ## - extraInitContainers: [] - ## @param primary.extraVolumeMounts Extra volume mounts to add to the pods (postgresql primary) - ## - extraVolumeMounts: [] - ## @param primary.extraVolumes Extra volumes to add to the pods (postgresql primary) - ## - extraVolumes: [] - ## @param primary.sidecars Extra containers to the pod - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Override the service configuration for primary - ## @param primary.service.type Allows using a different service type for primary - ## @param primary.service.nodePort Allows using a different nodePort for primary - ## @param primary.service.clusterIP Allows using a different clusterIP for primary - ## - service: - type: "" - nodePort: "" - clusterIP: "" -## PostgreSQL read only replica parameters -## -readReplicas: - ## @param readReplicas.podAffinityPreset PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param readReplicas.podAntiAffinityPreset PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## PostgreSQL read only node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param readReplicas.nodeAffinityPreset.type PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param readReplicas.nodeAffinityPreset.key PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param readReplicas.nodeAffinityPreset.values PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param readReplicas.affinity Affinity for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: readReplicas.podAffinityPreset, readReplicas.podAntiAffinityPreset, and readReplicas.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param readReplicas.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods - ## - topologySpreadConstraints: [] - ## @param readReplicas.extraPodSpec Optionally specify extra PodSpec - ## - extraPodSpec: {} - ## @param readReplicas.labels Map of labels to add to the statefulsets (postgresql readReplicas) - ## - labels: {} - ## @param readReplicas.annotations Annotations for PostgreSQL read only pods - ## - annotations: {} - ## @param readReplicas.podLabels Map of labels to add to the pods (postgresql readReplicas) - ## - podLabels: {} - ## @param readReplicas.podAnnotations Map of annotations to add to the pods (postgresql readReplicas) - ## - podAnnotations: {} - ## @param readReplicas.priorityClassName Priority Class to use for each pod (postgresql readReplicas) - ## - priorityClassName: "" - ## @param readReplicas.extraInitContainers Extra init containers to add to the pods (postgresql readReplicas) - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - ## - extraInitContainers: [] - ## @param readReplicas.extraVolumeMounts Extra volume mounts to add to the pods (postgresql readReplicas) - ## - extraVolumeMounts: [] - ## @param readReplicas.extraVolumes Extra volumes to add to the pods (postgresql readReplicas) - ## - extraVolumes: [] - ## @param readReplicas.sidecars Extra containers to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Override the service configuration for read - ## @param readReplicas.service.type Allows using a different service type for readReplicas - ## @param readReplicas.service.nodePort Allows using a different nodePort for readReplicas - ## @param readReplicas.service.clusterIP Allows using a different clusterIP for readReplicas - ## - service: - type: "" - nodePort: "" - clusterIP: "" - ## @param readReplicas.persistence.enabled Whether to enable PostgreSQL read replicas replicas persistence - ## - persistence: - enabled: true - ## @param readReplicas.resources CPU/Memory resource requests/limits override for readReplicass. Will fallback to `values.resources` if not defined. - ## - resources: {} -## Configure resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] The requested resources for the container -## -resources: - requests: - memory: 256Mi - cpu: 250m -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS traffic support - ## - enabled: false - ## @param tls.autoGenerated Generate automatically self-signed TLS certificates - ## - autoGenerated: false - ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's - ## - preferServerCiphers: true - ## @param tls.certificatesSecret Name of an existing secret that contains the certificates - ## - certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html - ## - certCAFilename: "" - ## @param tls.crlFilename File containing a Certificate Revocation List - ## - crlFilename: "" -## Configure metrics exporter -## -metrics: - ## @param metrics.enabled Start a prometheus exporter - ## - enabled: false - ## @param metrics.resources Prometheus exporter container resources - ## - resources: {} - ## @param metrics.service.type Kubernetes Service type - ## @param metrics.service.annotations [object] Additional annotations for metrics exporter pod - ## @param metrics.service.loadBalancerIP loadBalancerIP if redis metrics service type is `LoadBalancer` - ## - service: - type: ClusterIP - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" - loadBalancerIP: "" - ## @param metrics.serviceMonitor.enabled Set this to `true` to create ServiceMonitor for Prometheus operator - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus - ## @param metrics.serviceMonitor.namespace Optional namespace in which to create ServiceMonitor - ## @param metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## @param metrics.serviceMonitor.scrapeTimeout Scrape timeout. If not set, the Prometheus default scrape timeout is used - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - serviceMonitor: - enabled: false - additionalLabels: {} - namespace: "" - interval: "" - scrapeTimeout: "" - relabelings: [] - metricRelabelings: [] - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## - enabled: false - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created - ## - namespace: "" - ## @param metrics.prometheusRule.rules Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "common.names.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - ## - rules: [] - ## @param metrics.image.registry PostgreSQL Exporter image registry - ## @param metrics.image.repository PostgreSQL Exporter image repository - ## @param metrics.image.tag PostgreSQL Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy PostgreSQL Exporter image pull policy - ## @param metrics.image.pullSecrets Specify image pull secrets - ## - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.10.0-debian-10-r166 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.customMetrics Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - ## customMetrics: - ## pg_database: - ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - ## metrics: - ## - name: - ## usage: "LABEL" - ## description: "Name of the database" - ## - size_bytes: - ## usage: "GAUGE" - ## description: "Size of the database in bytes" - ## - customMetrics: {} - ## @param metrics.extraEnvVars Extra environment variables to add to postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - ## extraEnvVars: - ## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - ## value: "true" - ## - extraEnvVars: [] - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param metrics.securityContext.enabled Enable security context for metrics - ## @param metrics.securityContext.runAsUser User ID for the container for metrics - ## - securityContext: - enabled: false - runAsUser: 1001 - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/rds/base/charts/redis-cluster/.helmignore b/rds/base/charts/redis-cluster/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/redis-cluster/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/redis-cluster/Chart.lock b/rds/base/charts/redis-cluster/Chart.lock deleted file mode 100644 index cfa9923..0000000 --- a/rds/base/charts/redis-cluster/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://charts/common - version: 1.16.0 -digest: sha256:8cbf195631894434137a5801072c21fbcff43915de298ab2664725c5492fa7d0 -generated: "2023-02-07T10:31:00.441718631+01:00" diff --git a/rds/base/charts/redis-cluster/Chart.yaml b/rds/base/charts/redis-cluster/Chart.yaml deleted file mode 100644 index 0eda7ff..0000000 --- a/rds/base/charts/redis-cluster/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 6.2.7 -dependencies: -- name: common - repository: file://charts/common - tags: - - bitnami-common - alias: redis-cluster-common - version: 1.x.x -description: Redis(R) is an open source, scalable, distributed in-memory cache for - applications. It can be used to store and serve data in the form of strings, hashes, - lists, sets and sorted sets. -home: https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster -icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png -keywords: -- redis -- keyvalue -- database -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: redis-cluster -sources: -- https://github.com/bitnami/bitnami-docker-redis -- http://redis.io/ -version: 7.6.4 diff --git a/rds/base/charts/redis-cluster/README.md b/rds/base/charts/redis-cluster/README.md deleted file mode 100644 index f4d7a8d..0000000 --- a/rds/base/charts/redis-cluster/README.md +++ /dev/null @@ -1,682 +0,0 @@ - - -# Bitnami package for Redis(R) Cluster - -Redis(R) is an open source, scalable, distributed in-memory cache for applications. It can be used to store and serve data in the form of strings, hashes, lists, sets and sorted sets. - -[Overview of Redis® Cluster](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/redis-cluster -``` - -## Introduction - -This chart bootstraps a [Redis®](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -### Choose between Redis® Helm Chart and Redis® Cluster Helm Chart - -You can choose any of the two Redis® Helm charts for deploying a Redis® cluster. -While [Redis® Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-slave cluster using Redis® Sentinel, the [Redis® Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis® Cluster with sharding. -The main features of each chart are the following: - -| Redis® | Redis® Cluster | -|--------------------------------------------------------|------------------------------------------------------------------------| -| Supports multiple databases | Supports only one database. Better if you have a big dataset | -| Single write point (single master) | Multiple write points (multiple masters) | -| ![Redis® Topology](img/redis-topology.png) | ![Redis® Cluster Topology](img/redis-cluster-topology.png) | - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/redis-cluster -``` - -The command deploys Redis® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -NOTE: if you get a timeout error waiting for the hook to complete increase the default timeout (300s) to a higher one, for example: - -``` -helm install --timeout 600s myrelease bitnami/redis-cluster -``` - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.redis.password` | Redis® password (overrides `password`) | `""` | - - -### Redis® Cluster Common parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | -| `image.registry` | Redis® cluster image registry | `docker.io` | -| `image.repository` | Redis® cluster image repository | `bitnami/redis-cluster` | -| `image.tag` | Redis® cluster image tag (immutable tags are recommended) | `6.2.7-debian-11-r9` | -| `image.pullPolicy` | Redis® cluster image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | The Policy model to apply. Don't require client label for connections | `true` | -| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespacess. Just set label for namespace and set label for pods (optional). | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | -| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.role.rules` | Rules to create. It follows the role specification | `[]` | -| `podSecurityContext.enabled` | Enable Redis® pod Security Context | `true` | -| `podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `podSecurityContext.runAsUser` | User ID for the pods | `1001` | -| `podSecurityContext.sysctls` | Set namespaced sysctls for the pods | `[]` | -| `podDisruptionBudget` | Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions | `{}` | -| `minAvailable` | Min number of pods that must still be available after the eviction | `""` | -| `maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `containerSecurityContext.enabled` | Enable Containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | User ID for the containers. | `1001` | -| `containerSecurityContext.runAsNonRoot` | Run container as non root | `true` | -| `usePassword` | Use password authentication | `true` | -| `password` | Redis® password (ignored if existingSecret set) | `""` | -| `existingSecret` | Name of existing secret object (for password authentication) | `""` | -| `existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | -| `usePasswordFile` | Mount passwords as files instead of environment variables | `false` | -| `tls.enabled` | Enable TLS support for replication traffic | `false` | -| `tls.authClients` | Require clients to authenticate or not | `true` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certificatesSecret` | DEPRECATED. Use tls.existingSecret instead | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | -| `service.ports.redis` | Kubernetes Redis service port | `6379` | -| `service.nodePorts.redis` | Node port for Redis | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `service.labels` | Additional labels for redis service | `{}` | -| `service.type` | Service type for default redis service | `ClusterIP` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.loadBalancerIP` | Load balancer IP if `service.type` is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `persistence.path` | Path to mount the volume at, to use other images Redis® images. | `/bitnami/redis/data` | -| `persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""` | -| `persistence.storageClass` | Storage class of backing PVC | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.matchLabels` | Persistent Volume selectors | `{}` | -| `persistence.matchExpressions` | matchExpressions Persistent Volume selectors | `{}` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r10` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | - - -### Redis® statefulset parameters - -| Name | Description | Value | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- | -| `redis.command` | Redis® entrypoint string. The command `redis-server` is executed if this is not provided | `[]` | -| `redis.args` | Arguments for the provided command if needed | `[]` | -| `redis.updateStrategy.type` | Argo Workflows statefulset strategy type | `RollingUpdate` | -| `redis.updateStrategy.rollingUpdate.partition` | Partition update strategy | `0` | -| `redis.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | -| `redis.hostAliases` | Deployment pod host aliases | `[]` | -| `redis.hostNetwork` | Host networking requested for this pod. Use the host's network namespace. | `false` | -| `redis.useAOFPersistence` | Whether to use AOF Persistence mode or not | `yes` | -| `redis.containerPorts.redis` | Redis® port | `6379` | -| `redis.containerPorts.bus` | The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379 | `16379` | -| `redis.lifecycleHooks` | LifecycleHook to set additional configuration before or after startup. Evaluated as a template | `{}` | -| `redis.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `redis.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `redis.customLivenessProbe` | Override default liveness probe | `{}` | -| `redis.customReadinessProbe` | Override default readiness probe | `{}` | -| `redis.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `redis.initContainers` | Extra init containers to add to the deployment | `[]` | -| `redis.sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `redis.podLabels` | Additional labels for Redis® pod | `{}` | -| `redis.priorityClassName` | Redis® Master pod priorityClassName | `""` | -| `redis.configmap` | Additional Redis® configuration for the nodes | `""` | -| `redis.extraEnvVars` | An array to add extra environment variables | `[]` | -| `redis.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `redis.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `redis.podAnnotations` | Redis® additional annotations | `{}` | -| `redis.resources.limits` | The resources limits for the container | `{}` | -| `redis.resources.requests` | The requested resources for the container | `{}` | -| `redis.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `redis.shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | -| `redis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `redis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `redis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `redis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `redis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `redis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `redis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `redis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `redis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `redis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `redis.startupProbe.enabled` | Enable startupProbe | `false` | -| `redis.startupProbe.path` | Path to check for startupProbe | `/` | -| `redis.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `300` | -| `redis.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `redis.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `redis.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `redis.podAffinityPreset` | Redis® pod affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `redis.podAntiAffinityPreset` | Redis® pod anti-affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `redis.nodeAffinityPreset.type` | Redis® node affinity preset type. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `redis.nodeAffinityPreset.key` | Redis® node label key to match Ignored if `redis.affinity` is set. | `""` | -| `redis.nodeAffinityPreset.values` | Redis® node label values to match. Ignored if `redis.affinity` is set. | `[]` | -| `redis.affinity` | Affinity settings for Redis® pod assignment | `{}` | -| `redis.nodeSelector` | Node labels for Redis® pods assignment | `{}` | -| `redis.tolerations` | Tolerations for Redis® pods assignment | `[]` | -| `redis.topologySpreadConstraints` | Pod topology spread constraints for Redis® pod | `[]` | - - -### Cluster update job parameters - -| Name | Description | Value | -| ------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------ | -| `updateJob.activeDeadlineSeconds` | Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready. | `600` | -| `updateJob.command` | Container command (using container default if not set) | `[]` | -| `updateJob.args` | Container args (using container default if not set) | `[]` | -| `updateJob.hostAliases` | Deployment pod host aliases | `[]` | -| `updateJob.annotations` | Job annotations | `{}` | -| `updateJob.podAnnotations` | Job pod annotations | `{}` | -| `updateJob.podLabels` | Pod extra labels | `{}` | -| `updateJob.extraEnvVars` | An array to add extra environment variables | `[]` | -| `updateJob.extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` | -| `updateJob.extraEnvVarsSecret` | Secret containing extra environment variables | `""` | -| `updateJob.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `updateJob.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `updateJob.initContainers` | Extra init containers to add to the deployment | `[]` | -| `updateJob.podAffinityPreset` | Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `updateJob.podAntiAffinityPreset` | Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `updateJob.nodeAffinityPreset.type` | Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `updateJob.nodeAffinityPreset.key` | Update job node label key to match Ignored if `updateJob.affinity` is set. | `""` | -| `updateJob.nodeAffinityPreset.values` | Update job node label values to match. Ignored if `updateJob.affinity` is set. | `[]` | -| `updateJob.affinity` | Affinity for update job pods assignment | `{}` | -| `updateJob.nodeSelector` | Node labels for update job pods assignment | `{}` | -| `updateJob.tolerations` | Tolerations for update job pods assignment | `[]` | -| `updateJob.priorityClassName` | Priority class name | `""` | -| `updateJob.resources.limits` | The resources limits for the container | `{}` | -| `updateJob.resources.requests` | The requested resources for the container | `{}` | - - -### Cluster management parameters - -| Name | Description | Value | -| --------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -------------- | -| `cluster.init` | Enable the initialization of the Redis® Cluster | `true` | -| `cluster.nodes` | The number of master nodes should always be >= 3, otherwise cluster creation will fail | `6` | -| `cluster.replicas` | Number of replicas for every master in the cluster | `1` | -| `cluster.externalAccess.enabled` | Enable access to the Redis | `false` | -| `cluster.externalAccess.service.type` | Type for the services used to expose every Pod | `LoadBalancer` | -| `cluster.externalAccess.service.port` | Port for the services used to expose every Pod | `6379` | -| `cluster.externalAccess.service.loadBalancerIP` | Array of load balancer IPs for each Redis® node. Length must be the same as cluster.nodes | `[]` | -| `cluster.externalAccess.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `cluster.externalAccess.service.annotations` | Annotations to add to the services used to expose every Pod of the Redis® Cluster | `{}` | -| `cluster.update.addNodes` | Boolean to specify if you want to add nodes after the upgrade | `false` | -| `cluster.update.currentNumberOfNodes` | Number of currently deployed Redis® nodes | `6` | -| `cluster.update.currentNumberOfReplicas` | Number of currently deployed Redis® replicas | `1` | -| `cluster.update.newExternalIPs` | External IPs obtained from the services for the new nodes to add to the cluster | `[]` | - - -### Metrics sidecar parameters - -| Name | Description | Value | -| ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Redis® exporter image registry | `docker.io` | -| `metrics.image.repository` | Redis® exporter image name | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® exporter image tag | `1.43.0-debian-11-r3` | -| `metrics.image.pullPolicy` | Redis® exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.extraArgs` | Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter | `{}` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | -| `metrics.podLabels` | Additional labels for Metrics exporter pod | `{}` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | -| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example. | `[]` | -| `metrics.priorityClassName` | Metrics exporter pod priorityClassName | `""` | -| `metrics.service.type` | Kubernetes Service type (redis metrics) | `ClusterIP` | -| `metrics.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `""` | -| `metrics.service.annotations` | Annotations for the services to monitor. | `{}` | -| `metrics.service.labels` | Additional labels for the metrics service | `{}` | -| `metrics.service.clusterIP` | Service Cluster IP | `""` | - - -### Sysctl Image parameters - -| Name | Description | Value | -| -------------------------------- | -------------------------------------------------- | ----------------------- | -| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlImage.command` | sysctlImage command to execute | `[]` | -| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | -| `sysctlImage.repository` | sysctlImage Init container repository | `bitnami/bitnami-shell` | -| `sysctlImage.tag` | sysctlImage Init container tag | `11-debian-11-r10` | -| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `IfNotPresent` | -| `sysctlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctlImage.resources.limits` | The resources limits for the container | `{}` | -| `sysctlImage.resources.requests` | The requested resources for the container | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set password=secretpassword \ - bitnami/redis-cluster -``` - -The above command sets the Redis® server password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/redis-cluster -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -> **Note for minikube users**: Current versions of minikube (v0.24.1 at the time of writing) provision `hostPath` persistent volumes that are only writable by root. Using chart defaults cause pod failure for the Redis® pod as it attempts to write to the `/bitnami` directory. See minikube issue [1990](https://github.com/kubernetes/minikube/issues/1990) for more information. - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Redis® version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis-cluster/configuration/change-image-version/). - -### Cluster topology - -To successfully set the cluster up, it will need to have at least 3 master nodes. The total number of nodes is calculated like- `nodes = numOfMasterNodes + numOfMasterNodes * replicas`. Hence, the defaults `cluster.nodes = 6` and `cluster.replicas = 1` means, 3 master and 3 replica nodes will be deployed by the chart. - -By default the Redis® Cluster is not accessible from outside the Kubernetes cluster, to access the Redis® Cluster from outside you have to set `cluster.externalAccess.enabled=true` at deployment time. It will create in the first installation only 6 LoadBalancer services, one for each Redis® node, once you have the external IPs of each service you will need to perform an upgrade passing those IPs to the `cluster.externalAccess.service.loadbalancerIP` array. - -The replicas will be read-only replicas of the masters. By default only one service is exposed (when not using the external access mode). You will connect your client to the exposed service, regardless you need to read or write. When a write operation arrives to a replica it will redirect the client to the proper master node. For example, using `redis-cli` you will need to provide the `-c` flag for `redis-cli` to follow the redirection automatically. - -Using the external access mode, you can connect to any of the pods and the slaves will redirect the client in the same way as explained before, but the all the IPs will be public. - -In case the master crashes, one of his slaves will be promoted to master. The slots stored by the crashed master will be unavailable until the slave finish the promotion. If a master and all his slaves crash, the cluster will be down until one of them is up again. To avoid downtime, it is possible to configure the number of Redis® nodes with `cluster.nodes` and the number of replicas that will be assigned to each master with `cluster.replicas`. For example: - -- `cluster.nodes=9` ( 3 master plus 2 replicas for each master) -- `cluster.replicas=2` - -Providing the values above, the cluster will have 3 masters and, each master, will have 2 replicas. - -> NOTE: By default `cluster.init` will be set to `true` in order to initialize the Redis® Cluster in the first installation. If for testing purposes you only want to deploy or upgrade the nodes but avoiding the creation of the cluster you can set `cluster.init` to `false`. - -#### Adding a new node to the cluster - -There is a job that will be executed using a `post-upgrade` hook that will allow you to add a new node. To use it, you should provide some parameters to the upgrade: - -- Pass as `password` the password used in the installation time. If you did not provide a password follow the instructions from the NOTES.txt to get the generated password. -- Set the desired number of nodes at `cluster.nodes`. -- Set the number of current nodes at `cluster.update.currentNumberOfNodes`. -- Set to true `cluster.update.addNodes`. - -The following will be an example to add one more node: - -``` -helm upgrade --timeout 600s --set "password=${REDIS_PASSWORD},cluster.nodes=7,cluster.update.addNodes=true,cluster.update.currentNumberOfNodes=6" bitnami/redis-cluster -``` - -Where `REDIS_PASSWORD` is the password obtained with the command that appears after the first installation of the Helm Chart. -The cluster will continue up while restarting pods one by one as the quorum is not lost. - -##### External Access - -If you are using external access, to add a new node you will need to perform two upgrades. First upgrade the release to add a new Redis® node and to get a LoadBalancerIP service. For example: - -``` -helm upgrade --set "password=${REDIS_PASSWORD},cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer,cluster.externalAccess.service.loadBalancerIP[0]=,cluster.externalAccess.service.loadBalancerIP[1]=,cluster.externalAccess.service.loadBalancerIP[2]=,cluster.externalAccess.service.loadBalancerIP[3]=,cluster.externalAccess.service.loadBalancerIP[4]=,cluster.externalAccess.service.loadBalancerIP[5]=,cluster.externalAccess.service.loadBalancerIP[6]=,cluster.nodes=7,cluster.init=false bitnami/redis-cluster -``` - -> Important here to provide the loadBalancerIP parameters for the new nodes empty to not get an index error. - -As we want to add a new node, we are setting `cluster.nodes=7` and we leave empty the LoadBalancerIP for the new node, so the cluster will provide the correct one. -`REDIS_PASSWORD` is the password obtained with the command that appears after the first installation of the Helm Chart. -At this point, you will have a new Redis® Pod that will remain in `crashLoopBackOff` state until we provide the LoadBalancerIP for the new service. -Now, wait until the cluster provides the new LoadBalancerIP for the new service and perform the second upgrade: - -``` -helm upgrade --set "password=${REDIS_PASSWORD},cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer,cluster.externalAccess.service.loadBalancerIP[0]=,cluster.externalAccess.service.loadBalancerIP[1]=,cluster.externalAccess.service.loadBalancerIP[2]=,cluster.externalAccess.service.loadBalancerIP[3]=,cluster.externalAccess.service.loadBalancerIP[4]=,cluster.externalAccess.service.loadBalancerIP[5]=,cluster.externalAccess.service.loadBalancerIP[6]=,cluster.nodes=7,cluster.init=false,cluster.update.addNodes=true,cluster.update.newExternalIPs[0]=" bitnami/redis-cluster -``` - -Note we are providing the new IPs at `cluster.update.newExternalIPs`, the flag `cluster.update.addNodes=true` to enable the creation of the Job that adds a new node and now we are setting the LoadBalancerIP of the new service instead of leave it empty. - -> NOTE: To avoid the creation of the Job that initializes the Redis® Cluster again, you will need to provide `cluster.init=false`. - -#### Scale down the cluster - -To scale down the Redis® Cluster, follow these steps: - -First perform a normal upgrade setting the `cluster.nodes` value to the desired number of nodes. It should not be less than `6` and the difference between current number of nodes and the desired should be less or equal to `cluster.replicas` to avoid removing master node an its slaves at the same time. Also it is needed to provide the password using the `password`. For example, having more than 6 nodes, to scale down the cluster to 6 nodes: - -``` -helm upgrade --timeout 600s --set "password=${REDIS_PASSWORD},cluster.nodes=6" . -``` - -The cluster will continue working during the update as long as the quorum is not lost. - -> NOTE: To avoid the creation of the Job that initializes the Redis® Cluster again, you will need to provide `cluster.init=false`. - -Once all the nodes are ready, get the list of nodes in the cluster using the `CLUSTER NODES` command. You will see references to the ones that were removed. Write down the node IDs of the nodes that show `fail`. In the following example the cluster scaled down from 7 to 6 nodes. - -``` -redis-cli -a $REDIS_PASSWORD CLUSTER NODES - -... -b23bcffa1fd64368d445c1d9bd9aeb92641105f7 10.0.0.70:6379@16379 slave,fail - 1645633139060 0 0 connected -... -``` - -In each cluster node, execute the following command. Replace the NODE_ID placeholder. - -``` -redis-cli -a $REDIS_PASSWORD CLUSTER FORGET NODE_ID -``` - -In the previous example the commands would look like this in each cluster node: - -``` -redis-cli -a $REDIS_PASSWORD CLUSTER FORGET b23bcffa1fd64368d445c1d9bd9aeb92641105f7 -``` - -### Using password file -To use a password file for Redis® you need to create a secret containing the password. - -> *NOTE*: It is important that the file with the password must be called `redis-password` - -And then deploy the Helm Chart using the secret name as parameter: - -```console -usePassword=true -usePasswordFile=true -existingSecret=redis-password-secret -metrics.enabled=true -``` - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -For example: - -First, create the secret with the certificates files: - -```console -kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem -``` - -Then, use the following parameters: - -```console -tls.enabled="true" -tls.existingSecret="certificates-tls-secret" -tls.certFilename="cert.pem" -tls.certKeyFilename="cert.key" -tls.certCAFilename="ca.pem" -``` - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Redis® (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: REDIS_WHATEVER - value: value -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. - -### Host Kernel Settings -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. -To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example: -``` -sysctlImage: - enabled: true - mountHostSys: true - command: - - /bin/sh - - -c - - |- - sysctl -w net.core.somaxconn=10000 - echo never > /host-sys/kernel/mm/transparent_hugepage/enabled -``` - -Alternatively, for Kubernetes 1.12+ you can set `podSecurityContext.sysctls` which will configure sysctls for master and slave pods. Example: - -```yaml -podSecurityContext: - sysctls: - - name: net.core.somaxconn - value: "10000" -``` - -Note that this will not disable transparent huge tables. - -## Helm Upgrade - -By default `cluster.init` will be set to `true` in order to initialize the Redis® Cluster in the first installation. If for testing purposes you only want to deploy or upgrade the nodes but avoiding the creation of the cluster you can set `cluster.init` to `false`. - -## Persistence - -By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/bitnami` path. The volume is created using dynamic volume provisioning. - -## NetworkPolicy - -To enable network policy for Redis®, install -[a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), -and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - - kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" - -With NetworkPolicy enabled, only pods with the generated client label will be -able to connect to Redis®. This label will be displayed in the output -after a successful install. - -With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set: - -```yaml -networkPolicy: - enabled: true - ingressNSMatchLabels: - redis: external - ingressNSPodMatchLabels: - redis-client: true -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` paremeter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 7.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Since this version performs changes in the statefulset, in order to upgrade from previous versions you need to delete the statefulset object before the upgrade. - -```console -kubectl delete statefulset -helm upgrade bitnami/redis-cluster --set redis.password= -``` - -### To 6.0.0 - -The cluster initialization job have been removed. Instead, the pod with index 0 from the statefulset will handle the initialization of the cluster. - -As consequence, the `initJob` configuration section have been removed. - -### To 5.0.0 - -This major version updates the Redis® docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` breaking changes center around some command and behaviour changes. For more information, please refer to [Redis® 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES). - -### To 4.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 3.0.0 - -This version of the chart adapts the chart to the most recent Bitnami best practices and standards. Most of the Redis® parameters were moved to the `redis` values section (such as extraEnvVars, sidecars, and so on). No major issues are expected during the upgrade. - -### To 2.0.0 - -The version `1.0.0` was using a label in the Statefulset's volumeClaimTemplate that didn't allow to upgrade the chart. The version `2.0.0` fixed that issue. Also it adds more docs in the README.md. - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/rds/base/charts/redis-cluster/charts/common-1.16.0.tgz b/rds/base/charts/redis-cluster/charts/common-1.16.0.tgz deleted file mode 100644 index 7992cf0..0000000 Binary files a/rds/base/charts/redis-cluster/charts/common-1.16.0.tgz and /dev/null differ diff --git a/rds/base/charts/redis-cluster/charts/common/.helmignore b/rds/base/charts/redis-cluster/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/redis-cluster/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/redis-cluster/charts/common/Chart.yaml b/rds/base/charts/redis-cluster/charts/common/Chart.yaml deleted file mode 100644 index bd152e3..0000000 --- a/rds/base/charts/redis-cluster/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.16.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.16.0 diff --git a/rds/base/charts/redis-cluster/charts/common/README.md b/rds/base/charts/redis-cluster/charts/common/README.md deleted file mode 100644 index 3b5e09c..0000000 --- a/rds/base/charts/redis-cluster/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_affinities.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_capabilities.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_errors.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_images.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_ingress.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_ingress.tpl deleted file mode 100644 index 8caf73a..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_labels.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_names.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_secrets.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_secrets.tpl deleted file mode 100644 index a53fb44..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_storage.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_tplvalues.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_utils.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/_warnings.tpl b/rds/base/charts/redis-cluster/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_cassandra.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mariadb.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mongodb.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mysql.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_postgresql.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_redis.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/templates/validations/_validations.tpl b/rds/base/charts/redis-cluster/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/rds/base/charts/redis-cluster/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/charts/common/values.yaml b/rds/base/charts/redis-cluster/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/rds/base/charts/redis-cluster/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/rds/base/charts/redis-cluster/img/redis-cluster-topology.png b/rds/base/charts/redis-cluster/img/redis-cluster-topology.png deleted file mode 100644 index f0a02a9..0000000 Binary files a/rds/base/charts/redis-cluster/img/redis-cluster-topology.png and /dev/null differ diff --git a/rds/base/charts/redis-cluster/img/redis-topology.png b/rds/base/charts/redis-cluster/img/redis-topology.png deleted file mode 100644 index 3f5280f..0000000 Binary files a/rds/base/charts/redis-cluster/img/redis-topology.png and /dev/null differ diff --git a/rds/base/charts/redis-cluster/templates/NOTES.txt b/rds/base/charts/redis-cluster/templates/NOTES.txt deleted file mode 100644 index 2c1ef4f..0000000 --- a/rds/base/charts/redis-cluster/templates/NOTES.txt +++ /dev/null @@ -1,117 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- $secretName := include "redis-cluster.secretName" . -}} -{{- $secretPasswordKey := include "redis-cluster.secretPasswordKey" . -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh - -{{- else }} - -{{ if .Values.usePassword }} -To get your password run: - {{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" $secretPasswordKey "context" $) }} -{{- end }} - -{{- if .Values.cluster.externalAccess.enabled }} - -To connect to your Redis® server from outside the cluster check the following information: - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - You will have a different external IP for each Redis® node. Get the external ip from `-external` suffixed services: `kubectl get svc`. - Redis® port: {{ .Values.cluster.externalAccess.service.port }} - - {{- if not .Values.cluster.externalAccess.service.loadBalancerIP }} - Once the LoadBalancerIPs are ready, you need to provide them and perform a Helm Upgrade: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set "cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer{{- $root := . }}{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }},cluster.externalAccess.service.loadBalancerIP[{{ $i }}]=load-balancerip-{{- $i }}{{- end }}" bitnami/redis-cluster - Where loadbalancer-ip-i are the LoadBalancerIPs provided by the cluster. - {{- else -}} - {{- if .Values.cluster.init -}} - INFO: The Job to create the cluster will be created. - {{- end -}} - - To connect to your database from outside the cluster execute the following commands: - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - redis-cli -c -h $SERVICE_IP -p {{ .Values.service.ports.redis }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{- end }} - -{{- else }} - -You have deployed a Redis® Cluster accessible only from within you Kubernetes Cluster. - -{{- if .Values.cluster.init -}} -INFO: The Job to create the cluster will be created. -{{- end -}} - -To connect to your Redis® cluster: - -1. Run a Redis® pod that you can use as a client: - -{{- if .Values.tls.enabled }} - kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis-cluster.image" . }} --command -- sleep infinity - - Copy your TLS certificates to the pod: - - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "common.names.fullname" . }}-client:/tmp/client.cert - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "common.names.fullname" . }}-client:/tmp/client.key - kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "common.names.fullname" . }}-client:/tmp/CA.cert - - Use the following command to attach to the pod: - - kubectl exec --tty -i {{ template "common.names.fullname" . }}-client \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} - --namespace {{ .Release.Namespace }} -- bash -{{- else }} -kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \ -{{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }} -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} ---image {{ template "redis-cluster.image" . }} -- bash -{{- end }} - -2. Connect using the Redis® CLI: - -redis-cli -c -h {{ template "common.names.fullname" . }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label -{{ template "common.names.fullname" . }}-client=true" -will be able to connect to redis. -{{- end -}} -{{- end -}} - -{{- include "redis-cluster.validateValues" . }} -{{- include "redis-cluster.checkRollingTags" . }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.sysctlImage }} - -{{- if and .Values.usePassword (not .Values.existingSecret) -}} - - {{- $requiredPassword := dict "valueKey" "password" "secret" $secretName "field" $secretPasswordKey "context" $ -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredPasswordError) "context" $) -}} -{{- end -}} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/_helpers.tpl b/rds/base/charts/redis-cluster/templates/_helpers.tpl deleted file mode 100644 index 2c137aa..0000000 --- a/rds/base/charts/redis-cluster/templates/_helpers.tpl +++ /dev/null @@ -1,254 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Redis® image name -*/}} -{{- define "redis-cluster.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "redis-cluster.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "redis-cluster.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return sysctl image -*/}} -{{- define "redis-cluster.sysctl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "redis-cluster.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "redis-cluster.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing Redis TLS certificates -*/}} -{{- define "redis-cluster.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "redis-cluster.tlsCert" -}} -{{- if (include "redis-cluster.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "redis-cluster.tlsCertKey" -}} -{{- if (include "redis-cluster.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}} -{{- else -}} - {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "redis-cluster.tlsCACert" -}} -{{- if (include "redis-cluster.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}} -{{- else -}} - {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the DH params file. -*/}} -{{- define "redis-cluster.tlsDHParams" -}} -{{- if .Values.tls.dhParamsFilename -}} -{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "redis-cluster.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "redis-cluster.secretName" -}} -{{- if .Values.existingSecret -}} -{{- printf "%s" .Values.existingSecret -}} -{{- else -}} -{{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password key to be retrieved from Redis® secret. -*/}} -{{- define "redis-cluster.secretPasswordKey" -}} -{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}} -{{- printf "%s" .Values.existingSecretPasswordKey -}} -{{- else -}} -{{- printf "redis-password" -}} -{{- end -}} -{{- end -}} - -{{/* -Return Redis® password -*/}} -{{- define "redis-cluster.password" -}} -{{- if not (empty .Values.global.redis.password) }} - {{- .Values.global.redis.password -}} -{{- else if not (empty .Values.password) -}} - {{- .Values.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Determines whether or not to create the Statefulset -*/}} -{{- define "redis-cluster.createStatefulSet" -}} - {{- if not .Values.cluster.externalAccess.enabled -}} - {{- true -}} - {{- end -}} - {{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP -}} - {{- true -}} - {{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "redis-cluster.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image -}} -{{- include "common.warnings.rollingTag" .Values.metrics.image -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "redis-cluster.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "redis-cluster.validateValues.updateParameters" .) -}} -{{- $messages := append $messages (include "redis-cluster.validateValues.tlsParameters" .) -}} -{{- $messages := append $messages (include "redis-cluster.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® Cluster - check update parameters */}} -{{- define "redis-cluster.validateValues.updateParameters" -}} -{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) -}} - {{- if .Values.cluster.externalAccess.enabled }} - {{- if not .Values.cluster.update.newExternalIPs -}} -redis-cluster: newExternalIPs - You must provide the newExternalIPs to perform the cluster upgrade when using external access. - {{- end -}} - {{- else }} - {{- if not .Values.cluster.update.currentNumberOfNodes -}} -redis-cluster: currentNumberOfNodes - You must provide the currentNumberOfNodes to perform an upgrade when not using external access. - {{- end -}} - {{- if not .Values.cluster.update.currentNumberOfReplicas -}} -redis-cluster: currentNumberOfReplicas - You must provide the currentNumberOfReplicas to perform an upgrade when not using external access. - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® Cluster - tls settings */}} -{{- define "redis-cluster.validateValues.tlsParameters" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) }} -{{- if and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) -}} -redis-cluster: TLSSecretMissingSecret - A secret containing the certificates for the TLS traffic is required when TLS is enabled. Please set the tls.existingSecret value -{{- end -}} -{{- if not .Values.tls.certFilename -}} -redis-cluster: TLSSecretMissingCert - A certificate filename is required when TLS is enabled. Please set the tls.certFilename value -{{- end -}} -{{- if not .Values.tls.certKeyFilename -}} -redis-cluster: TLSSecretMissingCertKey - A certificate key filename is required when TLS is enabled. Please set the tls.certKeyFilename value -{{- end -}} -{{- if not .Values.tls.certCAFilename -}} -redis-cluster: TLSSecretMissingCertCA - A certificate CA filename is required when TLS is enabled. Please set the tls.certCAFilename value -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - PodSecurityPolicy create */}} -{{- define "redis-cluster.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} -redis-cluster: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/configmap.yaml b/rds/base/charts/redis-cluster/templates/configmap.yaml deleted file mode 100644 index 375e8f6..0000000 --- a/rds/base/charts/redis-cluster/templates/configmap.yaml +++ /dev/null @@ -1,1829 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-default - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - redis-default.conf: |- - # Redis configuration file example. - # - # Note that in order to read the configuration file, Redis must be - # started with the file path as first argument: - # - # ./redis-server /path/to/redis.conf - - # Note on units: when memory size is needed, it is possible to specify - # it in the usual form of 1k 5GB 4M and so forth: - # - # 1k => 1000 bytes - # 1kb => 1024 bytes - # 1m => 1000000 bytes - # 1mb => 1024*1024 bytes - # 1g => 1000000000 bytes - # 1gb => 1024*1024*1024 bytes - # - # units are case insensitive so 1GB 1Gb 1gB are all the same. - - ################################## INCLUDES ################################### - - # Include one or more other config files here. This is useful if you - # have a standard template that goes to all Redis servers but also need - # to customize a few per-server settings. Include files can include - # other files, so use this wisely. - # - # Notice option "include" won't be rewritten by command "CONFIG REWRITE" - # from admin or Redis Sentinel. Since Redis always uses the last processed - # line as value of a configuration directive, you'd better put includes - # at the beginning of this file to avoid overwriting config change at runtime. - # - # If instead you are interested in using includes to override configuration - # options, it is better to use include as the last line. - # - # include /path/to/local.conf - # include /path/to/other.conf - - ################################## MODULES ##################################### - - # Load modules at startup. If the server is not able to load modules - # it will abort. It is possible to use multiple loadmodule directives. - # - # loadmodule /path/to/my_module.so - # loadmodule /path/to/other_module.so - - ################################## NETWORK ##################################### - - # By default, if no "bind" configuration directive is specified, Redis listens - # for connections from all the network interfaces available on the server. - # It is possible to listen to just one or multiple selected interfaces using - # the "bind" configuration directive, followed by one or more IP addresses. - # - # Examples: - # - # bind 192.168.1.100 10.0.0.1 - # bind 127.0.0.1 ::1 - # - # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the - # internet, binding to all the interfaces is dangerous and will expose the - # instance to everybody on the internet. So by default we uncomment the - # following bind directive, that will force Redis to listen only into - # the IPv4 loopback interface address (this means Redis will be able to - # accept connections only from clients running into the same computer it - # is running). - # - # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES - # JUST COMMENT THE FOLLOWING LINE. - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - bind 127.0.0.1 - - # Protected mode is a layer of security protection, in order to avoid that - # Redis instances left open on the internet are accessed and exploited. - # - # When protected mode is on and if: - # - # 1) The server is not binding explicitly to a set of addresses using the - # "bind" directive. - # 2) No password is configured. - # - # The server only accepts connections from clients connecting from the - # IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain - # sockets. - # - # By default protected mode is enabled. You should disable it only if - # you are sure you want clients from other hosts to connect to Redis - # even if no authentication is configured, nor a specific set of interfaces - # are explicitly listed using the "bind" directive. - protected-mode yes - - # Accept connections on the specified port, default is 6379 (IANA #815344). - # If port 0 is specified Redis will not listen on a TCP socket. - port 6379 - - # TCP listen() backlog. - # - # In high requests-per-second environments you need an high backlog in order - # to avoid slow clients connections issues. Note that the Linux kernel - # will silently truncate it to the value of /proc/sys/net/core/somaxconn so - # make sure to raise both the value of somaxconn and tcp_max_syn_backlog - # in order to get the desired effect. - tcp-backlog 511 - - # Unix socket. - # - # Specify the path for the Unix socket that will be used to listen for - # incoming connections. There is no default, so Redis will not listen - # on a unix socket when not specified. - # - # unixsocket /tmp/redis.sock - # unixsocketperm 700 - - # Close the connection after a client is idle for N seconds (0 to disable) - timeout 0 - - # TCP keepalive. - # - # If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence - # of communication. This is useful for two reasons: - # - # 1) Detect dead peers. - # 2) Take the connection alive from the point of view of network - # equipment in the middle. - # - # On Linux, the specified value (in seconds) is the period used to send ACKs. - # Note that to close the connection the double of the time is needed. - # On other kernels the period depends on the kernel configuration. - # - # A reasonable value for this option is 300 seconds, which is the new - # Redis default starting with Redis 3.2.1. - tcp-keepalive 300 - - ################################# TLS/SSL ##################################### - - # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration - # directive can be used to define TLS-listening ports. To enable TLS on the - # default port, use: - # - # port 0 - # tls-port 6379 - - # Configure a X.509 certificate and private key to use for authenticating the - # server to connected clients, masters or cluster peers. These files should be - # PEM formatted. - # - # tls-cert-file redis.crt - # tls-key-file redis.key - - # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange: - # - # tls-dh-params-file redis.dh - - # Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL - # clients and peers. Redis requires an explicit configuration of at least one - # of these, and will not implicitly use the system wide configuration. - # - # tls-ca-cert-file ca.crt - # tls-ca-cert-dir /etc/ssl/certs - - # By default, clients (including replica servers) on a TLS port are required - # to authenticate using valid client side certificates. - # - # It is possible to disable authentication using this directive. - # - # tls-auth-clients no - - # By default, a Redis replica does not attempt to establish a TLS connection - # with its master. - # - # Use the following directive to enable TLS on replication links. - # - # tls-replication yes - - # By default, the Redis Cluster bus uses a plain TCP connection. To enable - # TLS for the bus protocol, use the following directive: - # - # tls-cluster yes - - # Explicitly specify TLS versions to support. Allowed values are case insensitive - # and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or - # any combination. To enable only TLSv1.2 and TLSv1.3, use: - # - # tls-protocols "TLSv1.2 TLSv1.3" - - # Configure allowed ciphers. See the ciphers(1ssl) manpage for more information - # about the syntax of this string. - # - # Note: this configuration applies only to <= TLSv1.2. - # - # tls-ciphers DEFAULT:!MEDIUM - - # Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more - # information about the syntax of this string, and specifically for TLSv1.3 - # ciphersuites. - # - # tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256 - - # When choosing a cipher, use the server's preference instead of the client - # preference. By default, the server follows the client's preference. - # - # tls-prefer-server-ciphers yes - - ################################# GENERAL ##################################### - - # By default Redis does not run as a daemon. Use 'yes' if you need it. - # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. - daemonize no - - # If you run Redis from upstart or systemd, Redis can interact with your - # supervision tree. Options: - # supervised no - no supervision interaction - # supervised upstart - signal upstart by putting Redis into SIGSTOP mode - # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET - # supervised auto - detect upstart or systemd method based on - # UPSTART_JOB or NOTIFY_SOCKET environment variables - # Note: these supervision methods only signal "process is ready." - # They do not enable continuous liveness pings back to your supervisor. - supervised no - - # If a pid file is specified, Redis writes it where specified at startup - # and removes it at exit. - # - # When the server runs non daemonized, no pid file is created if none is - # specified in the configuration. When the server is daemonized, the pid file - # is used even if not specified, defaulting to "/var/run/redis.pid". - # - # Creating a pid file is best effort: if Redis is not able to create it - # nothing bad happens, the server will start and run normally. - pidfile /opt/bitnami/redis/tmp/redis_6379.pid - - # Specify the server verbosity level. - # This can be one of: - # debug (a lot of information, useful for development/testing) - # verbose (many rarely useful info, but not a mess like the debug level) - # notice (moderately verbose, what you want in production probably) - # warning (only very important / critical messages are logged) - loglevel notice - - # Specify the log file name. Also the empty string can be used to force - # Redis to log on the standard output. Note that if you use standard - # output for logging but daemonize, logs will be sent to /dev/null - logfile "" - - # To enable logging to the system logger, just set 'syslog-enabled' to yes, - # and optionally update the other syslog parameters to suit your needs. - # syslog-enabled no - - # Specify the syslog identity. - # syslog-ident redis - - # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. - # syslog-facility local0 - - # Set the number of databases. The default database is DB 0, you can select - # a different one on a per-connection basis using SELECT where - # dbid is a number between 0 and 'databases'-1 - databases 16 - - # By default Redis shows an ASCII art logo only when started to log to the - # standard output and if the standard output is a TTY. Basically this means - # that normally a logo is displayed only in interactive sessions. - # - # However it is possible to force the pre-4.0 behavior and always show a - # ASCII art logo in startup logs by setting the following option to yes. - always-show-logo yes - - ################################ SNAPSHOTTING ################################ - # - # Save the DB on disk: - # - # save - # - # Will save the DB if both the given number of seconds and the given - # number of write operations against the DB occurred. - # - # In the example below the behaviour will be to save: - # after 900 sec (15 min) if at least 1 key changed - # after 300 sec (5 min) if at least 10 keys changed - # after 60 sec if at least 10000 keys changed - # - # Note: you can disable saving completely by commenting out all "save" lines. - # - # It is also possible to remove all the previously configured save - # points by adding a save directive with a single empty string argument - # like in the following example: - # - # save "" - - save 900 1 - save 300 10 - save 60 10000 - - # By default Redis will stop accepting writes if RDB snapshots are enabled - # (at least one save point) and the latest background save failed. - # This will make the user aware (in a hard way) that data is not persisting - # on disk properly, otherwise chances are that no one will notice and some - # disaster will happen. - # - # If the background saving process will start working again Redis will - # automatically allow writes again. - # - # However if you have setup your proper monitoring of the Redis server - # and persistence, you may want to disable this feature so that Redis will - # continue to work as usual even if there are problems with disk, - # permissions, and so forth. - stop-writes-on-bgsave-error yes - - # Compress string objects using LZF when dump .rdb databases? - # For default that's set to 'yes' as it's almost always a win. - # If you want to save some CPU in the saving child set it to 'no' but - # the dataset will likely be bigger if you have compressible values or keys. - rdbcompression yes - - # Since version 5 of RDB a CRC64 checksum is placed at the end of the file. - # This makes the format more resistant to corruption but there is a performance - # hit to pay (around 10%) when saving and loading RDB files, so you can disable it - # for maximum performances. - # - # RDB files created with checksum disabled have a checksum of zero that will - # tell the loading code to skip the check. - rdbchecksum yes - - # The filename where to dump the DB - dbfilename dump.rdb - - # Remove RDB files used by replication in instances without persistence - # enabled. By default this option is disabled, however there are environments - # where for regulations or other security concerns, RDB files persisted on - # disk by masters in order to feed replicas, or stored on disk by replicas - # in order to load them for the initial synchronization, should be deleted - # ASAP. Note that this option ONLY WORKS in instances that have both AOF - # and RDB persistence disabled, otherwise is completely ignored. - # - # An alternative (and sometimes better) way to obtain the same effect is - # to use diskless replication on both master and replicas instances. However - # in the case of replicas, diskless is not always an option. - rdb-del-sync-files no - - # The working directory. - # - # The DB will be written inside this directory, with the filename specified - # above using the 'dbfilename' configuration directive. - # - # The Append Only File will also be created inside this directory. - # - # Note that you must specify a directory here, not a file name. - dir /bitnami/redis/data - - ################################# REPLICATION ################################# - - # Master-Replica replication. Use replicaof to make a Redis instance a copy of - # another Redis server. A few things to understand ASAP about Redis replication. - # - # +------------------+ +---------------+ - # | Master | ---> | Replica | - # | (receive writes) | | (exact copy) | - # +------------------+ +---------------+ - # - # 1) Redis replication is asynchronous, but you can configure a master to - # stop accepting writes if it appears to be not connected with at least - # a given number of replicas. - # 2) Redis replicas are able to perform a partial resynchronization with the - # master if the replication link is lost for a relatively small amount of - # time. You may want to configure the replication backlog size (see the next - # sections of this file) with a sensible value depending on your needs. - # 3) Replication is automatic and does not need user intervention. After a - # network partition replicas automatically try to reconnect to masters - # and resynchronize with them. - # - # replicaof - - # If the master is password protected (using the "requirepass" configuration - # directive below) it is possible to tell the replica to authenticate before - # starting the replication synchronization process, otherwise the master will - # refuse the replica request. - # - # masterauth - # - # However this is not enough if you are using Redis ACLs (for Redis version - # 6 or greater), and the default user is not capable of running the PSYNC - # command and/or other commands needed for replication. In this case it's - # better to configure a special user to use with replication, and specify the - # masteruser configuration as such: - # - # masteruser - # - # When masteruser is specified, the replica will authenticate against its - # master using the new AUTH form: AUTH . - - # When a replica loses its connection with the master, or when the replication - # is still in progress, the replica can act in two different ways: - # - # 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will - # still reply to client requests, possibly with out of date data, or the - # data set may just be empty if this is the first synchronization. - # - # 2) if replica-serve-stale-data is set to 'no' the replica will reply with - # an error "SYNC with master in progress" to all the kind of commands - # but to INFO, replicaOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, - # SUBSCRIBE, UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, - # COMMAND, POST, HOST: and LATENCY. - # - replica-serve-stale-data yes - - # You can configure a replica instance to accept writes or not. Writing against - # a replica instance may be useful to store some ephemeral data (because data - # written on a replica will be easily deleted after resync with the master) but - # may also cause problems if clients are writing to it because of a - # misconfiguration. - # - # Since Redis 2.6 by default replicas are read-only. - # - # Note: read only replicas are not designed to be exposed to untrusted clients - # on the internet. It's just a protection layer against misuse of the instance. - # Still a read only replica exports by default all the administrative commands - # such as CONFIG, DEBUG, and so forth. To a limited extent you can improve - # security of read only replicas using 'rename-command' to shadow all the - # administrative / dangerous commands. - replica-read-only yes - - # Replication SYNC strategy: disk or socket. - # - # New replicas and reconnecting replicas that are not able to continue the - # replication process just receiving differences, need to do what is called a - # "full synchronization". An RDB file is transmitted from the master to the - # replicas. - # - # The transmission can happen in two different ways: - # - # 1) Disk-backed: The Redis master creates a new process that writes the RDB - # file on disk. Later the file is transferred by the parent - # process to the replicas incrementally. - # 2) Diskless: The Redis master creates a new process that directly writes the - # RDB file to replica sockets, without touching the disk at all. - # - # With disk-backed replication, while the RDB file is generated, more replicas - # can be queued and served with the RDB file as soon as the current child - # producing the RDB file finishes its work. With diskless replication instead - # once the transfer starts, new replicas arriving will be queued and a new - # transfer will start when the current one terminates. - # - # When diskless replication is used, the master waits a configurable amount of - # time (in seconds) before starting the transfer in the hope that multiple - # replicas will arrive and the transfer can be parallelized. - # - # With slow disks and fast (large bandwidth) networks, diskless replication - # works better. - repl-diskless-sync no - - # When diskless replication is enabled, it is possible to configure the delay - # the server waits in order to spawn the child that transfers the RDB via socket - # to the replicas. - # - # This is important since once the transfer starts, it is not possible to serve - # new replicas arriving, that will be queued for the next RDB transfer, so the - # server waits a delay in order to let more replicas arrive. - # - # The delay is specified in seconds, and by default is 5 seconds. To disable - # it entirely just set it to 0 seconds and the transfer will start ASAP. - repl-diskless-sync-delay 5 - - # ----------------------------------------------------------------------------- - # WARNING: RDB diskless load is experimental. Since in this setup the replica - # does not immediately store an RDB on disk, it may cause data loss during - # failovers. RDB diskless load + Redis modules not handling I/O reads may also - # cause Redis to abort in case of I/O errors during the initial synchronization - # stage with the master. Use only if your do what you are doing. - # ----------------------------------------------------------------------------- - # - # Replica can load the RDB it reads from the replication link directly from the - # socket, or store the RDB to a file and read that file after it was completely - # received from the master. - # - # In many cases the disk is slower than the network, and storing and loading - # the RDB file may increase replication time (and even increase the master's - # Copy on Write memory and salve buffers). - # However, parsing the RDB file directly from the socket may mean that we have - # to flush the contents of the current database before the full rdb was - # received. For this reason we have the following options: - # - # "disabled" - Don't use diskless load (store the rdb file to the disk first) - # "on-empty-db" - Use diskless load only when it is completely safe. - # "swapdb" - Keep a copy of the current db contents in RAM while parsing - # the data directly from the socket. note that this requires - # sufficient memory, if you don't have it, you risk an OOM kill. - repl-diskless-load disabled - - # Replicas send PINGs to server in a predefined interval. It's possible to - # change this interval with the repl_ping_replica_period option. The default - # value is 10 seconds. - # - # repl-ping-replica-period 10 - - # The following option sets the replication timeout for: - # - # 1) Bulk transfer I/O during SYNC, from the point of view of replica. - # 2) Master timeout from the point of view of replicas (data, pings). - # 3) Replica timeout from the point of view of masters (REPLCONF ACK pings). - # - # It is important to make sure that this value is greater than the value - # specified for repl-ping-replica-period otherwise a timeout will be detected - # every time there is low traffic between the master and the replica. - # - # repl-timeout 60 - - # Disable TCP_NODELAY on the replica socket after SYNC? - # - # If you select "yes" Redis will use a smaller number of TCP packets and - # less bandwidth to send data to replicas. But this can add a delay for - # the data to appear on the replica side, up to 40 milliseconds with - # Linux kernels using a default configuration. - # - # If you select "no" the delay for data to appear on the replica side will - # be reduced but more bandwidth will be used for replication. - # - # By default we optimize for low latency, but in very high traffic conditions - # or when the master and replicas are many hops away, turning this to "yes" may - # be a good idea. - repl-disable-tcp-nodelay no - - # Set the replication backlog size. The backlog is a buffer that accumulates - # replica data when replicas are disconnected for some time, so that when a - # replica wants to reconnect again, often a full resync is not needed, but a - # partial resync is enough, just passing the portion of data the replica - # missed while disconnected. - # - # The bigger the replication backlog, the longer the time the replica can be - # disconnected and later be able to perform a partial resynchronization. - # - # The backlog is only allocated once there is at least a replica connected. - # - # repl-backlog-size 1mb - - # After a master has no longer connected replicas for some time, the backlog - # will be freed. The following option configures the amount of seconds that - # need to elapse, starting from the time the last replica disconnected, for - # the backlog buffer to be freed. - # - # Note that replicas never free the backlog for timeout, since they may be - # promoted to masters later, and should be able to correctly "partially - # resynchronize" with the replicas: hence they should always accumulate backlog. - # - # A value of 0 means to never release the backlog. - # - # repl-backlog-ttl 3600 - - # The replica priority is an integer number published by Redis in the INFO - # output. It is used by Redis Sentinel in order to select a replica to promote - # into a master if the master is no longer working correctly. - # - # A replica with a low priority number is considered better for promotion, so - # for instance if there are three replicas with priority 10, 100, 25 Sentinel - # will pick the one with priority 10, that is the lowest. - # - # However a special priority of 0 marks the replica as not able to perform the - # role of master, so a replica with priority of 0 will never be selected by - # Redis Sentinel for promotion. - # - # By default the priority is 100. - replica-priority 100 - - # It is possible for a master to stop accepting writes if there are less than - # N replicas connected, having a lag less or equal than M seconds. - # - # The N replicas need to be in "online" state. - # - # The lag in seconds, that must be <= the specified value, is calculated from - # the last ping received from the replica, that is usually sent every second. - # - # This option does not GUARANTEE that N replicas will accept the write, but - # will limit the window of exposure for lost writes in case not enough replicas - # are available, to the specified number of seconds. - # - # For example to require at least 3 replicas with a lag <= 10 seconds use: - # - # min-replicas-to-write 3 - # min-replicas-max-lag 10 - # - # Setting one or the other to 0 disables the feature. - # - # By default min-replicas-to-write is set to 0 (feature disabled) and - # min-replicas-max-lag is set to 10. - - # A Redis master is able to list the address and port of the attached - # replicas in different ways. For example the "INFO replication" section - # offers this information, which is used, among other tools, by - # Redis Sentinel in order to discover replica instances. - # Another place where this info is available is in the output of the - # "ROLE" command of a master. - # - # The listed IP and address normally reported by a replica is obtained - # in the following way: - # - # IP: The address is auto detected by checking the peer address - # of the socket used by the replica to connect with the master. - # - # Port: The port is communicated by the replica during the replication - # handshake, and is normally the port that the replica is using to - # listen for connections. - # - # However when port forwarding or Network Address Translation (NAT) is - # used, the replica may be actually reachable via different IP and port - # pairs. The following two options can be used by a replica in order to - # report to its master a specific set of IP and port, so that both INFO - # and ROLE will report those values. - # - # There is no need to use both the options if you need to override just - # the port or the IP address. - # - # replica-announce-ip 5.5.5.5 - # replica-announce-port 1234 - - ############################### KEYS TRACKING ################################# - - # Redis implements server assisted support for client side caching of values. - # This is implemented using an invalidation table that remembers, using - # 16 millions of slots, what clients may have certain subsets of keys. In turn - # this is used in order to send invalidation messages to clients. Please - # to understand more about the feature check this page: - # - # https://redis.io/topics/client-side-caching - # - # When tracking is enabled for a client, all the read only queries are assumed - # to be cached: this will force Redis to store information in the invalidation - # table. When keys are modified, such information is flushed away, and - # invalidation messages are sent to the clients. However if the workload is - # heavily dominated by reads, Redis could use more and more memory in order - # to track the keys fetched by many clients. - # - # For this reason it is possible to configure a maximum fill value for the - # invalidation table. By default it is set to 1M of keys, and once this limit - # is reached, Redis will start to evict keys in the invalidation table - # even if they were not modified, just to reclaim memory: this will in turn - # force the clients to invalidate the cached values. Basically the table - # maximum size is a trade off between the memory you want to spend server - # side to track information about who cached what, and the ability of clients - # to retain cached objects in memory. - # - # If you set the value to 0, it means there are no limits, and Redis will - # retain as many keys as needed in the invalidation table. - # In the "stats" INFO section, you can find information about the number of - # keys in the invalidation table at every given moment. - # - # Note: when key tracking is used in broadcasting mode, no memory is used - # in the server side so this setting is useless. - # - # tracking-table-max-keys 1000000 - - ################################## SECURITY ################################### - - # Warning: since Redis is pretty fast an outside user can try up to - # 1 million passwords per second against a modern box. This means that you - # should use very strong passwords, otherwise they will be very easy to break. - # Note that because the password is really a shared secret between the client - # and the server, and should not be memorized by any human, the password - # can be easily a long string from /dev/urandom or whatever, so by using a - # long and unguessable password no brute force attack will be possible. - - # Redis ACL users are defined in the following format: - # - # user ... acl rules ... - # - # For example: - # - # user worker +@list +@connection ~jobs:* on >ffa9203c493aa99 - # - # The special username "default" is used for new connections. If this user - # has the "nopass" rule, then new connections will be immediately authenticated - # as the "default" user without the need of any password provided via the - # AUTH command. Otherwise if the "default" user is not flagged with "nopass" - # the connections will start in not authenticated state, and will require - # AUTH (or the HELLO command AUTH option) in order to be authenticated and - # start to work. - # - # The ACL rules that describe what an user can do are the following: - # - # on Enable the user: it is possible to authenticate as this user. - # off Disable the user: it's no longer possible to authenticate - # with this user, however the already authenticated connections - # will still work. - # + Allow the execution of that command - # - Disallow the execution of that command - # +@ Allow the execution of all the commands in such category - # with valid categories are like @admin, @set, @sortedset, ... - # and so forth, see the full list in the server.c file where - # the Redis command table is described and defined. - # The special category @all means all the commands, but currently - # present in the server, and that will be loaded in the future - # via modules. - # +|subcommand Allow a specific subcommand of an otherwise - # disabled command. Note that this form is not - # allowed as negative like -DEBUG|SEGFAULT, but - # only additive starting with "+". - # allcommands Alias for +@all. Note that it implies the ability to execute - # all the future commands loaded via the modules system. - # nocommands Alias for -@all. - # ~ Add a pattern of keys that can be mentioned as part of - # commands. For instance ~* allows all the keys. The pattern - # is a glob-style pattern like the one of KEYS. - # It is possible to specify multiple patterns. - # allkeys Alias for ~* - # resetkeys Flush the list of allowed keys patterns. - # > Add this password to the list of valid password for the user. - # For example >mypass will add "mypass" to the list. - # This directive clears the "nopass" flag (see later). - # < Remove this password from the list of valid passwords. - # nopass All the set passwords of the user are removed, and the user - # is flagged as requiring no password: it means that every - # password will work against this user. If this directive is - # used for the default user, every new connection will be - # immediately authenticated with the default user without - # any explicit AUTH command required. Note that the "resetpass" - # directive will clear this condition. - # resetpass Flush the list of allowed passwords. Moreover removes the - # "nopass" status. After "resetpass" the user has no associated - # passwords and there is no way to authenticate without adding - # some password (or setting it as "nopass" later). - # reset Performs the following actions: resetpass, resetkeys, off, - # -@all. The user returns to the same state it has immediately - # after its creation. - # - # ACL rules can be specified in any order: for instance you can start with - # passwords, then flags, or key patterns. However note that the additive - # and subtractive rules will CHANGE MEANING depending on the ordering. - # For instance see the following example: - # - # user alice on +@all -DEBUG ~* >somepassword - # - # This will allow "alice" to use all the commands with the exception of the - # DEBUG command, since +@all added all the commands to the set of the commands - # alice can use, and later DEBUG was removed. However if we invert the order - # of two ACL rules the result will be different: - # - # user alice on -DEBUG +@all ~* >somepassword - # - # Now DEBUG was removed when alice had yet no commands in the set of allowed - # commands, later all the commands are added, so the user will be able to - # execute everything. - # - # Basically ACL rules are processed left-to-right. - # - # For more information about ACL configuration please refer to - # the Redis web site at https://redis.io/topics/acl - - # ACL LOG - # - # The ACL Log tracks failed commands and authentication events associated - # with ACLs. The ACL Log is useful to troubleshoot failed commands blocked - # by ACLs. The ACL Log is stored in and consumes memory. There is no limit - # to its length.You can reclaim memory with ACL LOG RESET or set a maximum - # length below. - acllog-max-len 128 - - # Using an external ACL file - # - # Instead of configuring users here in this file, it is possible to use - # a stand-alone file just listing users. The two methods cannot be mixed: - # if you configure users here and at the same time you activate the exteranl - # ACL file, the server will refuse to start. - # - # The format of the external ACL user file is exactly the same as the - # format that is used inside redis.conf to describe users. - # - # aclfile /etc/redis/users.acl - - # IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility - # layer on top of the new ACL system. The option effect will be just setting - # the password for the default user. Clients will still authenticate using - # AUTH as usually, or more explicitly with AUTH default - # if they follow the new protocol: both will work. - # - # requirepass foobared - - # Command renaming (DEPRECATED). - # - # ------------------------------------------------------------------------ - # WARNING: avoid using this option if possible. Instead use ACLs to remove - # commands from the default user, and put them only in some admin user you - # create for administrative purposes. - # ------------------------------------------------------------------------ - # - # It is possible to change the name of dangerous commands in a shared - # environment. For instance the CONFIG command may be renamed into something - # hard to guess so that it will still be available for internal-use tools - # but not available for general clients. - # - # Example: - # - # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 - # - # It is also possible to completely kill a command by renaming it into - # an empty string: - # - # rename-command CONFIG "" - # - # Please note that changing the name of commands that are logged into the - # AOF file or transmitted to replicas may cause problems. - - ################################### CLIENTS #################################### - - # Set the max number of connected clients at the same time. By default - # this limit is set to 10000 clients, however if the Redis server is not - # able to configure the process file limit to allow for the specified limit - # the max number of allowed clients is set to the current file limit - # minus 32 (as Redis reserves a few file descriptors for internal uses). - # - # Once the limit is reached Redis will close all the new connections sending - # an error 'max number of clients reached'. - # - # maxclients 10000 - - ############################## MEMORY MANAGEMENT ################################ - - # Set a memory usage limit to the specified amount of bytes. - # When the memory limit is reached Redis will try to remove keys - # according to the eviction policy selected (see maxmemory-policy). - # - # If Redis can't remove keys according to the policy, or if the policy is - # set to 'noeviction', Redis will start to reply with errors to commands - # that would use more memory, like SET, LPUSH, and so on, and will continue - # to reply to read-only commands like GET. - # - # This option is usually useful when using Redis as an LRU or LFU cache, or to - # set a hard memory limit for an instance (using the 'noeviction' policy). - # - # WARNING: If you have replicas attached to an instance with maxmemory on, - # the size of the output buffers needed to feed the replicas are subtracted - # from the used memory count, so that network problems / resyncs will - # not trigger a loop where keys are evicted, and in turn the output - # buffer of replicas is full with DELs of keys evicted triggering the deletion - # of more keys, and so forth until the database is completely emptied. - # - # In short... if you have replicas attached it is suggested that you set a lower - # limit for maxmemory so that there is some free RAM on the system for replica - # output buffers (but this is not needed if the policy is 'noeviction'). - # - # maxmemory - - # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory - # is reached. You can select one from the following behaviors: - # - # volatile-lru -> Evict using approximated LRU, only keys with an expire set. - # allkeys-lru -> Evict any key using approximated LRU. - # volatile-lfu -> Evict using approximated LFU, only keys with an expire set. - # allkeys-lfu -> Evict any key using approximated LFU. - # volatile-random -> Remove a random key having an expire set. - # allkeys-random -> Remove a random key, any key. - # volatile-ttl -> Remove the key with the nearest expire time (minor TTL) - # noeviction -> Don't evict anything, just return an error on write operations. - # - # LRU means Least Recently Used - # LFU means Least Frequently Used - # - # Both LRU, LFU and volatile-ttl are implemented using approximated - # randomized algorithms. - # - # Note: with any of the above policies, Redis will return an error on write - # operations, when there are no suitable keys for eviction. - # - # At the date of writing these commands are: set setnx setex append - # incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd - # sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby - # zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby - # getset mset msetnx exec sort - # - # The default is: - # - # maxmemory-policy noeviction - - # LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated - # algorithms (in order to save memory), so you can tune it for speed or - # accuracy. For default Redis will check five keys and pick the one that was - # used less recently, you can change the sample size using the following - # configuration directive. - # - # The default of 5 produces good enough results. 10 Approximates very closely - # true LRU but costs more CPU. 3 is faster but not very accurate. - # - # maxmemory-samples 5 - - # Starting from Redis 5, by default a replica will ignore its maxmemory setting - # (unless it is promoted to master after a failover or manually). It means - # that the eviction of keys will be just handled by the master, sending the - # DEL commands to the replica as keys evict in the master side. - # - # This behavior ensures that masters and replicas stay consistent, and is usually - # what you want, however if your replica is writable, or you want the replica - # to have a different memory setting, and you are sure all the writes performed - # to the replica are idempotent, then you may change this default (but be sure - # to understand what you are doing). - # - # Note that since the replica by default does not evict, it may end using more - # memory than the one set via maxmemory (there are certain buffers that may - # be larger on the replica, or data structures may sometimes take more memory - # and so forth). So make sure you monitor your replicas and make sure they - # have enough memory to never hit a real out-of-memory condition before the - # master hits the configured maxmemory setting. - # - # replica-ignore-maxmemory yes - - # Redis reclaims expired keys in two ways: upon access when those keys are - # found to be expired, and also in background, in what is called the - # "active expire key". The key space is slowly and interactively scanned - # looking for expired keys to reclaim, so that it is possible to free memory - # of keys that are expired and will never be accessed again in a short time. - # - # The default effort of the expire cycle will try to avoid having more than - # ten percent of expired keys still in memory, and will try to avoid consuming - # more than 25% of total memory and to add latency to the system. However - # it is possible to increase the expire "effort" that is normally set to - # "1", to a greater value, up to the value "10". At its maximum value the - # system will use more CPU, longer cycles (and technically may introduce - # more latency), and will tollerate less already expired keys still present - # in the system. It's a tradeoff between memory, CPU and latecy. - # - # active-expire-effort 1 - - ############################# LAZY FREEING #################################### - - # Redis has two primitives to delete keys. One is called DEL and is a blocking - # deletion of the object. It means that the server stops processing new commands - # in order to reclaim all the memory associated with an object in a synchronous - # way. If the key deleted is associated with a small object, the time needed - # in order to execute the DEL command is very small and comparable to most other - # O(1) or O(log_N) commands in Redis. However if the key is associated with an - # aggregated value containing millions of elements, the server can block for - # a long time (even seconds) in order to complete the operation. - # - # For the above reasons Redis also offers non blocking deletion primitives - # such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and - # FLUSHDB commands, in order to reclaim memory in background. Those commands - # are executed in constant time. Another thread will incrementally free the - # object in the background as fast as possible. - # - # DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. - # It's up to the design of the application to understand when it is a good - # idea to use one or the other. However the Redis server sometimes has to - # delete keys or flush the whole database as a side effect of other operations. - # Specifically Redis deletes objects independently of a user call in the - # following scenarios: - # - # 1) On eviction, because of the maxmemory and maxmemory policy configurations, - # in order to make room for new data, without going over the specified - # memory limit. - # 2) Because of expire: when a key with an associated time to live (see the - # EXPIRE command) must be deleted from memory. - # 3) Because of a side effect of a command that stores data on a key that may - # already exist. For example the RENAME command may delete the old key - # content when it is replaced with another one. Similarly SUNIONSTORE - # or SORT with STORE option may delete existing keys. The SET command - # itself removes any old content of the specified key in order to replace - # it with the specified string. - # 4) During replication, when a replica performs a full resynchronization with - # its master, the content of the whole database is removed in order to - # load the RDB file just transferred. - # - # In all the above cases the default is to delete objects in a blocking way, - # like if DEL was called. However you can configure each case specifically - # in order to instead release memory in a non-blocking way like if UNLINK - # was called, using the following configuration directives. - - lazyfree-lazy-eviction no - lazyfree-lazy-expire no - lazyfree-lazy-server-del no - replica-lazy-flush no - - # It is also possible, for the case when to replace the user code DEL calls - # with UNLINK calls is not easy, to modify the default behavior of the DEL - # command to act exactly like UNLINK, using the following configuration - # directive: - - lazyfree-lazy-user-del no - - ################################ THREADED I/O ################################# - - # Redis is mostly single threaded, however there are certain threaded - # operations such as UNLINK, slow I/O accesses and other things that are - # performed on side threads. - # - # Now it is also possible to handle Redis clients socket reads and writes - # in different I/O threads. Since especially writing is so slow, normally - # Redis users use pipelining in order to speedup the Redis performances per - # core, and spawn multiple instances in order to scale more. Using I/O - # threads it is possible to easily speedup two times Redis without resorting - # to pipelining nor sharding of the instance. - # - # By default threading is disabled, we suggest enabling it only in machines - # that have at least 4 or more cores, leaving at least one spare core. - # Using more than 8 threads is unlikely to help much. We also recommend using - # threaded I/O only if you actually have performance problems, with Redis - # instances being able to use a quite big percentage of CPU time, otherwise - # there is no point in using this feature. - # - # So for instance if you have a four cores boxes, try to use 2 or 3 I/O - # threads, if you have a 8 cores, try to use 6 threads. In order to - # enable I/O threads use the following configuration directive: - # - # io-threads 4 - # - # Setting io-threads to 1 will just use the main thread as usually. - # When I/O threads are enabled, we only use threads for writes, that is - # to thread the write(2) syscall and transfer the client buffers to the - # socket. However it is also possible to enable threading of reads and - # protocol parsing using the following configuration directive, by setting - # it to yes: - # - # io-threads-do-reads no - # - # Usually threading reads doesn't help much. - # - # NOTE 1: This configuration directive cannot be changed at runtime via - # CONFIG SET. Aso this feature currently does not work when SSL is - # enabled. - # - # NOTE 2: If you want to test the Redis speedup using redis-benchmark, make - # sure you also run the benchmark itself in threaded mode, using the - # --threads option to match the number of Redis theads, otherwise you'll not - # be able to notice the improvements. - - ############################## APPEND ONLY MODE ############################### - - # By default Redis asynchronously dumps the dataset on disk. This mode is - # good enough in many applications, but an issue with the Redis process or - # a power outage may result into a few minutes of writes lost (depending on - # the configured save points). - # - # The Append Only File is an alternative persistence mode that provides - # much better durability. For instance using the default data fsync policy - # (see later in the config file) Redis can lose just one second of writes in a - # dramatic event like a server power outage, or a single write if something - # wrong with the Redis process itself happens, but the operating system is - # still running correctly. - # - # AOF and RDB persistence can be enabled at the same time without problems. - # If the AOF is enabled on startup Redis will load the AOF, that is the file - # with the better durability guarantees. - # - # Please check http://redis.io/topics/persistence for more information. - - appendonly no - - # The name of the append only file (default: "appendonly.aof") - - appendfilename "appendonly.aof" - - # The fsync() call tells the Operating System to actually write data on disk - # instead of waiting for more data in the output buffer. Some OS will really flush - # data on disk, some other OS will just try to do it ASAP. - # - # Redis supports three different modes: - # - # no: don't fsync, just let the OS flush the data when it wants. Faster. - # always: fsync after every write to the append only log. Slow, Safest. - # everysec: fsync only one time every second. Compromise. - # - # The default is "everysec", as that's usually the right compromise between - # speed and data safety. It's up to you to understand if you can relax this to - # "no" that will let the operating system flush the output buffer when - # it wants, for better performances (but if you can live with the idea of - # some data loss consider the default persistence mode that's snapshotting), - # or on the contrary, use "always" that's very slow but a bit safer than - # everysec. - # - # More details please check the following article: - # http://antirez.com/post/redis-persistence-demystified.html - # - # If unsure, use "everysec". - - # appendfsync always - appendfsync everysec - # appendfsync no - - # When the AOF fsync policy is set to always or everysec, and a background - # saving process (a background save or AOF log background rewriting) is - # performing a lot of I/O against the disk, in some Linux configurations - # Redis may block too long on the fsync() call. Note that there is no fix for - # this currently, as even performing fsync in a different thread will block - # our synchronous write(2) call. - # - # In order to mitigate this problem it's possible to use the following option - # that will prevent fsync() from being called in the main process while a - # BGSAVE or BGREWRITEAOF is in progress. - # - # This means that while another child is saving, the durability of Redis is - # the same as "appendfsync none". In practical terms, this means that it is - # possible to lose up to 30 seconds of log in the worst scenario (with the - # default Linux settings). - # - # If you have latency problems turn this to "yes". Otherwise leave it as - # "no" that is the safest pick from the point of view of durability. - - no-appendfsync-on-rewrite no - - # Automatic rewrite of the append only file. - # Redis is able to automatically rewrite the log file implicitly calling - # BGREWRITEAOF when the AOF log size grows by the specified percentage. - # - # This is how it works: Redis remembers the size of the AOF file after the - # latest rewrite (if no rewrite has happened since the restart, the size of - # the AOF at startup is used). - # - # This base size is compared to the current size. If the current size is - # bigger than the specified percentage, the rewrite is triggered. Also - # you need to specify a minimal size for the AOF file to be rewritten, this - # is useful to avoid rewriting the AOF file even if the percentage increase - # is reached but it is still pretty small. - # - # Specify a percentage of zero in order to disable the automatic AOF - # rewrite feature. - - auto-aof-rewrite-percentage 100 - auto-aof-rewrite-min-size 64mb - - # An AOF file may be found to be truncated at the end during the Redis - # startup process, when the AOF data gets loaded back into memory. - # This may happen when the system where Redis is running - # crashes, especially when an ext4 filesystem is mounted without the - # data=ordered option (however this can't happen when Redis itself - # crashes or aborts but the operating system still works correctly). - # - # Redis can either exit with an error when this happens, or load as much - # data as possible (the default now) and start if the AOF file is found - # to be truncated at the end. The following option controls this behavior. - # - # If aof-load-truncated is set to yes, a truncated AOF file is loaded and - # the Redis server starts emitting a log to inform the user of the event. - # Otherwise if the option is set to no, the server aborts with an error - # and refuses to start. When the option is set to no, the user requires - # to fix the AOF file using the "redis-check-aof" utility before to restart - # the server. - # - # Note that if the AOF file will be found to be corrupted in the middle - # the server will still exit with an error. This option only applies when - # Redis will try to read more data from the AOF file but not enough bytes - # will be found. - aof-load-truncated yes - - # When rewriting the AOF file, Redis is able to use an RDB preamble in the - # AOF file for faster rewrites and recoveries. When this option is turned - # on the rewritten AOF file is composed of two different stanzas: - # - # [RDB file][AOF tail] - # - # When loading Redis recognizes that the AOF file starts with the "REDIS" - # string and loads the prefixed RDB file, and continues loading the AOF - # tail. - aof-use-rdb-preamble yes - - ################################ LUA SCRIPTING ############################### - - # Max execution time of a Lua script in milliseconds. - # - # If the maximum execution time is reached Redis will log that a script is - # still in execution after the maximum allowed time and will start to - # reply to queries with an error. - # - # When a long running script exceeds the maximum execution time only the - # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be - # used to stop a script that did not yet called write commands. The second - # is the only way to shut down the server in the case a write command was - # already issued by the script but the user doesn't want to wait for the natural - # termination of the script. - # - # Set it to 0 or a negative value for unlimited execution without warnings. - lua-time-limit 5000 - - ################################ REDIS CLUSTER ############################### - - # Normal Redis instances can't be part of a Redis Cluster; only nodes that are - # started as cluster nodes can. In order to start a Redis instance as a - # cluster node enable the cluster support uncommenting the following: - # - cluster-enabled yes - - # Every cluster node has a cluster configuration file. This file is not - # intended to be edited by hand. It is created and updated by Redis nodes. - # Every Redis Cluster node requires a different cluster configuration file. - # Make sure that instances running in the same system do not have - # overlapping cluster configuration file names. - # - cluster-config-file /bitnami/redis/data/nodes.conf - - # Cluster node timeout is the amount of milliseconds a node must be unreachable - # for it to be considered in failure state. - # Most other internal time limits are multiple of the node timeout. - # - # cluster-node-timeout 15000 - - # A replica of a failing master will avoid to start a failover if its data - # looks too old. - # - # There is no simple way for a replica to actually have an exact measure of - # its "data age", so the following two checks are performed: - # - # 1) If there are multiple replicas able to failover, they exchange messages - # in order to try to give an advantage to the replica with the best - # replication offset (more data from the master processed). - # Replicas will try to get their rank by offset, and apply to the start - # of the failover a delay proportional to their rank. - # - # 2) Every single replica computes the time of the last interaction with - # its master. This can be the last ping or command received (if the master - # is still in the "connected" state), or the time that elapsed since the - # disconnection with the master (if the replication link is currently down). - # If the last interaction is too old, the replica will not try to failover - # at all. - # - # The point "2" can be tuned by user. Specifically a replica will not perform - # the failover if, since the last interaction with the master, the time - # elapsed is greater than: - # - # (node-timeout * replica-validity-factor) + repl-ping-replica-period - # - # So for example if node-timeout is 30 seconds, and the replica-validity-factor - # is 10, and assuming a default repl-ping-replica-period of 10 seconds, the - # replica will not try to failover if it was not able to talk with the master - # for longer than 310 seconds. - # - # A large replica-validity-factor may allow replicas with too old data to failover - # a master, while a too small value may prevent the cluster from being able to - # elect a replica at all. - # - # For maximum availability, it is possible to set the replica-validity-factor - # to a value of 0, which means, that replicas will always try to failover the - # master regardless of the last time they interacted with the master. - # (However they'll always try to apply a delay proportional to their - # offset rank). - # - # Zero is the only value able to guarantee that when all the partitions heal - # the cluster will always be able to continue. - # - # cluster-replica-validity-factor 10 - - # Cluster replicas are able to migrate to orphaned masters, that are masters - # that are left without working replicas. This improves the cluster ability - # to resist to failures as otherwise an orphaned master can't be failed over - # in case of failure if it has no working replicas. - # - # Replicas migrate to orphaned masters only if there are still at least a - # given number of other working replicas for their old master. This number - # is the "migration barrier". A migration barrier of 1 means that a replica - # will migrate only if there is at least 1 other working replica for its master - # and so forth. It usually reflects the number of replicas you want for every - # master in your cluster. - # - # Default is 1 (replicas migrate only if their masters remain with at least - # one replica). To disable migration just set it to a very large value. - # A value of 0 can be set but is useful only for debugging and dangerous - # in production. - # - # cluster-migration-barrier 1 - - # By default Redis Cluster nodes stop accepting queries if they detect there - # is at least an hash slot uncovered (no available node is serving it). - # This way if the cluster is partially down (for example a range of hash slots - # are no longer covered) all the cluster becomes, eventually, unavailable. - # It automatically returns available as soon as all the slots are covered again. - # - # However sometimes you want the subset of the cluster which is working, - # to continue to accept queries for the part of the key space that is still - # covered. In order to do so, just set the cluster-require-full-coverage - # option to no. - # - # cluster-require-full-coverage yes - - # This option, when set to yes, prevents replicas from trying to failover its - # master during master failures. However the master can still perform a - # manual failover, if forced to do so. - # - # This is useful in different scenarios, especially in the case of multiple - # data center operations, where we want one side to never be promoted if not - # in the case of a total DC failure. - # - # cluster-replica-no-failover no - - # This option, when set to yes, allows nodes to serve read traffic while the - # the cluster is in a down state, as long as it believes it owns the slots. - # - # This is useful for two cases. The first case is for when an application - # doesn't require consistency of data during node failures or network partitions. - # One example of this is a cache, where as long as the node has the data it - # should be able to serve it. - # - # The second use case is for configurations that don't meet the recommended - # three shards but want to enable cluster mode and scale later. A - # master outage in a 1 or 2 shard configuration causes a read/write outage to the - # entire cluster without this option set, with it set there is only a write outage. - # Without a quorum of masters, slot ownership will not change automatically. - # - # cluster-allow-reads-when-down no - - # In order to setup your cluster make sure to read the documentation - # available at http://redis.io web site. - - ########################## CLUSTER DOCKER/NAT support ######################## - - # In certain deployments, Redis Cluster nodes address discovery fails, because - # addresses are NAT-ted or because ports are forwarded (the typical case is - # Docker and other containers). - # - # In order to make Redis Cluster working in such environments, a static - # configuration where each node knows its public address is needed. The - # following two options are used for this scope, and are: - # - # * cluster-announce-ip - # * cluster-announce-port - # * cluster-announce-bus-port - # - # Each instruct the node about its address, client port, and cluster message - # bus port. The information is then published in the header of the bus packets - # so that other nodes will be able to correctly map the address of the node - # publishing the information. - # - # If the above options are not used, the normal Redis Cluster auto-detection - # will be used instead. - # - # Note that when remapped, the bus port may not be at the fixed offset of - # clients port + 10000, so you can specify any port and bus-port depending - # on how they get remapped. If the bus-port is not set, a fixed offset of - # 10000 will be used as usually. - # - # Example: - # - # cluster-announce-ip 10.1.1.5 - # cluster-announce-port 6379 - # cluster-announce-bus-port 6380 - - ################################## SLOW LOG ################################### - - # The Redis Slow Log is a system to log queries that exceeded a specified - # execution time. The execution time does not include the I/O operations - # like talking with the client, sending the reply and so forth, - # but just the time needed to actually execute the command (this is the only - # stage of command execution where the thread is blocked and can not serve - # other requests in the meantime). - # - # You can configure the slow log with two parameters: one tells Redis - # what is the execution time, in microseconds, to exceed in order for the - # command to get logged, and the other parameter is the length of the - # slow log. When a new command is logged the oldest one is removed from the - # queue of logged commands. - - # The following time is expressed in microseconds, so 1000000 is equivalent - # to one second. Note that a negative number disables the slow log, while - # a value of zero forces the logging of every command. - slowlog-log-slower-than 10000 - - # There is no limit to this length. Just be aware that it will consume memory. - # You can reclaim memory used by the slow log with SLOWLOG RESET. - slowlog-max-len 128 - - ################################ LATENCY MONITOR ############################## - - # The Redis latency monitoring subsystem samples different operations - # at runtime in order to collect data related to possible sources of - # latency of a Redis instance. - # - # Via the LATENCY command this information is available to the user that can - # print graphs and obtain reports. - # - # The system only logs operations that were performed in a time equal or - # greater than the amount of milliseconds specified via the - # latency-monitor-threshold configuration directive. When its value is set - # to zero, the latency monitor is turned off. - # - # By default latency monitoring is disabled since it is mostly not needed - # if you don't have latency issues, and collecting data has a performance - # impact, that while very small, can be measured under big load. Latency - # monitoring can easily be enabled at runtime using the command - # "CONFIG SET latency-monitor-threshold " if needed. - latency-monitor-threshold 0 - - ############################# EVENT NOTIFICATION ############################## - - # Redis can notify Pub/Sub clients about events happening in the key space. - # This feature is documented at http://redis.io/topics/notifications - # - # For instance if keyspace events notification is enabled, and a client - # performs a DEL operation on key "foo" stored in the Database 0, two - # messages will be published via Pub/Sub: - # - # PUBLISH __keyspace@0__:foo del - # PUBLISH __keyevent@0__:del foo - # - # It is possible to select the events that Redis will notify among a set - # of classes. Every class is identified by a single character: - # - # K Keyspace events, published with __keyspace@__ prefix. - # E Keyevent events, published with __keyevent@__ prefix. - # g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... - # $ String commands - # l List commands - # s Set commands - # h Hash commands - # z Sorted set commands - # x Expired events (events generated every time a key expires) - # e Evicted events (events generated when a key is evicted for maxmemory) - # t Stream commands - # m Key-miss events (Note: It is not included in the 'A' class) - # A Alias for g$lshzxet, so that the "AKE" string means all the events - # (Except key-miss events which are excluded from 'A' due to their - # unique nature). - # - # The "notify-keyspace-events" takes as argument a string that is composed - # of zero or multiple characters. The empty string means that notifications - # are disabled. - # - # Example: to enable list and generic events, from the point of view of the - # event name, use: - # - # notify-keyspace-events Elg - # - # Example 2: to get the stream of the expired keys subscribing to channel - # name __keyevent@0__:expired use: - # - # notify-keyspace-events Ex - # - # By default all notifications are disabled because most users don't need - # this feature and the feature has some overhead. Note that if you don't - # specify at least one of K or E, no events will be delivered. - notify-keyspace-events "" - - ############################### GOPHER SERVER ################################# - - # Redis contains an implementation of the Gopher protocol, as specified in - # the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt). - # - # The Gopher protocol was very popular in the late '90s. It is an alternative - # to the web, and the implementation both server and client side is so simple - # that the Redis server has just 100 lines of code in order to implement this - # support. - # - # What do you do with Gopher nowadays? Well Gopher never *really* died, and - # lately there is a movement in order for the Gopher more hierarchical content - # composed of just plain text documents to be resurrected. Some want a simpler - # internet, others believe that the mainstream internet became too much - # controlled, and it's cool to create an alternative space for people that - # want a bit of fresh air. - # - # Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol - # as a gift. - # - # --- HOW IT WORKS? --- - # - # The Redis Gopher support uses the inline protocol of Redis, and specifically - # two kind of inline requests that were anyway illegal: an empty request - # or any request that starts with "/" (there are no Redis commands starting - # with such a slash). Normal RESP2/RESP3 requests are completely out of the - # path of the Gopher protocol implementation and are served as usually as well. - # - # If you open a connection to Redis when Gopher is enabled and send it - # a string like "/foo", if there is a key named "/foo" it is served via the - # Gopher protocol. - # - # In order to create a real Gopher "hole" (the name of a Gopher site in Gopher - # talking), you likely need a script like the following: - # - # https://github.com/antirez/gopher2redis - # - # --- SECURITY WARNING --- - # - # If you plan to put Redis on the internet in a publicly accessible address - # to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance. - # Once a password is set: - # - # 1. The Gopher server (when enabled, not by default) will still serve - # content via Gopher. - # 2. However other commands cannot be called before the client will - # authenticate. - # - # So use the 'requirepass' option to protect your instance. - # - # To enable Gopher support uncomment the following line and set - # the option from no (the default) to yes. - # - # gopher-enabled no - - ############################### ADVANCED CONFIG ############################### - - # Hashes are encoded using a memory efficient data structure when they have a - # small number of entries, and the biggest entry does not exceed a given - # threshold. These thresholds can be configured using the following directives. - hash-max-ziplist-entries 512 - hash-max-ziplist-value 64 - - # Lists are also encoded in a special way to save a lot of space. - # The number of entries allowed per internal list node can be specified - # as a fixed maximum size or a maximum number of elements. - # For a fixed maximum size, use -5 through -1, meaning: - # -5: max size: 64 Kb <-- not recommended for normal workloads - # -4: max size: 32 Kb <-- not recommended - # -3: max size: 16 Kb <-- probably not recommended - # -2: max size: 8 Kb <-- good - # -1: max size: 4 Kb <-- good - # Positive numbers mean store up to _exactly_ that number of elements - # per list node. - # The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), - # but if your use case is unique, adjust the settings as necessary. - list-max-ziplist-size -2 - - # Lists may also be compressed. - # Compress depth is the number of quicklist ziplist nodes from *each* side of - # the list to *exclude* from compression. The head and tail of the list - # are always uncompressed for fast push/pop operations. Settings are: - # 0: disable all list compression - # 1: depth 1 means "don't start compressing until after 1 node into the list, - # going from either the head or tail" - # So: [head]->node->node->...->node->[tail] - # [head], [tail] will always be uncompressed; inner nodes will compress. - # 2: [head]->[next]->node->node->...->node->[prev]->[tail] - # 2 here means: don't compress head or head->next or tail->prev or tail, - # but compress all nodes between them. - # 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] - # etc. - list-compress-depth 0 - - # Sets have a special encoding in just one case: when a set is composed - # of just strings that happen to be integers in radix 10 in the range - # of 64 bit signed integers. - # The following configuration setting sets the limit in the size of the - # set in order to use this special memory saving encoding. - set-max-intset-entries 512 - - # Similarly to hashes and lists, sorted sets are also specially encoded in - # order to save a lot of space. This encoding is only used when the length and - # elements of a sorted set are below the following limits: - zset-max-ziplist-entries 128 - zset-max-ziplist-value 64 - - # HyperLogLog sparse representation bytes limit. The limit includes the - # 16 bytes header. When an HyperLogLog using the sparse representation crosses - # this limit, it is converted into the dense representation. - # - # A value greater than 16000 is totally useless, since at that point the - # dense representation is more memory efficient. - # - # The suggested value is ~ 3000 in order to have the benefits of - # the space efficient encoding without slowing down too much PFADD, - # which is O(N) with the sparse encoding. The value can be raised to - # ~ 10000 when CPU is not a concern, but space is, and the data set is - # composed of many HyperLogLogs with cardinality in the 0 - 15000 range. - hll-sparse-max-bytes 3000 - - # Streams macro node max size / items. The stream data structure is a radix - # tree of big nodes that encode multiple items inside. Using this configuration - # it is possible to configure how big a single node can be in bytes, and the - # maximum number of items it may contain before switching to a new node when - # appending new stream entries. If any of the following settings are set to - # zero, the limit is ignored, so for instance it is possible to set just a - # max entries limit by setting max-bytes to 0 and max-entries to the desired - # value. - stream-node-max-bytes 4096 - stream-node-max-entries 100 - - # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in - # order to help rehashing the main Redis hash table (the one mapping top-level - # keys to values). The hash table implementation Redis uses (see dict.c) - # performs a lazy rehashing: the more operation you run into a hash table - # that is rehashing, the more rehashing "steps" are performed, so if the - # server is idle the rehashing is never complete and some more memory is used - # by the hash table. - # - # The default is to use this millisecond 10 times every second in order to - # actively rehash the main dictionaries, freeing memory when possible. - # - # If unsure: - # use "activerehashing no" if you have hard latency requirements and it is - # not a good thing in your environment that Redis can reply from time to time - # to queries with 2 milliseconds delay. - # - # use "activerehashing yes" if you don't have such hard requirements but - # want to free memory asap when possible. - activerehashing yes - - # The client output buffer limits can be used to force disconnection of clients - # that are not reading data from the server fast enough for some reason (a - # common reason is that a Pub/Sub client can't consume messages as fast as the - # publisher can produce them). - # - # The limit can be set differently for the three different classes of clients: - # - # normal -> normal clients including MONITOR clients - # replica -> replica clients - # pubsub -> clients subscribed to at least one pubsub channel or pattern - # - # The syntax of every client-output-buffer-limit directive is the following: - # - # client-output-buffer-limit - # - # A client is immediately disconnected once the hard limit is reached, or if - # the soft limit is reached and remains reached for the specified number of - # seconds (continuously). - # So for instance if the hard limit is 32 megabytes and the soft limit is - # 16 megabytes / 10 seconds, the client will get disconnected immediately - # if the size of the output buffers reach 32 megabytes, but will also get - # disconnected if the client reaches 16 megabytes and continuously overcomes - # the limit for 10 seconds. - # - # By default normal clients are not limited because they don't receive data - # without asking (in a push way), but just after a request, so only - # asynchronous clients may create a scenario where data is requested faster - # than it can read. - # - # Instead there is a default limit for pubsub and replica clients, since - # subscribers and replicas receive data in a push fashion. - # - # Both the hard or the soft limit can be disabled by setting them to zero. - client-output-buffer-limit normal 0 0 0 - client-output-buffer-limit replica 256mb 64mb 60 - client-output-buffer-limit pubsub 32mb 8mb 60 - - # Client query buffers accumulate new commands. They are limited to a fixed - # amount by default in order to avoid that a protocol desynchronization (for - # instance due to a bug in the client) will lead to unbound memory usage in - # the query buffer. However you can configure it here if you have very special - # needs, such us huge multi/exec requests or alike. - # - # client-query-buffer-limit 1gb - - # In the Redis protocol, bulk requests, that are, elements representing single - # strings, are normally limited to 512 mb. However you can change this limit - # here. - # - # proto-max-bulk-len 512mb - - # Redis calls an internal function to perform many background tasks, like - # closing connections of clients in timeout, purging expired keys that are - # never requested, and so forth. - # - # Not all tasks are performed with the same frequency, but Redis checks for - # tasks to perform according to the specified "hz" value. - # - # By default "hz" is set to 10. Raising the value will use more CPU when - # Redis is idle, but at the same time will make Redis more responsive when - # there are many keys expiring at the same time, and timeouts may be - # handled with more precision. - # - # The range is between 1 and 500, however a value over 100 is usually not - # a good idea. Most users should use the default of 10 and raise this up to - # 100 only in environments where very low latency is required. - hz 10 - - # Normally it is useful to have an HZ value which is proportional to the - # number of clients connected. This is useful in order, for instance, to - # avoid too many clients are processed for each background task invocation - # in order to avoid latency spikes. - # - # Since the default HZ value by default is conservatively set to 10, Redis - # offers, and enables by default, the ability to use an adaptive HZ value - # which will temporary raise when there are many connected clients. - # - # When dynamic HZ is enabled, the actual configured HZ will be used - # as a baseline, but multiples of the configured HZ value will be actually - # used as needed once more clients are connected. In this way an idle - # instance will use very little CPU time while a busy instance will be - # more responsive. - dynamic-hz yes - - # When a child rewrites the AOF file, if the following option is enabled - # the file will be fsync-ed every 32 MB of data generated. This is useful - # in order to commit the file to the disk more incrementally and avoid - # big latency spikes. - aof-rewrite-incremental-fsync yes - - # When redis saves RDB file, if the following option is enabled - # the file will be fsync-ed every 32 MB of data generated. This is useful - # in order to commit the file to the disk more incrementally and avoid - # big latency spikes. - rdb-save-incremental-fsync yes - - # Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good - # idea to start with the default settings and only change them after investigating - # how to improve the performances and how the keys LFU change over time, which - # is possible to inspect via the OBJECT FREQ command. - # - # There are two tunable parameters in the Redis LFU implementation: the - # counter logarithm factor and the counter decay time. It is important to - # understand what the two parameters mean before changing them. - # - # The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis - # uses a probabilistic increment with logarithmic behavior. Given the value - # of the old counter, when a key is accessed, the counter is incremented in - # this way: - # - # 1. A random number R between 0 and 1 is extracted. - # 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). - # 3. The counter is incremented only if R < P. - # - # The default lfu-log-factor is 10. This is a table of how the frequency - # counter changes with a different number of accesses with different - # logarithmic factors: - # - # +--------+------------+------------+------------+------------+------------+ - # | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | - # +--------+------------+------------+------------+------------+------------+ - # | 0 | 104 | 255 | 255 | 255 | 255 | - # +--------+------------+------------+------------+------------+------------+ - # | 1 | 18 | 49 | 255 | 255 | 255 | - # +--------+------------+------------+------------+------------+------------+ - # | 10 | 10 | 18 | 142 | 255 | 255 | - # +--------+------------+------------+------------+------------+------------+ - # | 100 | 8 | 11 | 49 | 143 | 255 | - # +--------+------------+------------+------------+------------+------------+ - # - # NOTE: The above table was obtained by running the following commands: - # - # redis-benchmark -n 1000000 incr foo - # redis-cli object freq foo - # - # NOTE 2: The counter initial value is 5 in order to give new objects a chance - # to accumulate hits. - # - # The counter decay time is the time, in minutes, that must elapse in order - # for the key counter to be divided by two (or decremented if it has a value - # less <= 10). - # - # The default value for the lfu-decay-time is 1. A Special value of 0 means to - # decay the counter every time it happens to be scanned. - # - # lfu-log-factor 10 - # lfu-decay-time 1 - - ########################### ACTIVE DEFRAGMENTATION ####################### - # - # What is active defragmentation? - # ------------------------------- - # - # Active (online) defragmentation allows a Redis server to compact the - # spaces left between small allocations and deallocations of data in memory, - # thus allowing to reclaim back memory. - # - # Fragmentation is a natural process that happens with every allocator (but - # less so with Jemalloc, fortunately) and certain workloads. Normally a server - # restart is needed in order to lower the fragmentation, or at least to flush - # away all the data and create it again. However thanks to this feature - # implemented by Oran Agra for Redis 4.0 this process can happen at runtime - # in an "hot" way, while the server is running. - # - # Basically when the fragmentation is over a certain level (see the - # configuration options below) Redis will start to create new copies of the - # values in contiguous memory regions by exploiting certain specific Jemalloc - # features (in order to understand if an allocation is causing fragmentation - # and to allocate it in a better place), and at the same time, will release the - # old copies of the data. This process, repeated incrementally for all the keys - # will cause the fragmentation to drop back to normal values. - # - # Important things to understand: - # - # 1. This feature is disabled by default, and only works if you compiled Redis - # to use the copy of Jemalloc we ship with the source code of Redis. - # This is the default with Linux builds. - # - # 2. You never need to enable this feature if you don't have fragmentation - # issues. - # - # 3. Once you experience fragmentation, you can enable this feature when - # needed with the command "CONFIG SET activedefrag yes". - # - # The configuration parameters are able to fine tune the behavior of the - # defragmentation process. If you are not sure about what they mean it is - # a good idea to leave the defaults untouched. - - # Enabled active defragmentation - # activedefrag no - - # Minimum amount of fragmentation waste to start active defrag - # active-defrag-ignore-bytes 100mb - - # Minimum percentage of fragmentation to start active defrag - # active-defrag-threshold-lower 10 - - # Maximum percentage of fragmentation at which we use maximum effort - # active-defrag-threshold-upper 100 - - # Minimal effort for defrag in CPU percentage, to be used when the lower - # threshold is reached - # active-defrag-cycle-min 1 - - # Maximal effort for defrag in CPU percentage, to be used when the upper - # threshold is reached - # active-defrag-cycle-max 25 - - # Maximum number of set/hash/zset/list fields that will be processed from - # the main dictionary scan - # active-defrag-max-scan-fields 1000 - - # Jemalloc background thread for purging will be enabled by default - jemalloc-bg-thread yes - - # It is possible to pin different threads and processes of Redis to specific - # CPUs in your system, in order to maximize the performances of the server. - # This is useful both in order to pin different Redis threads in different - # CPUs, but also in order to make sure that multiple Redis instances running - # in the same host will be pinned to different CPUs. - # - # Normally you can do this using the "taskset" command, however it is also - # possible to this via Redis configuration directly, both in Linux and FreeBSD. - # - # You can pin the server/IO threads, bio threads, aof rewrite child process, and - # the bgsave child process. The syntax to specify the cpu list is the same as - # the taskset command: - # - # Set redis server/io threads to cpu affinity 0,2,4,6: - # server_cpulist 0-7:2 - # - # Set bio threads to cpu affinity 1,3: - # bio_cpulist 1,3 - # - # Set aof rewrite child process to cpu affinity 8,9,10,11: - # aof_rewrite_cpulist 8-11 - # - # Set bgsave child process to cpu affinity 1,10,11 - # bgsave_cpulist 1,10-11 -{{- if .Values.redis.configmap }} -{{- include "common.tplvalues.render" (dict "value" .Values.redis.configmap "context" $) | nindent 4 }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/extra-list.yaml b/rds/base/charts/redis-cluster/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/rds/base/charts/redis-cluster/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/headless-svc.yaml b/rds/base/charts/redis-cluster/templates/headless-svc.yaml deleted file mode 100644 index e95badc..0000000 --- a/rds/base/charts/redis-cluster/templates/headless-svc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: tcp-redis - port: {{ .Values.redis.containerPorts.redis }} - targetPort: tcp-redis - - name: tcp-redis-bus - port: {{ .Values.redis.containerPorts.bus }} - targetPort: tcp-redis-bus - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/rds/base/charts/redis-cluster/templates/metrics-prometheus.yaml b/rds/base/charts/redis-cluster/templates/metrics-prometheus.yaml deleted file mode 100644 index 540cf3d..0000000 --- a/rds/base/charts/redis-cluster/templates/metrics-prometheus.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }} - {{- else}} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - app.kubernetes.io/component: "metrics" - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/metrics-svc.yaml b/rds/base/charts/redis-cluster/templates/metrics-svc.yaml deleted file mode 100644 index 14305dd..0000000 --- a/rds/base/charts/redis-cluster/templates/metrics-svc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.service.labels }} - {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: "metrics" - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} - clusterIP: {{ .Values.metrics.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: metrics - port: 9121 - targetPort: http-metrics - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/networkpolicy.yaml b/rds/base/charts/redis-cluster/templates/networkpolicy.yaml deleted file mode 100644 index d7b4f16..0000000 --- a/rds/base/charts/redis-cluster/templates/networkpolicy.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "common.names.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - policyTypes: - - Ingress - - Egress - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.redis.containerPorts.redis }} - - port: {{ .Values.redis.containerPorts.bus }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.redis.containerPorts.redis }} - - port: {{ .Values.redis.containerPorts.bus }} - from: - {{- if not .Values.networkPolicy.allowExternal }} - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: 9121 - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/poddisruptionbudget.yaml b/rds/base/charts/redis-cluster/templates/poddisruptionbudget.yaml deleted file mode 100644 index abef667..0000000 --- a/rds/base/charts/redis-cluster/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - matchExpressions: - - {key: job-name, operator: NotIn, values: [{{ template "common.names.fullname" . }}-cluster-update]} - {{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/prometheusrule.yaml b/rds/base/charts/redis-cluster/templates/prometheusrule.yaml deleted file mode 100644 index d781ee1..0000000 --- a/rds/base/charts/redis-cluster/templates/prometheusrule.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "common.names.name" $ }} - rules: {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/psp.yaml b/rds/base/charts/redis-cluster/templates/psp.yaml deleted file mode 100644 index e048bce..0000000 --- a/rds/base/charts/redis-cluster/templates/psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.fsGroup }} - max: {{ .Values.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.runAsUser }} - max: {{ .Values.podSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.podSecurityContext.runAsUser }} - max: {{ .Values.podSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/redis-role.yaml b/rds/base/charts/redis-cluster/templates/redis-role.yaml deleted file mode 100644 index f951f23..0000000 --- a/rds/base/charts/redis-cluster/templates/redis-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} - {{- if and $pspAvailable .Values.podSecurityPolicy.create }} - - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "common.names.fullname" . }}] -{{- end -}} -{{- if .Values.rbac.role.rules }} -{{- toYaml .Values.rbac.role.rules | nindent 2 }} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/redis-rolebinding.yaml b/rds/base/charts/redis-cluster/templates/redis-rolebinding.yaml deleted file mode 100644 index 2b7f431..0000000 --- a/rds/base/charts/redis-cluster/templates/redis-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "redis-cluster.serviceAccountName" . }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/redis-serviceaccount.yaml b/rds/base/charts/redis-cluster/templates/redis-serviceaccount.yaml deleted file mode 100644 index 6fdb831..0000000 --- a/rds/base/charts/redis-cluster/templates/redis-serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "redis-cluster.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/redis-statefulset.yaml b/rds/base/charts/redis-cluster/templates/redis-statefulset.yaml deleted file mode 100644 index 3ff181d..0000000 --- a/rds/base/charts/redis-cluster/templates/redis-statefulset.yaml +++ /dev/null @@ -1,449 +0,0 @@ -{{- if (include "redis-cluster.createStatefulSet" .) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.redis.updateStrategy }} - updateStrategy: {{- toYaml .Values.redis.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.cluster.nodes }} - serviceName: {{ include "common.names.fullname" . }}-headless - podManagementPolicy: {{ .Values.redis.podManagementPolicy }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.redis.podLabels }} - {{- toYaml .Values.redis.podLabels | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- toYaml .Values.metrics.podLabels | nindent 8 }} - {{- end }} - annotations: - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - {{- if not .Values.existingSecret }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if .Values.redis.podAnnotations }} - {{- toYaml .Values.redis.podAnnotations | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} - {{- end }} - spec: - hostNetwork: {{ .Values.redis.hostNetwork }} - {{- if semverCompare ">= 1.13" (include "common.capabilities.kubeVersion" .) }} - enableServiceLinks: false - {{- end }} - {{- include "redis-cluster.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "redis-cluster.serviceAccountName" . }} - {{- if .Values.redis.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.redis.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.redis.priorityClassName }} - priorityClassName: {{ .Values.redis.priorityClassName }} - {{- end }} - {{- if .Values.redis.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.redis.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.redis.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.redis.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.redis.nodeAffinityPreset.type "key" .Values.redis.nodeAffinityPreset.key "values" .Values.redis.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.redis.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.redis.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.redis.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.redis.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.redis.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.redis.shareProcessNamespace }} - {{- end }} - {{- if .Values.redis.schedulerName }} - schedulerName: {{ .Values.redis.schedulerName | quote }} - {{- end }} - {{- if .Values.redis.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" ( dict "value" .Values.redis.topologySpreadConstraints "context" $ ) | nindent 8 }} - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ include "redis-cluster.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.redis.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.redis.command "context" $) | nindent 12 }} - {{- else }} - command: ['/bin/bash', '-c'] - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.redis.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.redis.args "context" $) | nindent 12 }} - {{- else if .Values.cluster.externalAccess.enabled }} - args: - - | - # Backwards compatibility change - if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then - cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf - fi - pod_index=($(echo "$POD_NAME" | tr "-" "\n")) - pod_index="${pod_index[-1]}" - ips=($(echo "{{ .Values.cluster.externalAccess.service.loadBalancerIP }}" | cut -d [ -f2 | cut -d ] -f 1)) - export REDIS_CLUSTER_ANNOUNCE_IP="${ips[$pod_index]}" - export REDIS_NODES="${ips[@]}" - {{- if .Values.cluster.init }} - if [[ "$pod_index" == "0" ]]; then - export REDIS_CLUSTER_CREATOR="yes" - export REDIS_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}" - fi - {{- end }} - /opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh - {{- else }} - args: - - | - # Backwards compatibility change - if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then - echo COPYING FILE - cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf - fi - {{- if .Values.cluster.init }} - pod_index=($(echo "$POD_NAME" | tr "-" "\n")) - pod_index="${pod_index[-1]}" - if [[ "$pod_index" == "0" ]]; then - export REDIS_CLUSTER_CREATOR="yes" - export REDIS_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}" - fi - {{- end }} - /opt/bitnami/scripts/redis-cluster/entrypoint.sh /opt/bitnami/scripts/redis-cluster/run.sh - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .Values.cluster.externalAccess.enabled }} - - name: REDIS_CLUSTER_DYNAMIC_IPS - value: "no" - {{- else }} - - name: REDIS_NODES - value: "{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }}{{ include "common.names.fullname" $ }}-{{ $i }}.{{ template "common.names.fullname" $ }}-headless {{ end }}" - {{- end }} - {{- if .Values.usePassword }} - - name: REDISCLI_AUTH - valueFrom: - secretKeyRef: - name: {{ template "redis-cluster.secretName" . }} - key: {{ template "redis-cluster.secretPasswordKey" . }} - {{- if .Values.usePasswordFile }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis-cluster.secretName" . }} - key: {{ template "redis-cluster.secretPasswordKey" . }} - {{- end }} - {{- else }} - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - {{- end }} - - name: REDIS_AOF_ENABLED - value: {{ .Values.redis.useAOFPersistence | quote }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.redis.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis-cluster.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis-cluster.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis-cluster.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis-cluster.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.redis.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.redis.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.redis.extraEnvVarsCM .Values.redis.extraEnvVarsSecret }} - envFrom: - {{- if .Values.redis.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVarsCM "context" $ ) }} - {{- end }} - {{- if .Values.redis.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.redis.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - ports: - - name: tcp-redis - containerPort: {{ .Values.redis.containerPorts.redis }} - - name: tcp-redis-bus - containerPort: {{ .Values.redis.containerPorts.bus }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.redis.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.redis.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /scripts/ping_liveness_local.sh {{ .Values.redis.livenessProbe.timeoutSeconds }} - {{- else if .Values.redis.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.redis.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.redis.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /scripts/ping_readiness_local.sh {{ .Values.redis.readinessProbe.timeoutSeconds }} - {{- else if .Values.redis.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.redis.startupProbe.enabled }} - startupProbe: - tcpSocket: - port: tcp-redis - initialDelaySeconds: {{ .Values.redis.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.redis.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.redis.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.redis.startupProbe.successThreshold }} - failureThreshold: {{ .Values.redis.startupProbe.failureThreshold }} - {{- else if .Values.redis.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.redis.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.redis.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.redis.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.redis.resources }} - resources: - {{- include "common.tplvalues.render" (dict "value" .Values.redis.resources "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: scripts - mountPath: /scripts - {{- if .Values.usePasswordFile }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.persistence.path }} - subPath: {{ .Values.persistence.subPath }} - - name: default-config - mountPath: /opt/bitnami/redis/etc/redis-default.conf - subPath: redis-default.conf - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc/ - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.redis.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "redis-cluster.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - {{- if .Values.usePasswordFile }} - export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - {{- end }} - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - - name: REDIS_ADDR - value: {{ printf "%s://127.0.0.1:%g" (ternary "rediss" "redis" .Values.tls.enabled) .Values.redis.containerPorts.redis | quote }} - {{- if and .Values.usePassword (not .Values.usePasswordFile) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis-cluster.secretName" . }} - key: {{ template "redis-cluster.secretPasswordKey" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis-cluster.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis-cluster.tlsCert" . }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis-cluster.tlsCACert" . }} - {{- end }} - {{- if or .Values.usePasswordFile .Values.tls.enabled }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http-metrics - containerPort: 9121 - resources: - {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.redis.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.redis.sidecars "context" $ ) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.containerSecurityContext.enabled }} - {{- if or $needsVolumePermissions .Values.sysctlImage.enabled .Values.redis.initContainers }} - initContainers: - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis-cluster.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: ["/bin/chown", "-R", "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}", "{{ .Values.persistence.path }}"] - securityContext: - runAsUser: 0 - resources: - {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.persistence.path }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.sysctlImage.enabled }} - - name: init-sysctl - image: {{ template "redis-cluster.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }} - resources: - {{- toYaml .Values.sysctlImage.resources | nindent 12 }} - {{- if .Values.sysctlImage.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - command: - {{- toYaml .Values.sysctlImage.command | nindent 12 }} - securityContext: - privileged: true - runAsUser: 0 - {{- end }} - {{- if .Values.redis.initContainers }} - {{- toYaml .Values.redis.initContainers | nindent 8 }} - {{- end }} - {{- end }} - volumes: - - name: scripts - configMap: - name: {{ include "common.names.fullname" . }}-scripts - defaultMode: 0755 - {{- if .Values.usePasswordFile }} - - name: redis-password - secret: - secretName: {{ include "redis-cluster.secretName" . }} - items: - - key: {{ include "redis-cluster.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: default-config - configMap: - name: {{ include "common.names.fullname" . }}-default - {{- if .Values.sysctlImage.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: redis-tmp-conf - emptyDir: {} - {{- if .Values.redis.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.redis.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis-cluster.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - {{- if or .Values.persistence.matchLabels .Values.persistence.matchExpressions }} - selector: - {{- if .Values.persistence.matchLabels }} - matchLabels: - {{- toYaml .Values.persistence.matchLabels | nindent 12 }} - {{- end -}} - {{- if .Values.persistence.matchExpressions }} - matchExpressions: - {{- toYaml .Values.persistence.matchExpressions | nindent 12 }} - {{- end -}} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/redis-svc.yaml b/rds/base/charts/redis-cluster/templates/redis-svc.yaml deleted file mode 100644 index 22c0017..0000000 --- a/rds/base/charts/redis-cluster/templates/redis-svc.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.labels -}} - {{ include "common.tplvalues.render" ( dict "value" .Values.service.labels "context" $ ) | nindent 4 }} - {{- end -}} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.service.ports.redis }} - targetPort: tcp-redis - protocol: TCP - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.redis)) }} - nodePort: {{ .Values.service.nodePorts.redis }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} diff --git a/rds/base/charts/redis-cluster/templates/scripts-configmap.yaml b/rds/base/charts/redis-cluster/templates/scripts-configmap.yaml deleted file mode 100644 index 7cd2a4c..0000000 --- a/rds/base/charts/redis-cluster/templates/scripts-configmap.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-scripts - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - ping_readiness_local.sh: |- - #!/bin/sh - set -e - - REDIS_STATUS_FILE=/tmp/.redis_cluster_check - - {{- if .Values.usePasswordFile }} - password_aux=`cat ${REDIS_PASSWORD_FILE}` - export REDISCLI_AUTH=$password_aux - {{- else }} - if [ ! -z "$REDIS_PASSWORD" ]; then export REDISCLI_AUTH=$REDIS_PASSWORD; fi; - {{- end }} - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cert {{ template "redis-cluster.tlsCert" . }} \ - --key {{ template "redis-cluster.tlsCertKey" . }} \ - --cacert {{ template "redis-cluster.tlsCACert" . }} \ -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi -{{- if not .Values.cluster.externalAccess.enabled }} - if [ ! -f "$REDIS_STATUS_FILE" ]; then - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ - {{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cert {{ template "redis-cluster.tlsCert" . }} \ - --key {{ template "redis-cluster.tlsCertKey" . }} \ - --cacert {{ template "redis-cluster.tlsCACert" . }} \ - {{- else }} - -p $REDIS_PORT \ - {{- end }} - CLUSTER INFO | grep cluster_state | tr -d '[:space:]' - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "cluster_state:ok" ]; then - echo "$response" - exit 1 - else - touch "$REDIS_STATUS_FILE" - fi - fi -{{- end }} - ping_liveness_local.sh: |- - #!/bin/sh - set -e - - {{- if .Values.usePasswordFile }} - password_aux=`cat ${REDIS_PASSWORD_FILE}` - export REDISCLI_AUTH=$password_aux - {{- else }} - if [ ! -z "$REDIS_PASSWORD" ]; then export REDISCLI_AUTH=$REDIS_PASSWORD; fi; - {{- end }} - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cert {{ template "redis-cluster.tlsCert" . }} \ - --key {{ template "redis-cluster.tlsCertKey" . }} \ - --cacert {{ template "redis-cluster.tlsCACert" . }} \ -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi diff --git a/rds/base/charts/redis-cluster/templates/secret.yaml b/rds/base/charts/redis-cluster/templates/secret.yaml deleted file mode 100644 index 9b95aef..0000000 --- a/rds/base/charts/redis-cluster/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.usePassword (not .Values.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - redis-password: {{ include "redis-cluster.password" . | b64enc | quote }} -{{- end -}} diff --git a/rds/base/charts/redis-cluster/templates/svc-cluster-external-access.yaml b/rds/base/charts/redis-cluster/templates/svc-cluster-external-access.yaml deleted file mode 100644 index 9778040..0000000 --- a/rds/base/charts/redis-cluster/templates/svc-cluster-external-access.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.cluster.externalAccess.enabled }} -{{- $fullName := include "common.names.fullname" . }} -{{- $nodesCount := .Values.cluster.nodes | int }} -{{- $root := . }} - -{{- range $i, $e := until $nodesCount }} -{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }} -{{- $_ := set $ "targetPod" $targetPod }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" $ }}-{{ $i }}-svc - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - pod: {{ $targetPod }} - {{- if $root.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if $root.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $root.Values.cluster.externalAccess.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" $root.Values.cluster.externalAccess.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $root.Values.cluster.externalAccess.service.type }} - {{- if $root.Values.cluster.externalAccess.service.loadBalancerIP }} - loadBalancerIP: {{ index $root.Values.cluster.externalAccess.service.loadBalancerIP $i }} - {{- end }} - {{- if and (eq $root.Values.cluster.externalAccess.service.type "LoadBalancer") $root.Values.cluster.externalAccess.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $root.Values.cluster.externalAccess.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ $root.Values.cluster.externalAccess.service.port }} - targetPort: tcp-redis - - name: tcp-redis-bus - targetPort: tcp-redis-bus - port: {{ $root.Values.redis.containerPorts.bus }} - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} - statefulset.kubernetes.io/pod-name: {{ $targetPod }} ---- -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/tls-secret.yaml b/rds/base/charts/redis-cluster/templates/tls-secret.yaml deleted file mode 100644 index 5cf2afa..0000000 --- a/rds/base/charts/redis-cluster/templates/tls-secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if (include "redis-cluster.createTlsSecret" .) }} -{{- $ca := genCA "redis-cluster-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-crt - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} -{{- end }} diff --git a/rds/base/charts/redis-cluster/templates/update-cluster.yaml b/rds/base/charts/redis-cluster/templates/update-cluster.yaml deleted file mode 100644 index a0b3fc6..0000000 --- a/rds/base/charts/redis-cluster/templates/update-cluster.yaml +++ /dev/null @@ -1,266 +0,0 @@ -{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.names.fullname" . }}-cluster-update - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": post-upgrade - {{- if .Values.updateJob.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.updateJob.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - activeDeadlineSeconds: {{ .Values.updateJob.activeDeadlineSeconds }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.updateJob.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.updateJob.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "redis-cluster.imagePullSecrets" . | nindent 6 }} - {{- if .Values.updateJob.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.updateJob.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.updateJob.nodeAffinityPreset.type "key" .Values.updateJob.nodeAffinityPreset.key "values" .Values.updateJob.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.updateJob.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.updateJob.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.updateJob.priorityClassName }} - priorityClassName: {{ .Values.updateJob.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "redis-cluster.serviceAccountName" . }} - {{- if .Values.updateJob.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: trigger - image: {{ include "redis-cluster.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.updateJob.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.command "context" $) | nindent 12 }} - {{- else }} - command: ['/bin/bash', '-c'] - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.updateJob.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.args "context" $) | nindent 12 }} - {{- else }} - args: - - | - . /opt/bitnami/scripts/libnet.sh - . /opt/bitnami/scripts/libos.sh - # Backwards compatibility change - if ! [[ -f /opt/bitnami/redis/etc/redis.conf ]]; then - cp /opt/bitnami/redis/etc/redis-default.conf /opt/bitnami/redis/etc/redis.conf - fi - firstNodeIP=$(wait_for_dns_lookup {{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless 120 5) - {{- if .Values.cluster.externalAccess.enabled }} - newNodeCounter=0 - for nodeIP in $(echo "{{ .Values.cluster.update.newExternalIPs }}" | cut -d [ -f2 | cut -d ] -f 1 ); do - {{- if .Values.tls.enabled }} - while [[ $(redis-cli -h "$nodeIP" -p "$REDIS_TLS_PORT" --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} ping) != 'PONG' ]]; do - {{- else }} - while [[ $(redis-cli -h "$nodeIP" -p "$REDIS_PORT" ping) != 'PONG' ]]; do - {{- end }} - echo "Node $nodeIP not ready, waiting for all the nodes to be ready..." - sleep 5 - done - slave=() - if (( $REDIS_CLUSTER_REPLICAS >= 1 )) && (( newNodeCounter % (( $REDIS_CLUSTER_REPLICAS + 1 )) )); then - slave+=("--cluster-slave") - fi - {{- if .Values.tls.enabled }} - while ! redis-cli --cluster --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} add-node "${nodeIP}:${REDIS_TLS_PORT}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}" ${slave[@]}; do - {{- else }} - while ! redis-cli --cluster add-node "${nodeIP}:${REDIS_PORT}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}" ${slave[@]}; do - {{- end }} - echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying" - sleep 5 - done - ((newNodeCounter += 1)) - done - - {{- if .Values.tls.enabled }} - while ! redis-cli --cluster rebalance --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}" --cluster-use-empty-masters; do - {{- else }} - while ! redis-cli --cluster rebalance "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}" --cluster-use-empty-masters; do - {{- end }} - echo "Rebalance failed, retrying" - sleep 5 - {{- if .Values.tls.enabled }} - redis-cli --cluster fix --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_TLS_PORT}" - {{- else }} - redis-cli --cluster fix "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${REDIS_PORT}" - {{- end }} - done - - {{- else }} - # number of currently deployed redis master nodes - currentMasterNodesNum="$(( {{ .Values.cluster.update.currentNumberOfNodes }} / (( {{ .Values.cluster.update.currentNumberOfReplicas }} + 1 )) ))" - # end postion of new replicas that should be assigned to original redis master nodes - slaveNodesEndPos="$(( {{ .Values.cluster.update.currentNumberOfNodes }} + (($REDIS_CLUSTER_REPLICAS - {{ .Values.cluster.update.currentNumberOfReplicas }})) * $currentMasterNodesNum ))" - for node in $(seq $((1+{{ .Values.cluster.update.currentNumberOfNodes }})) {{ .Values.cluster.nodes }}); do - newNodeIndex="$(($node - 1))" - newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5) - {{- if .Values.tls.enabled }} - while [[ $(redis-cli -h "$newNodeIP" -p "$REDIS_TLS_PORT" --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} ping) != 'PONG' ]]; do - {{- else }} - while [[ $(redis-cli -h "$newNodeIP" -p "$REDIS_PORT" ping) != 'PONG' ]]; do - {{- end }} - echo "Node $newNodeIP not ready, waiting for all the nodes to be ready..." - newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5) - sleep 5 - done - slave=() - # when the index of the new node is less than `slaveNodesEndPos`,the added node is a replica that assigned to original redis master node - # when the index of the new node is greater than or equal to `slaveNodesEndPos`,and it is not a multiple of `$REDIS_CLUSTER_REPLICAS + 1`, the added node is a replica that assigned to newly added master node - if (( $REDIS_CLUSTER_REPLICAS >= 1 )) && (( (( $newNodeIndex < $slaveNodesEndPos )) || (( (( $newNodeIndex >= $slaveNodesEndPos )) && (( $newNodeIndex % (( $REDIS_CLUSTER_REPLICAS + 1 )) )) )) )); then - slave+=("--cluster-slave") - fi - {{- if .Values.tls.enabled }} - while ! redis-cli --cluster add-node --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${newNodeIP}:${REDIS_TLS_PORT}" "${firstNodeIP}:${REDIS_TLS_PORT}" ${slave[@]}; do - {{- else }} - while ! redis-cli --cluster add-node "${newNodeIP}:${REDIS_PORT}" "${firstNodeIP}:${REDIS_PORT}" ${slave[@]}; do - {{- end }} - echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying" - sleep 5 - firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5) - newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5) - done - done - - {{- if .Values.tls.enabled }} - while ! redis-cli --cluster rebalance --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${firstNodeIP}:${REDIS_TLS_PORT}" --cluster-use-empty-masters; do - {{- else }} - while ! redis-cli --cluster rebalance "${firstNodeIP}:${REDIS_PORT}" --cluster-use-empty-masters; do - {{- end }} - echo "Rebalance failed, retrying" - sleep 5 - firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5) - {{- if .Values.tls.enabled }} - redis-cli --cluster fix --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} "${firstNodeIP}:${REDIS_TLS_PORT}" - {{- else }} - redis-cli --cluster fix "${firstNodeIP}:${REDIS_PORT}" - {{- end }} - done - - {{- end }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.cluster.externalAccess.enabled }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis-cluster.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis-cluster.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis-cluster.tlsCACert" . }} - - name: REDIS_TLS_PORT - {{- else }} - - name: REDIS_PORT - {{- end }} - value: {{ .Values.cluster.externalAccess.service.port | quote }} - {{- else }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis-cluster.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis-cluster.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis-cluster.tlsCACert" . }} - - name: REDIS_TLS_PORT - {{- else }} - - name: REDIS_PORT - {{- end }} - value: {{ .Values.redis.containerPorts.redis | quote }} - {{- end }} - - name: REDIS_CLUSTER_REPLICAS - value: {{ .Values.cluster.replicas | quote }} - {{- if .Values.usePassword }} - - name: REDISCLI_AUTH - valueFrom: - secretKeyRef: - name: {{ template "redis-cluster.secretName" . }} - key: {{ template "redis-cluster.secretPasswordKey" . }} - {{- end }} - {{- if .Values.updateJob.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.updateJob.extraEnvVarsCM .Values.updateJob.extraEnvVarsSecret }} - envFrom: - {{- if .Values.updateJob.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.updateJob.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.updateJob.resources }} - resources: {{- toYaml .Values.updateJob.resources | nindent 12 }} - {{- end }} - {{- if or .Values.tls.enabled .Values.updateJob.extraVolumeMounts }} - volumeMounts: - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.updateJob.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - restartPolicy: OnFailure - {{- if or .Values.tls.enabled .Values.updateJob.extraVolumes }} - volumes: - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "common.tplvalues.render" (dict "value" .Values.tls.certificatesSecret "context" $) }} - {{- end }} - {{- if .Values.updateJob.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumes "context" $) | nindent 6 }} - {{- end }} - {{- end }} -{{- end }} - diff --git a/rds/base/charts/redis-cluster/values.yaml b/rds/base/charts/redis-cluster/values.yaml deleted file mode 100644 index ab68adc..0000000 --- a/rds/base/charts/redis-cluster/values.yaml +++ /dev/null @@ -1,980 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.redis.password Redis® password (overrides `password`) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - redis: - password: "" - -## @section Redis® Cluster Common parameters -## - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## Bitnami Redis® image version -## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry Redis® cluster image registry -## @param image.repository Redis® cluster image repository -## @param image.tag Redis® cluster image tag (immutable tags are recommended) -## @param image.pullPolicy Redis® cluster image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/redis-cluster - ## Bitnami Redis® image tag - ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links - ## - tag: 6.2.7-debian-11-r9 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## Network Policy -## @param networkPolicy.enabled Enable NetworkPolicy -## @param networkPolicy.allowExternal The Policy model to apply. Don't require client label for connections -## @param networkPolicy.ingressNSMatchLabels Allow connections from other namespacess. Just set label for namespace and set label for pods (optional). -## @param networkPolicy.ingressNSPodMatchLabels For other namespaces match by pod labels and namespace labels -## -networkPolicy: - enabled: false - ## When set to false, only pods with the correct - ## client label will have network access to the port Redis® is listening - ## on. When true, Redis® will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: false - ## @param serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## @param serviceAccount.annotations Annotations for Cassandra Service Account - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. - ## - automountServiceAccountToken: false - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - role: - ## @param rbac.role.rules Rules to create. It follows the role specification - ## rules: - ## - apiGroups: - ## - extensions - ## resources: - ## - podsecuritypolicies - ## verbs: - ## - use - ## resourceNames: - ## - gce.unprivileged - ## - rules: [] -## Redis® pod Security Context -## @param podSecurityContext.enabled Enable Redis® pod Security Context -## @param podSecurityContext.fsGroup Group ID for the pods -## @param podSecurityContext.runAsUser User ID for the pods -## @param podSecurityContext.sysctls Set namespaced sysctls for the pods -## -podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## Uncomment the setting below to increase the net.core.somaxconn value - ## e.g: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## @param podDisruptionBudget Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions -## -podDisruptionBudget: {} -## @param minAvailable Min number of pods that must still be available after the eviction -## -minAvailable: "" -## @param maxUnavailable Max number of pods that can be unavailable after the eviction -## -maxUnavailable: "" -## Containers Security Context -## @param containerSecurityContext.enabled Enable Containers' Security Context -## @param containerSecurityContext.runAsUser User ID for the containers. -## @param containerSecurityContext.runAsNonRoot Run container as non root -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## @param usePassword Use password authentication -## -usePassword: true -## @param password Redis® password (ignored if existingSecret set) -## Defaults to a random 10-character alphanumeric string if not set and usePassword is true -## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run -## -password: "" -## @param existingSecret Name of existing secret object (for password authentication) -## -existingSecret: "" -## @param existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret -## -existingSecretPasswordKey: "" -## @param usePasswordFile Mount passwords as files instead of environment variables -## -usePasswordFile: false -## -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS support for replication traffic - ## - enabled: false - ## @param tls.authClients Require clients to authenticate or not - ## - authClients: true - ## @param tls.autoGenerated Generate automatically self-signed TLS certificates - ## - autoGenerated: false - ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates - ## - existingSecret: "" - ## @param tls.certificatesSecret DEPRECATED. Use tls.existingSecret instead - ## - certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## - certCAFilename: "" - ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) - ## - dhParamsFilename: "" -## Redis® Service properties for standalone mode. -## -service: - ## @param service.ports.redis Kubernetes Redis service port - ## - ports: - redis: 6379 - ## Node ports to expose - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param service.nodePorts.redis Node port for Redis - ## - nodePorts: - redis: "" - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Provide any additional annotations which may be required. - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.labels Additional labels for redis service - ## - labels: {} - ## @param service.type Service type for default redis service - ## Setting this to LoadBalancer may require corresponding service annotations for loadbalancer creation to succeed. - ## Currently supported types are ClusterIP (default) and LoadBalancer - ## - type: ClusterIP - ## @param service.clusterIP Service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Load balancer IP if `service.type` is `LoadBalancer` - ## If service.type is LoadBalancer, request a specific static IP address if supported by the cloud provider, otherwise leave blank - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.path Path to mount the volume at, to use other images Redis® images. - ## - path: /bitnami/redis/data - ## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services - ## - subPath: "" - ## @param persistence.storageClass Storage class of backing PVC - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.accessModes Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Size of data volume - ## - size: 8Gi - ## @param persistence.matchLabels Persistent Volume selectors - ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector - ## - matchLabels: {} - ## @param persistence.matchExpressions matchExpressions Persistent Volume selectors - ## - matchExpressions: {} - -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r10 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## PodSecurityPolicy configuration -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later -## -podSecurityPolicy: - create: false - -## @section Redis® statefulset parameters -## - -redis: - ## @param redis.command Redis® entrypoint string. The command `redis-server` is executed if this is not provided - ## - command: [] - ## @param redis.args Arguments for the provided command if needed - ## - args: [] - ## @param redis.updateStrategy.type Argo Workflows statefulset strategy type - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - ## @param redis.updateStrategy.rollingUpdate.partition Partition update strategy - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - rollingUpdate: - partition: 0 - - ## @param redis.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: Parallel - ## @param redis.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param redis.hostNetwork Host networking requested for this pod. Use the host's network namespace. - ## https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podspec-v1-core - ## - hostNetwork: false - ## @param redis.useAOFPersistence Whether to use AOF Persistence mode or not - ## It is strongly recommended to use this type when dealing with clusters - ## ref: https://redis.io/topics/persistence#append-only-file - ## ref: https://redis.io/topics/cluster-tutorial#creating-and-using-a-redis-cluster - ## - useAOFPersistence: "yes" - ## @param redis.containerPorts.redis Redis® port - ## @param redis.containerPorts.bus The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379 - ## - containerPorts: - redis: 6379 - bus: 16379 - ## @param redis.lifecycleHooks LifecycleHook to set additional configuration before or after startup. Evaluated as a template - ## - lifecycleHooks: {} - ## @param redis.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param redis.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param redis.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param redis.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param redis.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param redis.initContainers Extra init containers to add to the deployment - ## - initContainers: [] - ## @param redis.sidecars Extra sidecar containers to add to the deployment - ## - sidecars: [] - ## @param redis.podLabels Additional labels for Redis® pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param redis.priorityClassName Redis® Master pod priorityClassName - ## - priorityClassName: "" - ## @param redis.configmap Additional Redis® configuration for the nodes - ## ref: https://redis.io/topics/config - ## - configmap: "" - ## @param redis.extraEnvVars An array to add extra environment variables - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param redis.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param redis.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param redis.podAnnotations Redis® additional annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podAnnotations: {} - ## Redis® resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param redis.resources.limits The resources limits for the container - ## @param redis.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param redis.schedulerName Use an alternate scheduler, e.g. "stork". - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param redis.shareProcessNamespace Enable shared process namespace in a pod. - ## If set to false (default), each container will run in separate namespace, redis will have PID=1. - ## If set to true, the /pause will run as init process and will reap any zombie PIDs, - ## for example, generated by a custom exec probe running longer than a probe timeoutSeconds. - ## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## Configure extra options for Redis® liveness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param redis.livenessProbe.enabled Enable livenessProbe - ## @param redis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param redis.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param redis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param redis.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param redis.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## Configure extra options for Redis® readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## @param redis.readinessProbe.enabled Enable readinessProbe - ## @param redis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param redis.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param redis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param redis.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param redis.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param redis.startupProbe.enabled Enable startupProbe - ## @param redis.startupProbe.path Path to check for startupProbe - ## @param redis.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param redis.startupProbe.periodSeconds Period seconds for startupProbe - ## @param redis.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param redis.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param redis.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - path: / - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param redis.podAffinityPreset Redis® pod affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param redis.podAntiAffinityPreset Redis® pod anti-affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Redis® node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param redis.nodeAffinityPreset.type Redis® node affinity preset type. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param redis.nodeAffinityPreset.key Redis® node label key to match Ignored if `redis.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param redis.nodeAffinityPreset.values Redis® node label values to match. Ignored if `redis.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param redis.affinity Affinity settings for Redis® pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: redis.podAffinityPreset, redis.podAntiAffinityPreset, and redis.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param redis.nodeSelector Node labels for Redis® pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param redis.tolerations Tolerations for Redis® pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param redis.topologySpreadConstraints Pod topology spread constraints for Redis® pod - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - -## @section Cluster update job parameters -## - -## Cluster update job settings -## -updateJob: - ## @param updateJob.activeDeadlineSeconds Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready. - ## - activeDeadlineSeconds: 600 - ## @param updateJob.command Container command (using container default if not set) - ## - command: [] - ## @param updateJob.args Container args (using container default if not set) - ## - args: [] - ## @param updateJob.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param updateJob.annotations Job annotations - ## - annotations: {} - ## @param updateJob.podAnnotations Job pod annotations - ## - podAnnotations: {} - ## @param updateJob.podLabels Pod extra labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param updateJob.extraEnvVars An array to add extra environment variables - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param updateJob.extraEnvVarsCM ConfigMap containing extra environment variables - ## - extraEnvVarsCM: "" - ## @param updateJob.extraEnvVarsSecret Secret containing extra environment variables - ## - extraEnvVarsSecret: "" - ## @param updateJob.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param updateJob.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param updateJob.initContainers Extra init containers to add to the deployment - ## - initContainers: [] - ## @param updateJob.podAffinityPreset Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param updateJob.podAntiAffinityPreset Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Update job node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param updateJob.nodeAffinityPreset.type Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param updateJob.nodeAffinityPreset.key Update job node label key to match Ignored if `updateJob.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param updateJob.nodeAffinityPreset.values Update job node label values to match. Ignored if `updateJob.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param updateJob.affinity Affinity for update job pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: updateJob.podAffinityPreset, updateJob.podAntiAffinityPreset, and updateJob.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param updateJob.nodeSelector Node labels for update job pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param updateJob.tolerations Tolerations for update job pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param updateJob.priorityClassName Priority class name - ## - priorityClassName: "" - ## Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param updateJob.resources.limits The resources limits for the container - ## @param updateJob.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - ## - requests: {} - -## @section Cluster management parameters -## - -## Redis® Cluster settings -## -cluster: - ## @param cluster.init Enable the initialization of the Redis® Cluster - ## - init: true - ## Number of Redis® nodes to be deployed - ## - ## Note: - ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica - ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node). - ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas - ## - ## @param cluster.nodes The number of master nodes should always be >= 3, otherwise cluster creation will fail - ## - nodes: 6 - ## @param cluster.replicas Number of replicas for every master in the cluster - ## Parameter to be passed as --cluster-replicas to the redis-cli --cluster create - ## 1 means that we want a replica for every master created - ## - replicas: 1 - ## Configuration to access the Redis® Cluster from outside the Kubernetes cluster - ## - externalAccess: - ## @param cluster.externalAccess.enabled Enable access to the Redis - ## - enabled: false - service: - ## @param cluster.externalAccess.service.type Type for the services used to expose every Pod - ## At this moment only LoadBalancer is supported - ## - type: LoadBalancer - ## @param cluster.externalAccess.service.port Port for the services used to expose every Pod - ## - port: 6379 - ## @param cluster.externalAccess.service.loadBalancerIP Array of load balancer IPs for each Redis® node. Length must be the same as cluster.nodes - ## - loadBalancerIP: [] - ## @param cluster.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param cluster.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Redis® Cluster - ## - annotations: {} - ## This section allows to update the Redis® cluster nodes. - ## - update: - ## @param cluster.update.addNodes Boolean to specify if you want to add nodes after the upgrade - ## Setting this to true a hook will add nodes to the Redis® cluster after the upgrade. currentNumberOfNodes and currentNumberOfReplicas is required - ## - addNodes: false - ## @param cluster.update.currentNumberOfNodes Number of currently deployed Redis® nodes - ## - currentNumberOfNodes: 6 - ## @param cluster.update.currentNumberOfReplicas Number of currently deployed Redis® replicas - ## - currentNumberOfReplicas: 1 - ## @param cluster.update.newExternalIPs External IPs obtained from the services for the new nodes to add to the cluster - ## - newExternalIPs: [] - -## @section Metrics sidecar parameters -## - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Redis® exporter image registry - ## @param metrics.image.repository Redis® exporter image name - ## @param metrics.image.tag Redis® exporter image tag - ## @param metrics.image.pullPolicy Redis® exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/redis-exporter - tag: 1.43.0-debian-11-r3 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.extraArgs Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter - ## extraArgs: - ## check-keys: myKey,myOtherKey - ## - extraArgs: {} - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - ## @param metrics.podLabels Additional labels for Metrics exporter pod - ## - podLabels: {} - ## Enable this if you're using https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default) - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.labels ServiceMonitor extra labels - ## - labels: {} - ## @param metrics.serviceMonitor.annotations ServiceMonitor annotations - ## - annotations: {} - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created - ## @param metrics.prometheusRule.rules Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example. - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## - alert: RedisDown - ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $instance }}" }} down - ## description: Redis® instance {{ "{{ $instance }}" }} is down. - ## - alert: RedisMemoryHigh - ## expr: > - ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 - ## / - ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} - ## > 90 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $instance }}" }} is using too much memory - ## description: Redis® instance {{ "{{ $instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. - ## - alert: RedisKeyEviction - ## expr: increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 - ## for: 1s - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $instance }}" }} has evicted keys - ## description: Redis® instance {{ "{{ $instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. - ## - rules: [] - ## @param metrics.priorityClassName Metrics exporter pod priorityClassName - ## - priorityClassName: "" - ## @param metrics.service.type Kubernetes Service type (redis metrics) - ## @param metrics.service.loadBalancerIP Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank - ## @param metrics.service.annotations Annotations for the services to monitor. - ## @param metrics.service.labels Additional labels for the metrics service - ## - service: - type: ClusterIP - ## @param metrics.service.clusterIP Service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - loadBalancerIP: "" - annotations: {} - labels: {} - -## @section Sysctl Image parameters -## - -## Sysctl InitContainer -## Used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) -## -sysctlImage: - ## @param sysctlImage.enabled Enable an init container to modify Kernel settings - ## - enabled: false - ## @param sysctlImage.command sysctlImage command to execute - ## - command: [] - ## @param sysctlImage.registry sysctlImage Init container registry - ## @param sysctlImage.repository sysctlImage Init container repository - ## @param sysctlImage.tag sysctlImage Init container tag - ## @param sysctlImage.pullPolicy sysctlImage Init container pull policy - ## @param sysctlImage.pullSecrets Specify docker-registry secret names as an array - ## - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r10 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param sysctlImage.mountHostSys Mount the host `/sys` folder to `/host-sys` - ## - mountHostSys: false - ## Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sysctlImage.resources.limits The resources limits for the container - ## @param sysctlImage.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} diff --git a/rds/base/charts/redis/.helmignore b/rds/base/charts/redis/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/rds/base/charts/redis/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/rds/base/charts/redis/Chart.lock b/rds/base/charts/redis/Chart.lock deleted file mode 100644 index 863ab5d..0000000 --- a/rds/base/charts/redis/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: file://charts/common - version: 1.16.0 -digest: sha256:4ada3eb952477c2d0cedb8b58c4dd4351576124c08e2b597bb8d7a85a821d0b3 -generated: "2023-02-07T10:50:01.265240461+01:00" diff --git a/rds/base/charts/redis/Chart.yaml b/rds/base/charts/redis/Chart.yaml deleted file mode 100644 index 19c84bb..0000000 --- a/rds/base/charts/redis/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 6.2.7 -dependencies: -- name: common - repository: file://charts/common - tags: - - bitnami-common - alias: redis-common - version: 1.x.x -description: Redis(R) is an open source, advanced key-value store. It is often referred - to as a data structure server since keys can contain strings, hashes, lists, sets - and sorted sets. -home: https://github.com/bitnami/charts/tree/master/bitnami/redis -icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png -keywords: -- redis -- keyvalue -- database -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -- email: cedric@desaintmartin.fr - name: desaintmartin -name: redis -sources: -- https://github.com/bitnami/bitnami-docker-redis -version: 16.13.2 diff --git a/rds/base/charts/redis/README.md b/rds/base/charts/redis/README.md deleted file mode 100644 index 5113c05..0000000 --- a/rds/base/charts/redis/README.md +++ /dev/null @@ -1,898 +0,0 @@ - - -# Bitnami package for Redis(R) - -Redis(R) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. - -[Overview of Redis®](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/redis -``` - -## Introduction - -This chart bootstraps a [Redis®](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -### Choose between Redis® Helm Chart and Redis® Cluster Helm Chart - -You can choose any of the two Redis® Helm charts for deploying a Redis® cluster. - -1. [Redis® Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-replica cluster, with the [option](https://github.com/bitnami/charts/tree/master/bitnami/redis#redis-sentinel-configuration-parameters) of enabling using Redis® Sentinel. -2. [Redis® Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis® Cluster topology with sharding. - -The main features of each chart are the following: - -| Redis® | Redis® Cluster | -|--------------------------------------------------------|------------------------------------------------------------------------| -| Supports multiple databases | Supports only one database. Better if you have a big dataset | -| Single write point (single master) | Multiple write points (multiple masters) | -| ![Redis® Topology](img/redis-topology.png) | ![Redis® Cluster Topology](img/redis-cluster-topology.png) | - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/redis -``` - -The command deploys Redis® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------ | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `secretAnnotations` | Annotations to add to secret | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### Redis® Image parameters - -| Name | Description | Value | -| ------------------- | ----------------------------------------------------- | --------------------- | -| `image.registry` | Redis® image registry | `docker.io` | -| `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `6.2.7-debian-11-r11` | -| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Redis® image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - - -### Redis® common configuration parameters - -| Name | Description | Value | -| -------------------------------- | ------------------------------------------------------------------------------------- | ------------- | -| `architecture` | Redis® architecture. Allowed values: `standalone` or `replication` | `replication` | -| `auth.enabled` | Enable password authentication | `true` | -| `auth.sentinel` | Enable password authentication on sentinels too | `true` | -| `auth.password` | Redis® password | `""` | -| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` | -| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | -| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` | - - -### Redis® master configuration parameters - -| Name | Description | Value | -| ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `master.count` | Number of Redis® master instances to deploy (experimental, requires additional configuration) | `1` | -| `master.configuration` | Configuration for Redis® master nodes | `""` | -| `master.disableCommands` | Array with Redis® commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` | -| `master.command` | Override default container command (useful when using custom images) | `[]` | -| `master.args` | Override default container args (useful when using custom images) | `[]` | -| `master.preExecCmds` | Additional commands to run prior to starting Redis® master | `[]` | -| `master.extraFlags` | Array with additional command line flags for Redis® master | `[]` | -| `master.extraEnvVars` | Array with extra environment variables to add to Redis® master nodes | `[]` | -| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® master nodes | `""` | -| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® master nodes | `""` | -| `master.containerPorts.redis` | Container port to open on Redis® master nodes | `6379` | -| `master.startupProbe.enabled` | Enable startupProbe on Redis® master nodes | `false` | -| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | -| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `master.livenessProbe.enabled` | Enable livenessProbe on Redis® master nodes | `true` | -| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `master.readinessProbe.enabled` | Enable readinessProbe on Redis® master nodes | `true` | -| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `master.resources.limits` | The resources limits for the Redis® master containers | `{}` | -| `master.resources.requests` | The requested resources for the Redis® master containers | `{}` | -| `master.podSecurityContext.enabled` | Enabled Redis® master pods' Security Context | `true` | -| `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` | -| `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` | -| `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` | -| `master.kind` | Use either Deployment or StatefulSet (default) | `StatefulSet` | -| `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` | -| `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` | -| `master.priorityClassName` | Redis® master pods' priorityClassName | `""` | -| `master.hostAliases` | Redis® master pods host aliases | `[]` | -| `master.podLabels` | Extra labels for Redis® master pods | `{}` | -| `master.podAnnotations` | Annotations for Redis® master pods | `{}` | -| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® master pods | `false` | -| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | -| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | -| `master.affinity` | Affinity for Redis® master pods assignment | `{}` | -| `master.nodeSelector` | Node labels for Redis® master pods assignment | `{}` | -| `master.tolerations` | Tolerations for Redis® master pods assignment | `[]` | -| `master.topologySpreadConstraints` | Spread Constraints for Redis® master pod assignment | `[]` | -| `master.dnsPolicy` | DNS Policy for Redis® master pod | `""` | -| `master.dnsConfig` | DNS Configuration for Redis® master pod | `{}` | -| `master.lifecycleHooks` | for the Redis® master container(s) to automate configuration before or after startup | `{}` | -| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® master pod(s) | `[]` | -| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® master container(s) | `[]` | -| `master.sidecars` | Add additional sidecar containers to the Redis® master pod(s) | `[]` | -| `master.initContainers` | Add additional init containers to the Redis® master pod(s) | `[]` | -| `master.persistence.enabled` | Enable persistence on Redis® master nodes using Persistent Volume Claims | `true` | -| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `master.persistence.path` | The path the volume will be mounted at on Redis® master containers | `/data` | -| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis® master containers | `""` | -| `master.persistence.storageClass` | Persistent Volume storage class | `""` | -| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `master.persistence.size` | Persistent Volume size | `8Gi` | -| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `master.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `master.persistence.dataSource` | Custom PVC data source | `{}` | -| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `master.service.type` | Redis® master service type | `ClusterIP` | -| `master.service.ports.redis` | Redis® master service port | `6379` | -| `master.service.nodePorts.redis` | Node port for Redis® master | `""` | -| `master.service.externalTrafficPolicy` | Redis® master service external traffic policy | `Cluster` | -| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `master.service.internalTrafficPolicy` | Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `master.service.clusterIP` | Redis® master service Cluster IP | `""` | -| `master.service.loadBalancerIP` | Redis® master service Load Balancer IP | `""` | -| `master.service.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` | -| `master.service.annotations` | Additional custom annotations for Redis® master service | `{}` | -| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` | - - -### Redis® replicas configuration parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------ | -| `replica.replicaCount` | Number of Redis® replicas to deploy | `3` | -| `replica.configuration` | Configuration for Redis® replicas nodes | `""` | -| `replica.disableCommands` | Array with Redis® commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | -| `replica.command` | Override default container command (useful when using custom images) | `[]` | -| `replica.args` | Override default container args (useful when using custom images) | `[]` | -| `replica.preExecCmds` | Additional commands to run prior to starting Redis® replicas | `[]` | -| `replica.extraFlags` | Array with additional command line flags for Redis® replicas | `[]` | -| `replica.extraEnvVars` | Array with extra environment variables to add to Redis® replicas nodes | `[]` | -| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® replicas nodes | `""` | -| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® replicas nodes | `""` | -| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `replica.externalMaster.host` | External master host to bootstrap from | `""` | -| `replica.externalMaster.port` | Port for Redis service external master host | `6379` | -| `replica.containerPorts.redis` | Container port to open on Redis® replicas nodes | `6379` | -| `replica.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `true` | -| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `replica.resources.limits` | The resources limits for the Redis® replicas containers | `{}` | -| `replica.resources.requests` | The requested resources for the Redis® replicas containers | `{}` | -| `replica.podSecurityContext.enabled` | Enabled Redis® replicas pods' Security Context | `true` | -| `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` | -| `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` | -| `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` | -| `replica.updateStrategy.type` | Redis® replicas statefulset strategy type | `RollingUpdate` | -| `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` | -| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | -| `replica.hostAliases` | Redis® replicas pods host aliases | `[]` | -| `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` | -| `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` | -| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® replicas pods | `false` | -| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | -| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | -| `replica.affinity` | Affinity for Redis® replicas pods assignment | `{}` | -| `replica.nodeSelector` | Node labels for Redis® replicas pods assignment | `{}` | -| `replica.tolerations` | Tolerations for Redis® replicas pods assignment | `[]` | -| `replica.topologySpreadConstraints` | Spread Constraints for Redis® replicas pod assignment | `[]` | -| `replica.dnsPolicy` | DNS Policy for Redis® replica pods | `""` | -| `replica.dnsConfig` | DNS Configuration for Redis® replica pods | `{}` | -| `replica.lifecycleHooks` | for the Redis® replica container(s) to automate configuration before or after startup | `{}` | -| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® replicas pod(s) | `[]` | -| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) | `[]` | -| `replica.sidecars` | Add additional sidecar containers to the Redis® replicas pod(s) | `[]` | -| `replica.initContainers` | Add additional init containers to the Redis® replicas pod(s) | `[]` | -| `replica.persistence.enabled` | Enable persistence on Redis® replicas nodes using Persistent Volume Claims | `true` | -| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `replica.persistence.path` | The path the volume will be mounted at on Redis® replicas containers | `/data` | -| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis® replicas containers | `""` | -| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | -| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `replica.persistence.size` | Persistent Volume size | `8Gi` | -| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `replica.persistence.dataSource` | Custom PVC data source | `{}` | -| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `replica.service.type` | Redis® replicas service type | `ClusterIP` | -| `replica.service.ports.redis` | Redis® replicas service port | `6379` | -| `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` | -| `replica.service.externalTrafficPolicy` | Redis® replicas service external traffic policy | `Cluster` | -| `replica.service.internalTrafficPolicy` | Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `replica.service.clusterIP` | Redis® replicas service Cluster IP | `""` | -| `replica.service.loadBalancerIP` | Redis® replicas service Load Balancer IP | `""` | -| `replica.service.loadBalancerSourceRanges` | Redis® replicas service Load Balancer sources | `[]` | -| `replica.service.annotations` | Additional custom annotations for Redis® replicas service | `{}` | -| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` | -| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` | -| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` | -| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` | -| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` | -| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` | - - -### Redis® Sentinel configuration parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | -| `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | -| `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `6.2.7-debian-11-r12` | -| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | -| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | -| `sentinel.image.debug` | Enable image debug mode | `false` | -| `sentinel.masterSet` | Master set name | `mymaster` | -| `sentinel.quorum` | Sentinel Quorum | `2` | -| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `220` | -| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | -| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` | -| `sentinel.failoverTimeout` | Timeout for performing a election failover | `18000` | -| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` | -| `sentinel.configuration` | Configuration for Redis® Sentinel nodes | `""` | -| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | -| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | -| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis® Sentinel | `[]` | -| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis® Sentinel nodes | `[]` | -| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` | -| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` | -| `sentinel.containerPorts.sentinel` | Container port to open on Redis® Sentinel nodes | `26379` | -| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis® Sentinel nodes | `true` | -| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `sentinel.persistence.enabled` | Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) | `false` | -| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | -| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | -| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | -| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` | -| `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` | -| `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | -| `sentinel.lifecycleHooks` | for the Redis® sentinel container(s) to automate configuration before or after startup | `{}` | -| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® Sentinel | `[]` | -| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) | `[]` | -| `sentinel.service.type` | Redis® Sentinel service type | `ClusterIP` | -| `sentinel.service.ports.redis` | Redis® service port for Redis® | `6379` | -| `sentinel.service.ports.sentinel` | Redis® service port for Redis® Sentinel | `26379` | -| `sentinel.service.nodePorts.redis` | Node port for Redis® | `""` | -| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | -| `sentinel.service.externalTrafficPolicy` | Redis® Sentinel service external traffic policy | `Cluster` | -| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `sentinel.service.clusterIP` | Redis® Sentinel service Cluster IP | `""` | -| `sentinel.service.loadBalancerIP` | Redis® Sentinel service Load Balancer IP | `""` | -| `sentinel.service.loadBalancerSourceRanges` | Redis® Sentinel service Load Balancer sources | `[]` | -| `sentinel.service.annotations` | Additional custom annotations for Redis® Sentinel service | `{}` | -| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` | - - -### Other Parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` | -| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `tls.enabled` | Enable TLS traffic | `false` | -| `tls.authClients` | Require clients to authenticate | `true` | -| `tls.autoGenerated` | Enable autogenerated certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certificatesSecret` | DEPRECATED. Use existingSecret instead. | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate Key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | - - -### Metrics Parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------ | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | -| `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | -| `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Redis® Exporter image tag (immutable tags are recommended) | `1.43.0-debian-11-r4` | -| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | -| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | -| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | -| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | -| `metrics.service.port` | Redis® exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | - - -### Init Container Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r11` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | -| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | -| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r11` | -| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` | -| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctl.resources.limits` | The resources limits for the init container | `{}` | -| `sysctl.resources.requests` | The requested resources for the init container | `{}` | - - -### useExternalDNS Parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | -| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | -| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. | `external-dns.alpha.kubernetes.io/` | -| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.password=secretpassword \ - bitnami/redis -``` - -The above command sets the Redis® server password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/redis -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Redis® version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/). - -### Bootstrapping with an External Cluster - -This chart is equipped with the ability to bring online a set of Pods that connect to an existing Redis deployment that lies outside of Kubernetes. This effectively creates a hybrid Redis Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Redis Deployment. This is helpful in situations where one may be migrating Redis from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: - -```yaml -replica: - externalMaster: - enabled: true - host: external-redis-0.internal -sentinel: - externalMaster: - enabled: true - host: external-redis-0.internal -``` - -:warning: This is currently limited to clusters in which Sentinel and Redis run on the same node! :warning: - -Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. - -Once the Kubernetes Redis Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. - -### External DNS - -This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. -Example, when using the following configuration: - -```yaml -useExternalDNS: - enabled: true - suffix: prod.example.org - additionalAnnotations: - ttl: 10 -``` - -On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN: - -* `replica-announce-ip` -* `known-sentinel` -* `known-replica` -* `announce-ip` - -:warning: This requires a working installation of `external-dns` to be fully functional. :warning: - -See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. - -### Cluster topologies - -#### Default: Master-Replicas - -When installing the chart with `architecture=replication`, it will deploy a Redis® master StatefulSet and a Redis® replicas StatefulSet. The replicas will be read-replicas of the master. Two services will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed -- Redis® Replicas service: Points to the replicas, where only read operations are allowed by default. - -In case the master crashes, the replicas will wait until the master node is respawned again by the Kubernetes Controller Manager. - -#### Standalone - -When installing the chart with `architecture=standalone`, it will deploy a standalone Redis® StatefulSet. A single service will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed - -#### Master-Replicas with Sentinel - -When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Redis® master StatefulSet (only one master allowed) and a Redis® replicas StatefulSet. In this case, the pods will contain an extra container with Redis® Sentinel. This container will form a cluster of Redis® Sentinel nodes, which will promote a new master in case the actual one fails. In addition to this, only one service is exposed: - -- Redis® service: Exposes port 6379 for Redis® read-only operations and port 26379 for accessing Redis® Sentinel. - -For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis® Sentinel cluster and query the current master using the command below (using redis-cli or similar): - -``` -SENTINEL get-master-addr-by-name -``` - -This command will return the address of the current master, which can be accessed from inside the cluster. - -In case the current master crashes, the Sentinel containers will elect a new master node. - -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Multiple masters (experimental) - -When `master.count` is greater than `1`, special care must be taken to create a consistent setup. - -An example of use case is the creation of a redundant set of standalone masters or master-replicas per Kubernetes node where you must ensure: -- No more than `1` master can be deployed per Kubernetes node -- Replicas and writers can only see the single master of their own Kubernetes node - -One way of achieving this is by setting `master.service.internalTrafficPolicy=Local` in combination with a `master.affinity.podAntiAffinity` spec to never schedule more than one master per Kubernetes node. - -It's recommended to only change `master.count` if you know what you are doing. -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Using a password file - -To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. - -Refer to the chart documentation for more information on [using a password file for Redis®](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/). - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/). - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. - -If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example: - -You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: - -```console -tls-client-key-file -tls-client-cert-file -tls-ca-cert-file -``` - -### Host Kernel Settings - -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. - -Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/). - -## Persistence - -By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```bash -$ helm install my-release --set master.persistence.existingClaim=PVC_NAME bitnami/redis -``` - -## Backup and restore - -Refer to the chart documentation for more information on [backing up and restoring Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/). - -## NetworkPolicy - -To enable network policy for Redis®, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -Refer to the chart documenation for more information on [enabling the network policy in Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/). - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. - -### To 16.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Affected values: -- `master.service.port` renamed as `master.service.ports.redis`. -- `master.service.nodePort` renamed as `master.service.nodePorts.redis`. -- `replica.service.port` renamed as `replica.service.ports.redis`. -- `replica.service.nodePort` renamed as `replica.service.nodePorts.redis`. -- `sentinel.service.port` renamed as `sentinel.service.ports.redis`. -- `sentinel.service.sentinelPort` renamed as `sentinel.service.ports.sentinel`. -- `master.containerPort` renamed as `master.containerPorts.redis`. -- `replica.containerPort` renamed as `replica.containerPorts.redis`. -- `sentinel.containerPort` renamed as `sentinel.containerPorts.sentinel`. -- `master.spreadConstraints` renamed as `master.topologySpreadConstraints` -- `replica.spreadConstraints` renamed as `replica.topologySpreadConstraints` - -### To 15.0.0 - -The parameter to enable the usage of StaticIDs was removed. The behavior is to [always use StaticIDs](https://github.com/bitnami/charts/pull/7278). - -### To 14.8.0 - -The Redis® sentinel exporter was removed in this version because the upstream project was deprecated. The regular Redis® exporter is included in the sentinel scenario as usual. - -### To 14.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. - - Credentials parameter are reorganized under the `auth` parameter. - - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. - - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. - - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. -- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm). - -Consequences: - -Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new release of the Redis® chart, and migrate the data from your previous release. You have 2 alternatives to do so: - -- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. -- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`: - -```bash -$ helm install redis bitnami/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] -``` - -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release. - -### To 13.0.0 - -This major version updates the Redis® docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` is basically a stricter superset of `6.0`. For more information, please refer to [Redis® 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES). - -### To 12.3.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 12.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 11.0.0 - -When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` - -### To 9.0.0 - -The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis® exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). - -### To 7.0.0 - -In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all. - -This version also allows enabling Redis® Sentinel containers inside of the Redis® Pods (feature disabled by default). In case the master crashes, a new Redis® node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. Find more information [in this section](#master-slave-with-sentinel). - -### To 11.0.0 - -When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version. - -### To 10.0.0 - -For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases: - -- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced. -- Where redis clients need to be updated to support sentinel authentication. - -If using a master/slave topology, or with `usePassword: false`, no action is required. - -### To 8.0.18 - -For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details. - -### To 7.0.0 - -This version causes a change in the Redis® Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done: - -- Recommended: Create a clone of the Redis® Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. - - ``` - helm install my-release bitnami/redis --set persistence.existingClaim= - ``` - -- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis® Master StatefulSet. As a consequence, the following commands can be done to upgrade the release - - ``` - helm delete --purge - helm install bitnami/redis - ``` - -Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. - -Some values have changed as well: - -- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves) -- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves) - -By default, the upgrade will not change the cluster topology. In case you want to use Redis® Sentinel, you must explicitly set `sentinel.enabled` to `true`. - -### To 6.0.0 - -Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`. - -### To 5.0.0 - -The default image in this release may be switched out for any image containing the `redis-server` -and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command` -must be specified. - -#### Breaking changes - -- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`. -- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values. -- `master.persistence.path` now defaults to `/data`. - -### To 4.0.0 - -This version removes the `chart` label from the `spec.selector.matchLabels` -which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently -added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726. - -It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. - -Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. - -In order to upgrade, delete the Redis® StatefulSet before upgrading: - -```bash -kubectl delete statefulsets.apps --cascade=false my-release-redis-master -``` - -And edit the Redis® slave (and metrics if enabled) deployment: - -```bash -kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/rds/base/charts/redis/charts/common-1.16.0.tgz b/rds/base/charts/redis/charts/common-1.16.0.tgz deleted file mode 100644 index 533e0e4..0000000 Binary files a/rds/base/charts/redis/charts/common-1.16.0.tgz and /dev/null differ diff --git a/rds/base/charts/redis/charts/common/.helmignore b/rds/base/charts/redis/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/rds/base/charts/redis/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rds/base/charts/redis/charts/common/Chart.yaml b/rds/base/charts/redis/charts/common/Chart.yaml deleted file mode 100644 index bd152e3..0000000 --- a/rds/base/charts/redis/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.16.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.16.0 diff --git a/rds/base/charts/redis/charts/common/README.md b/rds/base/charts/redis/charts/common/README.md deleted file mode 100644 index 3b5e09c..0000000 --- a/rds/base/charts/redis/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/rds/base/charts/redis/charts/common/templates/_affinities.tpl b/rds/base/charts/redis/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/rds/base/charts/redis/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_capabilities.tpl b/rds/base/charts/redis/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/rds/base/charts/redis/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_errors.tpl b/rds/base/charts/redis/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/rds/base/charts/redis/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_images.tpl b/rds/base/charts/redis/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/rds/base/charts/redis/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_ingress.tpl b/rds/base/charts/redis/charts/common/templates/_ingress.tpl deleted file mode 100644 index 8caf73a..0000000 --- a/rds/base/charts/redis/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_labels.tpl b/rds/base/charts/redis/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/rds/base/charts/redis/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_names.tpl b/rds/base/charts/redis/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/rds/base/charts/redis/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_secrets.tpl b/rds/base/charts/redis/charts/common/templates/_secrets.tpl deleted file mode 100644 index a53fb44..0000000 --- a/rds/base/charts/redis/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_storage.tpl b/rds/base/charts/redis/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/rds/base/charts/redis/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_tplvalues.tpl b/rds/base/charts/redis/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/rds/base/charts/redis/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_utils.tpl b/rds/base/charts/redis/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/rds/base/charts/redis/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/_warnings.tpl b/rds/base/charts/redis/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/rds/base/charts/redis/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_cassandra.tpl b/rds/base/charts/redis/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_mariadb.tpl b/rds/base/charts/redis/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_mongodb.tpl b/rds/base/charts/redis/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_mysql.tpl b/rds/base/charts/redis/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_postgresql.tpl b/rds/base/charts/redis/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_redis.tpl b/rds/base/charts/redis/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/templates/validations/_validations.tpl b/rds/base/charts/redis/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/rds/base/charts/redis/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/rds/base/charts/redis/charts/common/values.yaml b/rds/base/charts/redis/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/rds/base/charts/redis/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/rds/base/charts/redis/img/redis-cluster-topology.png b/rds/base/charts/redis/img/redis-cluster-topology.png deleted file mode 100644 index f0a02a9..0000000 Binary files a/rds/base/charts/redis/img/redis-cluster-topology.png and /dev/null differ diff --git a/rds/base/charts/redis/img/redis-topology.png b/rds/base/charts/redis/img/redis-topology.png deleted file mode 100644 index 3f5280f..0000000 Binary files a/rds/base/charts/redis/img/redis-topology.png and /dev/null differ diff --git a/rds/base/charts/redis/templates/NOTES.txt b/rds/base/charts/redis/templates/NOTES.txt deleted file mode 100644 index 2623ade..0000000 --- a/rds/base/charts/redis/templates/NOTES.txt +++ /dev/null @@ -1,191 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - -For Redis: - - /opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh - -{{- if .Values.sentinel.enabled }} - -For Redis Sentinel: - - /opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh - -{{- end }} -{{- else }} - -{{- if contains .Values.master.service.type "LoadBalancer" }} -{{- if not .Values.auth.enabled }} -{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have - most likely exposed the Redis® service externally without any authentication - mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also switch to "auth.enabled=true" - providing a valid password on "password" parameter. - -------------------------------------------------------------------------------- -{{- end }} -{{- end }} -{{- end }} - -{{- if eq .Values.architecture "replication" }} -{{- if .Values.sentinel.enabled }} - -Redis® can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations - -For read/write operations, first access the Redis® Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. - -{{- else }} - -Redis® can be accessed on the following DNS names from within your cluster: - - {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }}) - {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }}) - -{{- end }} -{{- else }} - -Redis® can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{ if .Values.auth.enabled }} - -To get your password run: - - export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d) - -{{- end }} - -To connect to your Redis® server: - -1. Run a Redis® pod that you can use as a client: - - kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity - -{{- if .Values.tls.enabled }} - - Copy your TLS certificates to the pod: - - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key - kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert - -{{- end }} - - Use the following command to attach to the pod: - - kubectl exec --tty -i redis-client \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} - --namespace {{ .Release.Namespace }} -- bash - -2. Connect using the Redis® CLI: - -{{- if eq .Values.architecture "replication" }} - {{- if .Values.sentinel.enabled }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.redis }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access - {{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{- end }} -{{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis. - -{{- else }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{- if contains "NodePort" .Values.sentinel.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.sentinel.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- else }} -{{- if contains "NodePort" .Values.master.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.master.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.master.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- end }} - -{{- end }} -{{- end }} -{{- include "redis.checkRollingTags" . }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.sysctl.image }} -{{- include "redis.validateValues" . }} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} -{{- if $.Values.sentinel.service.nodePorts.sentinel }} -No need to upgrade, ports and nodeports have been set from values -{{- else }} -#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# -YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/_helpers.tpl b/rds/base/charts/redis/templates/_helpers.tpl deleted file mode 100644 index f6f47d9..0000000 --- a/rds/base/charts/redis/templates/_helpers.tpl +++ /dev/null @@ -1,291 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Redis image name -*/}} -{{- define "redis.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Redis Sentinel image name -*/}} -{{- define "redis.sentinel.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "redis.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "redis.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return sysctl image -*/}} -{{- define "redis.sysctl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "redis.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.sysctl.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "redis.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret)) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing Redis TLS certificates -*/}} -{{- define "redis.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "redis.tlsCert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "redis.tlsCertKey" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}} -{{- else -}} - {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "redis.tlsCACert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}} -{{- else -}} - {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the DH params file. -*/}} -{{- define "redis.tlsDHParams" -}} -{{- if .Values.tls.dhParamsFilename -}} -{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "redis.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the configuration configmap name -*/}} -{{- define "redis.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "redis.createConfigmap" -}} -{{- if empty .Values.existingConfigmap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "redis.secretName" -}} -{{- if .Values.auth.existingSecret -}} -{{- printf "%s" .Values.auth.existingSecret -}} -{{- else -}} -{{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password key to be retrieved from Redis® secret. -*/}} -{{- define "redis.secretPasswordKey" -}} -{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} -{{- printf "%s" .Values.auth.existingSecretPasswordKey -}} -{{- else -}} -{{- printf "redis-password" -}} -{{- end -}} -{{- end -}} - - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{/* -Return Redis® password -*/}} -{{- define "redis.password" -}} -{{- if not (empty .Values.global.redis.password) }} - {{- .Values.global.redis.password -}} -{{- else if not (empty .Values.auth.password) -}} - {{- .Values.auth.password -}} -{{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "redis-password") -}} -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "redis.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.sentinel.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "redis.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "redis.validateValues.topologySpreadConstraints" .) -}} -{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}} -{{- $messages := append $messages (include "redis.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - spreadConstrainsts K8s version */}} -{{- define "redis.validateValues.topologySpreadConstraints" -}} -{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} -redis: topologySpreadConstraints - Pod Topology Spread Constraints are only available on K8s >= 1.16 - Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - must provide a valid architecture */}} -{{- define "redis.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} -redis: architecture - Invalid architecture selected. Valid values are "standalone" and - "replication". Please set a valid architecture (--set architecture="xxxx") -{{- end -}} -{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} -redis: architecture - Using redis sentinel on standalone mode is not supported. - To deploy redis sentinel, please select the "replication" mode - (--set "architecture=replication,sentinel.enabled=true") -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - PodSecurityPolicy create */}} -{{- define "redis.validateValues.podSecurityPolicy.create" -}} -{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} -redis: podSecurityPolicy.create - In order to create PodSecurityPolicy, you also need to enable - podSecurityPolicy.enabled field -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - TLS enabled */}} -{{- define "redis.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} -redis: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* Define the suffix utilized for external-dns */}} -{{- define "redis.externalDNS.suffix" -}} -{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} -{{- end -}} - -{{/* Compile all annotations utilized for external-dns */}} -{{- define "redis.externalDNS.annotations" -}} -{{- if .Values.useExternalDNS.enabled }} -{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "redis.externalDNS.suffix" . }} -{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} -{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/configmap.yaml b/rds/base/charts/redis/templates/configmap.yaml deleted file mode 100644 index 274e75b..0000000 --- a/rds/base/charts/redis/templates/configmap.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if (include "redis.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - redis.conf: |- - # User-supplied common configuration: - {{- if .Values.commonConfiguration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} - {{- end }} - # End of common configuration - master.conf: |- - dir {{ .Values.master.persistence.path }} - # User-supplied master configuration: - {{- if .Values.master.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.master.disableCommands }} - {{- range .Values.master.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of master configuration - replica.conf: |- - dir {{ .Values.replica.persistence.path }} - # User-supplied replica configuration: - {{- if .Values.replica.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.replica.disableCommands }} - {{- range .Values.replica.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of replica configuration - {{- if .Values.sentinel.enabled }} - sentinel.conf: |- - dir "/tmp" - port {{ .Values.sentinel.containerPorts.sentinel }} - sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }} - sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }} - sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }} - sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }} - # User-supplied sentinel configuration: - {{- if .Values.sentinel.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} - {{- end }} - # End of sentinel configuration - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/extra-list.yaml b/rds/base/charts/redis/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/rds/base/charts/redis/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/rds/base/charts/redis/templates/headless-svc.yaml b/rds/base/charts/redis/templates/headless-svc.yaml deleted file mode 100644 index e164fea..0000000 --- a/rds/base/charts/redis/templates/headless-svc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- include "redis.externalDNS.annotations" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - {{- if .Values.sentinel.enabled }} - publishNotReadyAddresses: true - {{- end }} - ports: - - name: tcp-redis - port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.ports.redis }}{{ else }}{{ .Values.master.service.ports.redis }}{{ end }} - targetPort: redis - {{- if .Values.sentinel.enabled }} - - name: tcp-sentinel - port: {{ .Values.sentinel.service.ports.sentinel }} - targetPort: redis-sentinel - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/rds/base/charts/redis/templates/health-configmap.yaml b/rds/base/charts/redis/templates/health-configmap.yaml deleted file mode 100644 index 47cb3fd..0000000 --- a/rds/base/charts/redis/templates/health-configmap.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi -{{- if .Values.sentinel.enabled }} - ping_sentinel.sh: |- - #!/bin/bash - -{{- if .Values.auth.sentinel }} - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" -{{- end }} - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_SENTINEL_TLS_PORT_NUMBER \ - --tls \ - --cacert "$REDIS_SENTINEL_TLS_CA_FILE" \ - {{- if .Values.tls.authClients }} - --cert "$REDIS_SENTINEL_TLS_CERT_FILE" \ - --key "$REDIS_SENTINEL_TLS_KEY_FILE" \ - {{- end }} -{{- else }} - -p $REDIS_SENTINEL_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - parse_sentinels.awk: |- - /ip/ {FOUND_IP=1} - /port/ {FOUND_PORT=1} - /runid/ {FOUND_RUNID=1} - !/ip|port|runid/ { - if (FOUND_IP==1) { - IP=$1; FOUND_IP=0; - } - else if (FOUND_PORT==1) { - PORT=$1; - FOUND_PORT=0; - } else if (FOUND_RUNID==1) { - printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; - } - } -{{- end }} - ping_readiness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status diff --git a/rds/base/charts/redis/templates/master/application.yaml b/rds/base/charts/redis/templates/master/application.yaml deleted file mode 100644 index 3643b43..0000000 --- a/rds/base/charts/redis/templates/master/application.yaml +++ /dev/null @@ -1,473 +0,0 @@ -{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.master.kind }} -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.master.count }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: master - {{- if (eq .Values.master.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.master.updateStrategy }} - {{- if (eq .Values.master.kind "Deployment") }} - strategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- else }} - updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- end }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: master - {{- if .Values.master.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.master.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.master.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.podSecurityContext.enabled }} - securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName | quote }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} - {{- end }} - {{- if .Values.master.schedulerName }} - schedulerName: {{ .Values.master.schedulerName | quote }} - {{- end }} - {{- if .Values.master.dnsPolicy }} - dnsPolicy: {{ .Values.master.dnsPolicy }} - {{- end }} - {{- if .Values.master.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.master.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.master.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.master.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-master.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.master.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} - envFrom: - {{- if .Values.master.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.master.extraEnvVarsCM }} - {{- end }} - {{- if .Values.master.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.master.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.master.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.master.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.master.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} - {{- else if .Values.master.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} - {{- else if .Values.master.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.master.resources }} - resources: {{- toYaml .Values.master.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - subPath: {{ .Values.master.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc/ - - name: tmp - mountPath: /tmp - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.master.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }} - {{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.master.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} - {{- else }} - chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - subPath: {{ .Values.master.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: redis-tmp-conf - {{- if .Values.master.persistence.medium }} - emptyDir: - medium: {{ .Values.master.persistence.medium | quote }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp - {{- if .Values.master.persistence.medium }} - emptyDir: - medium: {{ .Values.master.persistence.medium | quote }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if not .Values.master.persistence.enabled }} - - name: redis-data - {{- if .Values.master.persistence.medium }} - emptyDir: { - medium: {{ .Values.master.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.master.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }} - {{- else if (eq .Values.master.kind "Deployment") }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/master/psp.yaml b/rds/base/charts/redis/templates/master/psp.yaml deleted file mode 100644 index fc1ebf0..0000000 --- a/rds/base/charts/redis/templates/master/psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.podSecurityContext.fsGroup }} - max: {{ .Values.master.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} diff --git a/rds/base/charts/redis/templates/master/pvc.yaml b/rds/base/charts/redis/templates/master/pvc.yaml deleted file mode 100644 index ad45562..0000000 --- a/rds/base/charts/redis/templates/master/pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/rds/base/charts/redis/templates/master/service.yaml b/rds/base/charts/redis/templates/master/service.yaml deleted file mode 100644 index e7e4898..0000000 --- a/rds/base/charts/redis/templates/master/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if not .Values.sentinel.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.master.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.master.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.master.service.type }} - {{- if or (eq .Values.master.service.type "LoadBalancer") (eq .Values.master.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.master.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} - clusterIP: {{ .Values.master.service.clusterIP }} - {{- end }} - {{- if .Values.master.service.sessionAffinity }} - sessionAffinity: {{ .Values.master.service.sessionAffinity }} - {{- end }} - {{- if .Values.master.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.master.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) .Values.master.service.nodePorts.redis}} - nodePort: {{ .Values.master.service.nodePorts.redis}} - {{- else if eq .Values.master.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.master.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: master -{{- end }} diff --git a/rds/base/charts/redis/templates/metrics-svc.yaml b/rds/base/charts/redis/templates/metrics-svc.yaml deleted file mode 100644 index 5b72494..0000000 --- a/rds/base/charts/redis/templates/metrics-svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.metrics.service.port }} - protocol: TCP - targetPort: metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/rds/base/charts/redis/templates/networkpolicy.yaml b/rds/base/charts/redis/templates/networkpolicy.yaml deleted file mode 100644 index f45cc69..0000000 --- a/rds/base/charts/redis/templates/networkpolicy.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }} - - Egress - egress: - {{- if eq .Values.architecture "replication" }} - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: 9121 - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/pdb.yaml b/rds/base/charts/redis/templates/pdb.yaml deleted file mode 100644 index bd6e917..0000000 --- a/rds/base/charts/redis/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/rds/base/charts/redis/templates/prometheusrule.yaml b/rds/base/charts/redis/templates/prometheusrule.yaml deleted file mode 100644 index 2d82ecc..0000000 --- a/rds/base/charts/redis/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "common.names.name" $ }} - rules: {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/replicas/hpa.yaml b/rds/base/charts/redis/templates/replicas/hpa.yaml deleted file mode 100644 index 543a322..0000000 --- a/rds/base/charts/redis/templates/replicas/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/replicas/service.yaml b/rds/base/charts/redis/templates/replicas/service.yaml deleted file mode 100644 index 10221b1..0000000 --- a/rds/base/charts/redis/templates/replicas/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.replica.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.replica.service.type }} - {{- if or (eq .Values.replica.service.type "LoadBalancer") (eq .Values.replica.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.replica.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} - clusterIP: {{ .Values.replica.service.clusterIP }} - {{- end }} - {{- if .Values.replica.service.sessionAffinity }} - sessionAffinity: {{ .Values.replica.service.sessionAffinity }} - {{- end }} - {{- if .Values.replica.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.replica.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.redis}} - nodePort: {{ .Values.replica.service.nodePorts.redis}} - {{- else if eq .Values.replica.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.replica.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/rds/base/charts/redis/templates/replicas/statefulset.yaml b/rds/base/charts/redis/templates/replicas/statefulset.yaml deleted file mode 100644 index aa706d9..0000000 --- a/rds/base/charts/redis/templates/replicas/statefulset.yaml +++ /dev/null @@ -1,471 +0,0 @@ -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.replica.autoscaling.enabled }} - replicas: {{ .Values.replica.replicaCount }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: replica - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: slave - - name: REDIS_MASTER_HOST - {{- if and (eq (int64 .Values.master.count) 1) (ne .Values.master.kind "Deployment") }} - value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- else }} - value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - - name: REDIS_MASTER_PORT_NUMBER - value: {{ .Values.master.containerPorts.redis | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- else if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- else if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: /data - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: redis-tmp-conf - {{- if .Values.replica.persistence.medium }} - emptyDir: - medium: {{ .Values.replica.persistence.medium | quote }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: redis-data - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.replica.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/role.yaml b/rds/base/charts/redis/templates/role.yaml deleted file mode 100644 index 0cd806a..0000000 --- a/rds/base/charts/redis/templates/role.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} - {{- if and $pspAvailable .Values.podSecurityPolicy.enabled }} - - apiGroups: - - '{{ template "podSecurityPolicy.apiGroup" . }}' - resources: - - 'podsecuritypolicies' - verbs: - - 'use' - resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}] - {{- end }} - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/rolebinding.yaml b/rds/base/charts/redis/templates/rolebinding.yaml deleted file mode 100644 index 79a5987..0000000 --- a/rds/base/charts/redis/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "redis.serviceAccountName" . }} -{{- end }} diff --git a/rds/base/charts/redis/templates/scripts-configmap.yaml b/rds/base/charts/redis/templates/scripts-configmap.yaml deleted file mode 100644 index cab9291..0000000 --- a/rds/base/charts/redis/templates/scripts-configmap.yaml +++ /dev/null @@ -1,627 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} - start-node.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh - . /opt/bitnami/scripts/libvalidations.sh - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then - REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST" - else - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - fi - - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") - validate_quorum() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}" - else - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $quorum_info_command" - eval $quorum_info_command | grep -Fq "s_down" - } - - trigger_manual_failover() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}" - else - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $failover_command" - eval $failover_command - } - - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $sentinel_info_command" - eval $sentinel_info_command - } - - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - - # check if there is a master - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - master_port_in_persisted_conf="$REDIS_MASTER_PORT_NUMBER" - master_in_sentinel="$(get_sentinel_master_info)" - redisRetVal=$? - - {{- if .Values.sentinel.persistence.enabled }} - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - master_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master ${master_in_persisted_conf}:${master_port_in_persisted_conf} in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - touch /opt/bitnami/redis-sentinel/etc/.node_read - fi - {{- end }} - - if [[ $redisRetVal -ne 0 ]]; then - if [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 1: No active sentinel and in previous sentinel.conf we were the master --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 2: No active sentinel and in previous sentinel.conf we were not master --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="slave" - REDIS_MASTER_HOST=${master_in_persisted_conf} - REDIS_MASTER_PORT_NUMBER=${master_port_in_persisted_conf} - fi - else - # Fetches current master's host and port - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - info "Current master: REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - - if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 3: Active sentinel and master it is this node --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 4: Active sentinel and master is not this node --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="slave" - - {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} - retry_count=1 - while validate_quorum - do - info "sleeping, waiting for Redis master to come up" - sleep 1s - if ! ((retry_count % 11)); then - info "Trying to manually failover" - failover_result=$(trigger_manual_failover) - - debug "Failover result: $failover_result" - fi - - ((retry_count+=1)) - done - info "Redis master is up now" - {{- end }} - fi - fi - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - - if [[ "$REDIS_REPLICATION_MODE" = "slave" ]]; then - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - fi - - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - - {{- if .Values.replica.preExecCmds }} - {{- .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - - start-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libfile.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") - - sentinel_conf_set() { - local -r key="${1:?missing key}" - local value="${2:-}" - - # Sanitize inputs - value="${value//\\/\\\\}" - value="${value//&/\\&}" - value="${value//\?/\\?}" - [[ "$value" = "" ]] && value="\"$value\"" - - replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false - } - sentinel_conf_add() { - echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf" - } - host_id() { - echo "$1" | openssl sha1 | awk '{print $2}' - } - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $sentinel_info_command" - eval $sentinel_info_command - } - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - - {{- if .Values.sentinel.persistence.enabled }} - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - check_lock_file() { - [[ -f /opt/bitnami/redis-sentinel/etc/.node_read ]] - } - retry_while "check_lock_file" - rm -f /opt/bitnami/redis-sentinel/etc/.node_read - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master $master_in_persisted_conf in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - fi - {{- end }} - if ! get_sentinel_master_info && [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # No master found, lets create a master node - export REDIS_REPLICATION_MODE="master" - - REDIS_MASTER_HOST=$(get_full_hostname "$HOSTNAME") - REDIS_MASTER_PORT_NUMBER="$REDISPORT" - else - export REDIS_REPLICATION_MODE="slave" - - # Fetches current master's host and port - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - fi - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- if .Values.auth.enabled }} - printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- if and .Values.auth.enabled .Values.auth.sentinel }} - printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- end }} - {{- end }} - printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - - sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}" - - add_known_sentinel() { - hostname="$1" - ip="$2" - - if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then - sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" - fi - } - add_known_replica() { - hostname="$1" - ip="$2" - - if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then - sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")" - fi - } - - # Add available hosts on the network as known replicas & sentinels - for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do - hostname="{{ template "common.names.fullname" . }}-node-$node" - ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" - add_known_sentinel "$hostname" "$ip" - add_known_replica "$hostname" "$ip" - done - - echo "" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel resolve-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}") - ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}") - ARGS+=("--tls-replication" "yes") - ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- end }} - {{- if .Values.sentinel.preExecCmds }} - {{ .Values.sentinel.preExecCmds | nindent 4 }} - {{- end }} - exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} - prestop-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }} - SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME} - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - run_sentinel_command() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@" - fi - } - failover_finished() { - REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}")) - REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}" - [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - {{ if .Values.auth.sentinel -}} - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - {{- end }} - - if ! failover_finished; then - echo "I am the master pod and you are stopping me. Starting sentinel failover" - # if I am the master, issue a command to failover once and then wait for the failover to finish - run_sentinel_command failover "{{ .Values.sentinel.masterSet }}" - if retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then - echo "Master has been successfuly failed over to a different pod." - exit 0 - else - echo "Master failover failed" - exit 1 - fi - else - exit 0 - fi - prestop-redis.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - run_redis_command() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@" - else - redis-cli -h 127.0.0.1 -p ${REDIS_PORT} "$@" - fi - } - failover_finished() { - REDIS_ROLE=$(run_redis_command role | head -1) - [[ "$REDIS_ROLE" != "master" ]] - } - - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - - if ! failover_finished; then - echo "Waiting for sentinel to run failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" - retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 - else - exit 0 - fi - -{{- else }} - start-master.sh: | - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - {{- if and .Values.master.containerSecurityContext.runAsUser (eq (.Values.master.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.master.persistence.path }} - {{- end }} - if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - {{- if .Values.master.extraFlags }} - {{- range .Values.master.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.master.preExecCmds }} - {{ .Values.master.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.master.command }} - exec {{ .Values.master.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- if eq .Values.architecture "replication" }} - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.replica.preExecCmds }} - {{ .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/secret.yaml b/rds/base/charts/redis/templates/secret.yaml deleted file mode 100644 index e97a727..0000000 --- a/rds/base/charts/redis/templates/secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.secretAnnotations .Values.commonAnnotations }} - annotations: - {{- if .Values.secretAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -type: Opaque -data: - redis-password: {{ include "redis.password" . | b64enc | quote }} -{{- end -}} diff --git a/rds/base/charts/redis/templates/sentinel/hpa.yaml b/rds/base/charts/redis/templates/sentinel/hpa.yaml deleted file mode 100644 index ef57b5a..0000000 --- a/rds/base/charts/redis/templates/sentinel/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/sentinel/node-services.yaml b/rds/base/charts/redis/templates/sentinel/node-services.yaml deleted file mode 100644 index d3e635e..0000000 --- a/rds/base/charts/redis/templates/sentinel/node-services.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.redis ) }} - -{{- range $i := until (int .Values.replica.replicaCount) }} - -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis") }} -{{- else }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" $ }}-node-{{ $i }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: node - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or $.Values.sentinel.service.annotations $.Values.commonAnnotations }} - annotations: - {{- if $.Values.sentinel.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.sentinel.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: NodePort - ports: - - name: sentinel - {{- if $.Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - {{- else }} - nodePort: {{ $sentinelport }} - port: {{ $sentinelport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis - {{- if $.Values.sentinel.service.nodePorts.redis }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - {{- else }} - nodePort: {{ $redisport }} - port: {{ $redisport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - - name: sentinel-internal - nodePort: null - port: {{ $.Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ $.Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - selector: - statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} ---- -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/sentinel/ports-configmap.yaml b/rds/base/charts/redis/templates/sentinel/ports-configmap.yaml deleted file mode 100644 index 5d032db..0000000 --- a/rds/base/charts/redis/templates/sentinel/ports-configmap.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.redis ) }} -{{- /* create a list to keep track of ports we choose to use */}} -{{ $chosenports := (list ) }} - -{{- /* Get list of all used nodeports */}} -{{ $usedports := (list ) }} -{{- range $index, $service := (lookup "v1" "Service" "" "").items }} - {{- range.spec.ports }} - {{- if .nodePort }} - {{- $usedports = (append $usedports .nodePort) }} - {{- end }} - {{- end }} -{{- end }} - -{{- /* -comments that start with # are rendered in the output when you debug, so you can less and search for them -Vars in the comment will be rendered out, so you can check their value this way. -https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments - -remove the template comments and leave the yaml comments to help debug -*/}} - -{{- /* Sort the list */}} -{{ $usedports = $usedports | sortAlpha }} -#usedports {{ $usedports }} - -{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} -{{ $numberofPortsPerNodeService := 2 }} - -{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} -{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} - {{- /* #j={{ $j }} */}} - {{- $nodeport := (add $j 30000) }} - {{- $nodeportfound := false }} - {{- range $i := $usedports }} - {{- /* #i={{ $i }} - #nodeport={{ $nodeport }} - #usedports={{ $usedports }} */}} - {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} - {{- /* nodeport conflicts with in use */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} - {{- /* nodeport already chosen, try another */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if (eq $nodeportfound false) }} - {{- /* nodeport free to use: not already claimed and not in use */}} - {{- /* select nodeport, and place into usedports */}} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- $nodeportfound = true }} - {{- else }} - {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} - {{- end }} - {{- end }} - {{- if (eq $nodeportfound false) }} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- end }} - -{{- end }} - -{{- /* print the usedports and chosenports for debugging */}} -#usedports {{ $usedports }} -#chosenports {{ $chosenports }}}} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-ports-configmap - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} -{{- if $portsmap }} -{{- /* configmap already exists, do not install again */ -}} - {{- range $name, $value := $portsmap }} - "{{ $name }}": "{{ $value }}" - {{- end }} -{{- else }} -{{- /* configmap being set for first time */ -}} - {{- range $index, $port := $chosenports }} - {{- $nodenumber := (floor (div $index 2)) }} - {{- if (eq $index 0) }} - "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" - {{- else if (eq $index 1) }} - "{{ template "common.names.fullname" $ }}-redis": "{{ $port }}" - {{- else if (eq (mod $index 2) 0) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" - {{- else if (eq (mod $index 2) 1) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-redis": "{{ $port }}" - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/sentinel/service.yaml b/rds/base/charts/redis/templates/sentinel/service.yaml deleted file mode 100644 index f193730..0000000 --- a/rds/base/charts/redis/templates/sentinel/service.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis") }} -{{- else }} -{{- end }} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.sentinel.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.sentinel.service.type }} - {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} - clusterIP: {{ .Values.sentinel.service.clusterIP }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinity }} - sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - port: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $redisport }} - {{- else}} - port: {{ .Values.sentinel.service.ports.redis }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - nodePort: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $redisport }} - {{- end }} - - name: tcp-sentinel - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - port: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $sentinelport }} - {{- else }} - port: {{ .Values.sentinel.service.ports.sentinel }} - {{- end }} - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $sentinelport }} - {{- end }} - {{- if eq .Values.sentinel.service.type "NodePort" }} - - name: sentinel-internal - nodePort: null - port: {{ .Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ .Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- end }} - {{- if .Values.sentinel.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: node -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/sentinel/statefulset.yaml b/rds/base/charts/redis/templates/sentinel/statefulset.yaml deleted file mode 100644 index 6b301c1..0000000 --- a/rds/base/charts/redis/templates/sentinel/statefulset.yaml +++ /dev/null @@ -1,688 +0,0 @@ -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replica.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: node - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: node - {{- if .Values.replica.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-redis.sh - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-node.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_MASTER_PORT_NUMBER - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - - name: REDIS_DATA_DIR - value: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.replica.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.replica.externalMaster.port | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- else if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- else if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.sentinel.persistence.enabled }} - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- end }} - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc - - name: tmp - mountPath: /tmp - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - name: sentinel - image: {{ template "redis.sentinel.image" . }} - imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh - {{- end }} - {{- end }} - {{- if .Values.sentinel.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.sentinel.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.sentinel.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-sentinel.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- else }} - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - {{- end }} - - name: REDIS_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_SENTINEL_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_SENTINEL_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_SENTINEL_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "redis.tls.dhParamsFilename" . }} - {{- end }} - {{- else }} - - name: REDIS_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - {{- if .Values.sentinel.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.sentinel.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.sentinel.externalMaster.port | quote }} - {{- end }} - {{- if .Values.sentinel.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} - envFrom: - {{- if .Values.sentinel.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.sentinel.extraEnvVarsCM }} - {{- end }} - {{- if .Values.sentinel.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.sentinel.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis-sentinel - containerPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis-sentinel - {{- else if .Values.sentinel.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sentinel.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- else if .Values.sentinel.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- else if .Values.sentinel.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sentinel.resources }} - resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis-sentinel/mounted-etc - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.sentinel.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - {{- if not .Values.sentinel.persistence.enabled }} - - name: sentinel-data - {{- if .Values.sentinel.persistence.medium }} - emptyDir: { - medium: {{ .Values.sentinel.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: redis-tmp-conf - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.sentinel.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: redis-data - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.sentinel.persistence.enabled }} - - metadata: - name: sentinel-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.sentinel.persistence.annotations }} - annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.sentinel.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.sentinel.persistence.size | quote }} - {{- if .Values.sentinel.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.sentinel.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/serviceaccount.yaml b/rds/base/charts/redis/templates/serviceaccount.yaml deleted file mode 100644 index b3e59d9..0000000 --- a/rds/base/charts/redis/templates/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "redis.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - annotations: - {{- if or .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/rds/base/charts/redis/templates/servicemonitor.yaml b/rds/base/charts/redis/templates/servicemonitor.yaml deleted file mode 100644 index c3bf13d..0000000 --- a/rds/base/charts/redis/templates/servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/rds/base/charts/redis/templates/tls-secret.yaml b/rds/base/charts/redis/templates/tls-secret.yaml deleted file mode 100644 index 5afd4ef..0000000 --- a/rds/base/charts/redis/templates/tls-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if (include "redis.createTlsSecret" .) }} -{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }} -{{- $ca := genCA "redis-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }} - tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }} - tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }} -{{- end }} diff --git a/rds/base/charts/redis/values.schema.json b/rds/base/charts/redis/values.schema.json deleted file mode 100644 index d6e226b..0000000 --- a/rds/base/charts/redis/values.schema.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "Redis architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use password authentication" - }, - "password": { - "type": "string", - "title": "Redis password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - } - } - }, - "master": { - "type": "object", - "title": "Master replicas settings", - "form": true, - "properties": { - "kind": { - "type": "string", - "title": "Workload Kind", - "form": true, - "description": "Allowed values: `Deployment` or `StatefulSet`", - "enum": ["Deployment", "StatefulSet"] - }, - "persistence": { - "type": "object", - "title": "Persistence for master replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "master/persistence/enabled" - } - } - } - } - } - }, - "replica": { - "type": "object", - "title": "Redis replicas settings", - "form": true, - "hidden": { - "value": "standalone", - "path": "architecture" - }, - "properties": { - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of Redis replicas" - }, - "persistence": { - "type": "object", - "title": "Persistence for Redis replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "replica/persistence/enabled" - } - } - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/rds/base/charts/redis/values.yaml b/rds/base/charts/redis/values.yaml deleted file mode 100644 index c25a3b2..0000000 --- a/rds/base/charts/redis/values.yaml +++ /dev/null @@ -1,1621 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.redis.password Global Redis® password (overrides `auth.password`) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - redis: - password: "" - -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param secretAnnotations Annotations to add to secret -## -secretAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section Redis® Image parameters -## - -## Bitnami Redis® image -## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry Redis® image registry -## @param image.repository Redis® image repository -## @param image.tag Redis® image tag (immutable tags are recommended) -## @param image.pullPolicy Redis® image pull policy -## @param image.pullSecrets Redis® image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/redis - tag: 6.2.7-debian-11-r11 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - -## @section Redis® common configuration parameters -## https://github.com/bitnami/bitnami-docker-redis#configuration -## - -## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` -## -architecture: replication -## Redis® Authentication parameters -## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run -## -auth: - ## @param auth.enabled Enable password authentication - ## - enabled: true - ## @param auth.sentinel Enable password authentication on sentinels too - ## - sentinel: true - ## @param auth.password Redis® password - ## Defaults to a random 10-character alphanumeric string if not set - ## - password: "" - ## @param auth.existingSecret The name of an existing secret with Redis® credentials - ## NOTE: When it's set, the previous `auth.password` parameter is ignored - ## - existingSecret: "" - ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret - ## NOTE: ignored unless `auth.existingSecret` parameter is set - ## - existingSecretPasswordKey: "" - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - -## @param commonConfiguration [string] Common configuration to be added into the ConfigMap -## ref: https://redis.io/topics/config -## -commonConfiguration: |- - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly yes - # Disable RDB persistence, AOF persistence already enabled. - save "" -## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes -## -existingConfigmap: "" - -## @section Redis® master configuration parameters -## - -master: - ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) - ## - count: 1 - ## @param master.configuration Configuration for Redis® master nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param master.disableCommands Array with Redis® commands to disable on master nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param master.command Override default container command (useful when using custom images) - ## - command: [] - ## @param master.args Override default container args (useful when using custom images) - ## - args: [] - ## @param master.preExecCmds Additional commands to run prior to starting Redis® master - ## - preExecCmds: [] - ## @param master.extraFlags Array with additional command line flags for Redis® master - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param master.extraEnvVars Array with extra environment variables to add to Redis® master nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® master nodes - ## - extraEnvVarsCM: "" - ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® master nodes - ## - extraEnvVarsSecret: "" - ## @param master.containerPorts.redis Container port to open on Redis® master nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param master.startupProbe.enabled Enable startupProbe on Redis® master nodes - ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param master.startupProbe.periodSeconds Period seconds for startupProbe - ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param master.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.livenessProbe.enabled Enable livenessProbe on Redis® master nodes - ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.readinessProbe.enabled Enable readinessProbe on Redis® master nodes - ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param master.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® master resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param master.resources.limits The resources limits for the Redis® master containers - ## @param master.resources.requests The requested resources for the Redis® master containers - ## - resources: - limits: {} - requests: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context - ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context - ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param master.kind Use either Deployment or StatefulSet (default) - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param master.schedulerName Alternate scheduler for Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param master.updateStrategy.type Redis® master statefulset strategy type - ## @skip master.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - rollingUpdate: {} - ## @param master.priorityClassName Redis® master pods' priorityClassName - ## - priorityClassName: "" - ## @param master.hostAliases Redis® master pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param master.podLabels Extra labels for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param master.podAnnotations Annotations for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node master.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set - ## - key: "" - ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param master.affinity Affinity for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param master.nodeSelector Node labels for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param master.tolerations Tolerations for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param master.topologySpreadConstraints Spread Constraints for Redis® master pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param master.dnsPolicy DNS Policy for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - dnsPolicy: "" - ## @param master.dnsConfig DNS Configuration for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - dnsConfig: {} - ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis® master pod(s) - ## - extraVolumes: [] - ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® master container(s) - ## - extraVolumeMounts: [] - ## @param master.sidecars Add additional sidecar containers to the Redis® master pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param master.initContainers Add additional init containers to the Redis® master pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims - ## - enabled: true - ## @param master.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param master.persistence.path The path the volume will be mounted at on Redis® master containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis® master containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param master.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param master.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param master.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param master.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param master.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param master.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires master.persistence.enabled: true - ## - existingClaim: "" - ## Redis® master service parameters - ## - service: - ## @param master.service.type Redis® master service type - ## - type: ClusterIP - ## @param master.service.ports.redis Redis® master service port - ## - ports: - redis: 6379 - ## @param master.service.nodePorts.redis Node port for Redis® master - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "" - ## @param master.service.externalTrafficPolicy Redis® master service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param master.service.internalTrafficPolicy Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param master.service.clusterIP Redis® master service Cluster IP - ## - clusterIP: "" - ## @param master.service.loadBalancerIP Redis® master service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param master.service.annotations Additional custom annotations for Redis® master service - ## - annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods - ## - terminationGracePeriodSeconds: 30 - -## @section Redis® replicas configuration parameters -## - -replica: - ## @param replica.replicaCount Number of Redis® replicas to deploy - ## - replicaCount: 3 - ## @param replica.configuration Configuration for Redis® replicas nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param replica.disableCommands Array with Redis® commands to disable on replicas nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param replica.command Override default container command (useful when using custom images) - ## - command: [] - ## @param replica.args Override default container args (useful when using custom images) - ## - args: [] - ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas - ## - preExecCmds: [] - ## @param replica.extraFlags Array with additional command line flags for Redis® replicas - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param replica.extraEnvVars Array with extra environment variables to add to Redis® replicas nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsCM: "" - ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsSecret: "" - ## @param replica.externalMaster.enabled Use external master for bootstrapping - ## @param replica.externalMaster.host External master host to bootstrap from - ## @param replica.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param replica.containerPorts.redis Container port to open on Redis® replicas nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param replica.startupProbe.enabled Enable startupProbe on Redis® replicas nodes - ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe - ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param replica.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes - ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes - ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® replicas resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param replica.resources.limits The resources limits for the Redis® replicas containers - ## @param replica.resources.requests The requested resources for the Redis® replicas containers - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 250m - # memory: 256Mi - requests: {} - # cpu: 250m - # memory: 256Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context - ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context - ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param replica.updateStrategy.type Redis® replicas statefulset strategy type - ## @skip replica.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - rollingUpdate: {} - ## @param replica.priorityClassName Redis® replicas pods' priorityClassName - ## - priorityClassName: "" - ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param replica.hostAliases Redis® replicas pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param replica.podLabels Extra labels for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param replica.podAnnotations Annotations for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set - ## - key: "" - ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param replica.affinity Affinity for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param replica.tolerations Tolerations for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param replica.topologySpreadConstraints Spread Constraints for Redis® replicas pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param replica.dnsPolicy DNS Policy for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - dnsPolicy: "" - ## @param replica.dnsConfig DNS Configuration for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - dnsConfig: {} - ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis® replicas pod(s) - ## - extraVolumes: [] - ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) - ## - extraVolumeMounts: [] - ## @param replica.sidecars Add additional sidecar containers to the Redis® replicas pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param replica.initContainers Add additional init containers to the Redis® replicas pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence Parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims - ## - enabled: true - ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param replica.persistence.path The path the volume will be mounted at on Redis® replicas containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis® replicas containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param replica.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param replica.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param replica.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param replica.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param replica.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param replica.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires replica.persistence.enabled: true - ## - existingClaim: "" - ## Redis® replicas service parameters - ## - service: - ## @param replica.service.type Redis® replicas service type - ## - type: ClusterIP - ## @param replica.service.ports.redis Redis® replicas service port - ## - ports: - redis: 6379 - ## @param replica.service.nodePorts.redis Node port for Redis® replicas - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "" - ## @param replica.service.externalTrafficPolicy Redis® replicas service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param replica.service.internalTrafficPolicy Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param replica.service.clusterIP Redis® replicas service Cluster IP - ## - clusterIP: "" - ## @param replica.service.loadBalancerIP Redis® replicas service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param replica.service.annotations Additional custom annotations for Redis® replicas service - ## - annotations: {} - ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods - ## - terminationGracePeriodSeconds: 30 - ## Autoscaling configuration - ## - autoscaling: - ## @param replica.autoscaling.enabled Enable replica autoscaling settings - ## - enabled: false - ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling - ## - minReplicas: 1 - ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling - ## - maxReplicas: 11 - ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling - ## - targetCPU: "" - ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling - ## - targetMemory: "" - -## @section Redis® Sentinel configuration parameters -## - -sentinel: - ## @param sentinel.enabled Use Redis® Sentinel on Redis® pods. - ## IMPORTANT: this will disable the master and replicas services and - ## create a single Redis® service exposing both the Redis and Sentinel ports - ## - enabled: false - ## Bitnami Redis® Sentinel image version - ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ - ## @param sentinel.image.registry Redis® Sentinel image registry - ## @param sentinel.image.repository Redis® Sentinel image repository - ## @param sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) - ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy - ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets - ## @param sentinel.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/redis-sentinel - tag: 6.2.7-debian-11-r12 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param sentinel.masterSet Master set name - ## - masterSet: mymaster - ## @param sentinel.quorum Sentinel Quorum - ## - quorum: 2 - ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. - ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes. - getMasterTimeout: 220 - ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. - ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. - ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. - ## - automateClusterRecovery: false - ## Sentinel timing restrictions - ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down - ## @param sentinel.failoverTimeout Timeout for performing a election failover - ## - downAfterMilliseconds: 60000 - failoverTimeout: 18000 - ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover - ## - parallelSyncs: 1 - ## @param sentinel.configuration Configuration for Redis® Sentinel nodes - ## ref: https://redis.io/topics/sentinel - ## - configuration: "" - ## @param sentinel.command Override default container command (useful when using custom images) - ## - command: [] - ## @param sentinel.args Override default container args (useful when using custom images) - ## - args: [] - ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel - ## - preExecCmds: [] - ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis® Sentinel nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsCM: "" - ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsSecret: "" - ## @param sentinel.externalMaster.enabled Use external master for bootstrapping - ## @param sentinel.externalMaster.host External master host to bootstrap from - ## @param sentinel.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param sentinel.containerPorts.sentinel Container port to open on Redis® Sentinel nodes - ## - containerPorts: - sentinel: 26379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis® Sentinel nodes - ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe - ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis® Sentinel nodes - ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes - ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) - ## - enabled: false - ## @param sentinel.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param sentinel.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param sentinel.persistence.size Persistent Volume size - ## - size: 100Mi - ## @param sentinel.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param sentinel.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param sentinel.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## Redis® Sentinel resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers - ## @param sentinel.resources.requests The requested resources for the Redis® Sentinel containers - ## - resources: - limits: {} - requests: {} - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context - ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis® Sentinel - ## - extraVolumes: [] - ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) - ## - extraVolumeMounts: [] - ## Redis® Sentinel service parameters - ## - service: - ## @param sentinel.service.type Redis® Sentinel service type - ## - type: ClusterIP - ## @param sentinel.service.ports.redis Redis® service port for Redis® - ## @param sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel - ## - ports: - redis: 6379 - sentinel: 26379 - ## @param sentinel.service.nodePorts.redis Node port for Redis® - ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## NOTE: By leaving these values blank, they will be generated by ports-configmap - ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port - ## - nodePorts: - redis: "" - sentinel: "" - ## @param sentinel.service.externalTrafficPolicy Redis® Sentinel service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP - ## - clusterIP: "" - ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param sentinel.service.annotations Additional custom annotations for Redis® Sentinel service - ## - annotations: {} - ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods - ## - terminationGracePeriodSeconds: 30 - -## @section Other Parameters -## - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## When set to false, only pods with the correct client label will have network access to the ports - ## Redis® is listening on. When true, Redis® will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## PodSecurityPolicy configuration -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules - ## - enabled: false -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] -## ServiceAccount configuration -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: true - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## Redis® Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Specifies whether a PodDisruptionBudget should be created - ## - create: false - ## @param pdb.minAvailable Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction - ## - maxUnavailable: "" -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS traffic - ## - enabled: false - ## @param tls.authClients Require clients to authenticate - ## - authClients: true - ## @param tls.autoGenerated Enable autogenerated certificates - ## - autoGenerated: false - ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates - ## - existingSecret: "" - ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead. - ## - certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate Key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## - certCAFilename: "" - ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) - ## - dhParamsFilename: "" - -## @section Metrics Parameters -## - -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics - ## - enabled: false - ## Bitnami Redis® Exporter image - ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ - ## @param metrics.image.registry Redis® Exporter image registry - ## @param metrics.image.repository Redis® Exporter image repository - ## @param metrics.image.tag Redis® Redis® Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Redis® Exporter image pull policy - ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/redis-exporter - tag: 1.43.0-debian-11-r4 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.command Override default metrics container init command (useful when using custom images) - ## - command: [] - ## @param metrics.redisTargetHost A way to specify an alternative Redis® hostname - ## Useful for certificate CN/SAN matching - ## - redisTargetHost: "localhost" - ## @param metrics.extraArgs Extra arguments for Redis® exporter, for example: - ## e.g.: - ## extraArgs: - ## check-keys: myKey,myOtherKey - ## - extraArgs: {} - ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context - ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar - ## - extraVolumes: [] - ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar - ## - extraVolumeMounts: [] - ## Redis® exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param metrics.resources.limits The resources limits for the Redis® exporter container - ## @param metrics.resources.requests The requested resources for the Redis® exporter container - ## - resources: - limits: {} - requests: {} - ## @param metrics.podLabels Extra labels for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param metrics.podAnnotations [object] Annotations for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - ## Redis® exporter service parameters - ## - service: - ## @param metrics.service.type Redis® exporter service type - ## - type: ClusterIP - ## @param metrics.service.port Redis® exporter service port - ## - port: 9121 - ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param metrics.service.loadBalancerIP Redis® exporter service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service - ## - annotations: {} - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabellings: [] - ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Custom Prometheus rules - ## e.g: - ## rules: - ## - alert: RedisDown - ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} down - ## description: Redis® instance {{ "{{ $labels.instance }}" }} is down - ## - alert: RedisMemoryHigh - ## expr: > - ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 - ## / - ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} - ## > 90 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} is using too much memory - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. - ## - alert: RedisKeyEviction - ## expr: | - ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 - ## for: 1s - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} has evicted keys - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. - ## - rules: [] - -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - runAsUser: 0 - -## init-sysctl container parameters -## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) -## -sysctl: - ## @param sysctl.enabled Enable init container to modify Kernel settings - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param sysctl.image.registry Bitnami Shell image registry - ## @param sysctl.image.repository Bitnami Shell image repository - ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy - ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param sysctl.command Override default init-sysctl container command (useful when using custom images) - ## - command: [] - ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` - ## - mountHostSys: false - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sysctl.resources.limits The resources limits for the init container - ## @param sysctl.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - -## @section useExternalDNS Parameters -## -## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. -## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. -## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. -## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. -## -useExternalDNS: - enabled: false - suffix: "" - annotationKey: external-dns.alpha.kubernetes.io/ - additionalAnnotations: {}