255 lines
8.6 KiB
Smarty
255 lines
8.6 KiB
Smarty
{{/* vim: set filetype=mustache: */}}
|
|
|
|
{{/*
|
|
Return the proper Redis® image name
|
|
*/}}
|
|
{{- define "redis-cluster.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper image name (for the metrics image)
|
|
*/}}
|
|
{{- define "redis-cluster.metrics.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper image name (for the init container volume-permissions image)
|
|
*/}}
|
|
{{- define "redis-cluster.volumePermissions.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return sysctl image
|
|
*/}}
|
|
{{- define "redis-cluster.sysctl.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper Docker Image Registry Secret Names
|
|
*/}}
|
|
{{- define "redis-cluster.imagePullSecrets" -}}
|
|
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the appropriate apiVersion for networkpolicy.
|
|
*/}}
|
|
{{- define "networkPolicy.apiVersion" -}}
|
|
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
|
|
{{- print "extensions/v1beta1" -}}
|
|
{{- else -}}
|
|
{{- print "networking.k8s.io/v1" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the appropriate apiGroup for PodSecurityPolicy.
|
|
*/}}
|
|
{{- define "podSecurityPolicy.apiGroup" -}}
|
|
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
|
{{- print "policy" -}}
|
|
{{- else -}}
|
|
{{- print "extensions" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a TLS secret object should be created
|
|
*/}}
|
|
{{- define "redis-cluster.createTlsSecret" -}}
|
|
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the secret containing Redis TLS certificates
|
|
*/}}
|
|
{{- define "redis-cluster.tlsSecretName" -}}
|
|
{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}}
|
|
{{- if $secretName -}}
|
|
{{- printf "%s" (tpl $secretName $) -}}
|
|
{{- else -}}
|
|
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the cert file.
|
|
*/}}
|
|
{{- define "redis-cluster.tlsCert" -}}
|
|
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
|
|
{{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}}
|
|
{{- else -}}
|
|
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the cert key file.
|
|
*/}}
|
|
{{- define "redis-cluster.tlsCertKey" -}}
|
|
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
|
|
{{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}}
|
|
{{- else -}}
|
|
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the CA cert file.
|
|
*/}}
|
|
{{- define "redis-cluster.tlsCACert" -}}
|
|
{{- if (include "redis-cluster.createTlsSecret" . ) -}}
|
|
{{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}}
|
|
{{- else -}}
|
|
{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the DH params file.
|
|
*/}}
|
|
{{- define "redis-cluster.tlsDHParams" -}}
|
|
{{- if .Values.tls.dhParamsFilename -}}
|
|
{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the service account to use
|
|
*/}}
|
|
{{- define "redis-cluster.serviceAccountName" -}}
|
|
{{- if .Values.serviceAccount.create -}}
|
|
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
|
{{- else -}}
|
|
{{ default "default" .Values.serviceAccount.name }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the password secret.
|
|
*/}}
|
|
{{- define "redis-cluster.secretName" -}}
|
|
{{- if .Values.existingSecret -}}
|
|
{{- printf "%s" .Values.existingSecret -}}
|
|
{{- else -}}
|
|
{{- printf "%s" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the password key to be retrieved from Redis® secret.
|
|
*/}}
|
|
{{- define "redis-cluster.secretPasswordKey" -}}
|
|
{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}}
|
|
{{- printf "%s" .Values.existingSecretPasswordKey -}}
|
|
{{- else -}}
|
|
{{- printf "redis-password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return Redis® password
|
|
*/}}
|
|
{{- define "redis-cluster.password" -}}
|
|
{{- if not (empty .Values.global.redis.password) }}
|
|
{{- .Values.global.redis.password -}}
|
|
{{- else if not (empty .Values.password) -}}
|
|
{{- .Values.password -}}
|
|
{{- else -}}
|
|
{{- randAlphaNum 10 -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Determines whether or not to create the Statefulset
|
|
*/}}
|
|
{{- define "redis-cluster.createStatefulSet" -}}
|
|
{{- if not .Values.cluster.externalAccess.enabled -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Check if there are rolling tags in the images */}}
|
|
{{- define "redis-cluster.checkRollingTags" -}}
|
|
{{- include "common.warnings.rollingTag" .Values.image -}}
|
|
{{- include "common.warnings.rollingTag" .Values.metrics.image -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Compile all warnings into a single message, and call fail.
|
|
*/}}
|
|
{{- define "redis-cluster.validateValues" -}}
|
|
{{- $messages := list -}}
|
|
{{- $messages := append $messages (include "redis-cluster.validateValues.updateParameters" .) -}}
|
|
{{- $messages := append $messages (include "redis-cluster.validateValues.tlsParameters" .) -}}
|
|
{{- $messages := append $messages (include "redis-cluster.validateValues.tls" .) -}}
|
|
{{- $messages := without $messages "" -}}
|
|
{{- $message := join "\n" $messages -}}
|
|
|
|
{{- if $message -}}
|
|
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Redis® Cluster - check update parameters */}}
|
|
{{- define "redis-cluster.validateValues.updateParameters" -}}
|
|
{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) -}}
|
|
{{- if .Values.cluster.externalAccess.enabled }}
|
|
{{- if not .Values.cluster.update.newExternalIPs -}}
|
|
redis-cluster: newExternalIPs
|
|
You must provide the newExternalIPs to perform the cluster upgrade when using external access.
|
|
{{- end -}}
|
|
{{- else }}
|
|
{{- if not .Values.cluster.update.currentNumberOfNodes -}}
|
|
redis-cluster: currentNumberOfNodes
|
|
You must provide the currentNumberOfNodes to perform an upgrade when not using external access.
|
|
{{- end -}}
|
|
{{- if not .Values.cluster.update.currentNumberOfReplicas -}}
|
|
redis-cluster: currentNumberOfReplicas
|
|
You must provide the currentNumberOfReplicas to perform an upgrade when not using external access.
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Redis® Cluster - tls settings */}}
|
|
{{- define "redis-cluster.validateValues.tlsParameters" -}}
|
|
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) }}
|
|
{{- if and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) -}}
|
|
redis-cluster: TLSSecretMissingSecret
|
|
A secret containing the certificates for the TLS traffic is required when TLS is enabled. Please set the tls.existingSecret value
|
|
{{- end -}}
|
|
{{- if not .Values.tls.certFilename -}}
|
|
redis-cluster: TLSSecretMissingCert
|
|
A certificate filename is required when TLS is enabled. Please set the tls.certFilename value
|
|
{{- end -}}
|
|
{{- if not .Values.tls.certKeyFilename -}}
|
|
redis-cluster: TLSSecretMissingCertKey
|
|
A certificate key filename is required when TLS is enabled. Please set the tls.certKeyFilename value
|
|
{{- end -}}
|
|
{{- if not .Values.tls.certCAFilename -}}
|
|
redis-cluster: TLSSecretMissingCertCA
|
|
A certificate CA filename is required when TLS is enabled. Please set the tls.certCAFilename value
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Redis® - PodSecurityPolicy create */}}
|
|
{{- define "redis-cluster.validateValues.tls" -}}
|
|
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
|
|
redis-cluster: tls.enabled
|
|
In order to enable TLS, you also need to provide
|
|
an existing secret containing the TLS certificates or
|
|
enable auto-generated certificates.
|
|
{{- end -}}
|
|
{{- end -}}
|