add helm charts
This commit is contained in:
Ybehrooz
124
backing-services/gitea/charts/valkey-cluster/templates/NOTES.txt
Normal file
124
backing-services/gitea/charts/valkey-cluster/templates/NOTES.txt
Normal file
@@ -0,0 +1,124 @@
|
||||
CHART NAME: {{ .Chart.Name }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
|
||||
⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
|
||||
Subscribe to Bitnami Secure Images to receive continued support and security updates.
|
||||
More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
|
||||
|
||||
{{- $secretName := include "valkey-cluster.secretName" . -}}
|
||||
{{- $secretPasswordKey := include "valkey-cluster.secretPasswordKey" . -}}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
|
||||
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
|
||||
|
||||
Get the list of pods by executing:
|
||||
|
||||
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
||||
|
||||
Access the pod you want to debug by executing
|
||||
|
||||
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
|
||||
|
||||
In order to replicate the container startup scripts execute this command:
|
||||
|
||||
/opt/bitnami/scripts/valkey-cluster/entrypoint.sh /opt/bitnami/scripts/valkey-cluster/run.sh
|
||||
|
||||
{{- else }}
|
||||
|
||||
{{ if .Values.usePassword }}
|
||||
To get your password run:
|
||||
{{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" $secretPasswordKey "context" $) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.cluster.externalAccess.enabled }}
|
||||
|
||||
To connect to your Valkey server from outside the cluster check the following information:
|
||||
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
|
||||
|
||||
You will have a different external IP for each Valkey node. Get the external ip from `-external` suffixed services: `kubectl get svc`.
|
||||
Valkey port: {{ .Values.cluster.externalAccess.service.port }}
|
||||
|
||||
{{- if not .Values.cluster.externalAccess.service.loadBalancerIP }}
|
||||
Once the LoadBalancerIPs are ready, you need to provide them and perform a Helm Upgrade:
|
||||
|
||||
helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set "cluster.externalAccess.enabled=true,cluster.externalAccess.service.type=LoadBalancer{{- $root := . }}{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }},cluster.externalAccess.service.loadBalancerIP[{{ $i }}]=load-balancerip-{{- $i }}{{- end }}" oci://registry-1.docker.io/bitnamicharts/valkey-cluster
|
||||
Where loadbalancer-ip-i are the LoadBalancerIPs provided by the cluster.
|
||||
{{- else -}}
|
||||
{{- if .Values.cluster.init -}}
|
||||
INFO: The Job to create the cluster will be created.
|
||||
{{- end -}}
|
||||
|
||||
To connect to your database from outside the cluster execute the following commands:
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-0-svc --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
||||
valkey-cli -c -h $SERVICE_IP -p {{ .Values.service.ports.valkey }} {{- if .Values.usePassword }} -a $VALKEY_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{- else }}
|
||||
|
||||
You have deployed a Valkey Cluster accessible only from within you Kubernetes Cluster.
|
||||
|
||||
{{- if .Values.cluster.init -}}
|
||||
INFO: The Job to create the cluster will be created.
|
||||
{{- end -}}
|
||||
|
||||
To connect to your Valkey cluster:
|
||||
|
||||
1. Run a Valkey pod that you can use as a client:
|
||||
{{- $password_env := ternary (include "common.utils.fieldToEnvVar" (dict "field" $secretPasswordKey)) "VALKEYPASSWORD" (not (eq .Values.notEmptyString "")) -}}
|
||||
{{- if .Values.tls.enabled }}
|
||||
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --restart='Never' --env VALKEY_PASSWORD=${{ $password_env }} --image {{ template "valkey-cluster.image" . }} --command -- sleep infinity
|
||||
|
||||
Copy your TLS certificates to the pod:
|
||||
|
||||
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "common.names.fullname" . }}-client:/tmp/client.cert
|
||||
kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "common.names.fullname" . }}-client:/tmp/client.key
|
||||
kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "common.names.fullname" . }}-client:/tmp/CA.cert
|
||||
|
||||
Use the following command to attach to the pod:
|
||||
|
||||
kubectl exec --tty -i {{ template "common.names.fullname" . }}-client \
|
||||
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
|
||||
--namespace {{ .Release.Namespace }} -- bash
|
||||
{{- else }}
|
||||
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' \
|
||||
{{ if .Values.usePassword }} --env VALKEY_PASSWORD=${{ $password_env }} \{{ end }}
|
||||
{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
|
||||
--image {{ template "valkey-cluster.image" . }} -- bash
|
||||
{{- end }}
|
||||
|
||||
2. Connect using the Valkey CLI:
|
||||
|
||||
valkey-cli -c -h {{ template "common.names.fullname" . }}{{ if .Values.usePassword }} -a ${{ $password_env }}{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
|
||||
|
||||
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
|
||||
Note: Since NetworkPolicy is enabled, only pods with label
|
||||
{{ template "common.names.fullname" . }}-client=true"
|
||||
will be able to connect to valkey.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- include "valkey-cluster.validateValues" . }}
|
||||
{{- include "valkey-cluster.checkRollingTags" . }}
|
||||
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
|
||||
{{- include "common.warnings.rollingTag" .Values.sysctlImage }}
|
||||
|
||||
{{- if and .Values.usePassword (not .Values.existingSecret) -}}
|
||||
|
||||
{{- $requiredPassword := dict "valueKey" "password" "secret" $secretName "field" $secretPasswordKey "context" $ -}}
|
||||
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
|
||||
|
||||
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredPasswordError) "context" $) -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- include "common.warnings.resources" (dict "sections" (list "metrics" "valkey" "sysctlImage" "updateJob" "volumePermissions") "context" $) }}
|
||||
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.sysctlImage) "context" $) }}
|
||||
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image .Values.sysctlImage) "context" $) }}
|
||||
@@ -0,0 +1,237 @@
|
||||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{/*
|
||||
Return the proper Valkey image name
|
||||
*/}}
|
||||
{{- define "valkey-cluster.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the metrics image)
|
||||
*/}}
|
||||
{{- define "valkey-cluster.metrics.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container volume-permissions image)
|
||||
*/}}
|
||||
{{- define "valkey-cluster.volumePermissions.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return sysctl image
|
||||
*/}}
|
||||
{{- define "valkey-cluster.sysctl.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.sysctlImage "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "valkey-cluster.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if a TLS secret object should be created
|
||||
*/}}
|
||||
{{- define "valkey-cluster.createTlsSecret" -}}
|
||||
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the secret containing Valkey TLS certificates
|
||||
*/}}
|
||||
{{- define "valkey-cluster.tlsSecretName" -}}
|
||||
{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}}
|
||||
{{- if $secretName -}}
|
||||
{{- printf "%s" (tpl $secretName $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the path to the cert file.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.tlsCert" -}}
|
||||
{{- if (include "valkey-cluster.createTlsSecret" . ) -}}
|
||||
{{- printf "/opt/bitnami/valkey/certs/%s" "tls.crt" -}}
|
||||
{{- else -}}
|
||||
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/valkey/certs/%s" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the path to the cert key file.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.tlsCertKey" -}}
|
||||
{{- if (include "valkey-cluster.createTlsSecret" . ) -}}
|
||||
{{- printf "/opt/bitnami/valkey/certs/%s" "tls.key" -}}
|
||||
{{- else -}}
|
||||
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/valkey/certs/%s" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the path to the CA cert file.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.tlsCACert" -}}
|
||||
{{- if (include "valkey-cluster.createTlsSecret" . ) -}}
|
||||
{{- printf "/opt/bitnami/valkey/certs/%s" "ca.crt" -}}
|
||||
{{- else -}}
|
||||
{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/valkey/certs/%s" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the path to the DH params file.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.tlsDHParams" -}}
|
||||
{{- if .Values.tls.dhParamsFilename -}}
|
||||
{{- printf "/opt/bitnami/valkey/certs/%s" .Values.tls.dhParamsFilename -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "valkey-cluster.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get the password secret.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.secretName" -}}
|
||||
{{- if .Values.existingSecret -}}
|
||||
{{- printf "%s" (tpl .Values.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get the password key to be retrieved from Valkey secret.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.secretPasswordKey" -}}
|
||||
{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}}
|
||||
{{- printf "%s" .Values.existingSecretPasswordKey -}}
|
||||
{{- else -}}
|
||||
{{- printf "valkey-password" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return Valkey password
|
||||
*/}}
|
||||
{{- define "valkey-cluster.password" -}}
|
||||
{{- if not (empty .Values.global.valkey.password) }}
|
||||
{{- .Values.global.valkey.password -}}
|
||||
{{- else if not (empty .Values.password) -}}
|
||||
{{- .Values.password -}}
|
||||
{{- else -}}
|
||||
{{- randAlphaNum 10 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Determines whether or not to create the Statefulset
|
||||
*/}}
|
||||
{{- define "valkey-cluster.createStatefulSet" -}}
|
||||
{{- if not .Values.cluster.externalAccess.enabled -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Check if there are rolling tags in the images */}}
|
||||
{{- define "valkey-cluster.checkRollingTags" -}}
|
||||
{{- include "common.warnings.rollingTag" .Values.image -}}
|
||||
{{- include "common.warnings.rollingTag" .Values.metrics.image -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
{{- define "valkey-cluster.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "valkey-cluster.validateValues.updateParameters" .) -}}
|
||||
{{- $messages := append $messages (include "valkey-cluster.validateValues.tlsParameters" .) -}}
|
||||
{{- $messages := append $messages (include "valkey-cluster.validateValues.tls" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Valkey Cluster - check update parameters */}}
|
||||
{{- define "valkey-cluster.validateValues.updateParameters" -}}
|
||||
{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) -}}
|
||||
{{- if .Values.cluster.externalAccess.enabled }}
|
||||
{{- if not .Values.cluster.update.newExternalIPs -}}
|
||||
valkey-cluster: newExternalIPs
|
||||
You must provide the newExternalIPs to perform the cluster upgrade when using external access.
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
{{- if not .Values.cluster.update.currentNumberOfNodes -}}
|
||||
valkey-cluster: currentNumberOfNodes
|
||||
You must provide the currentNumberOfNodes to perform an upgrade when not using external access.
|
||||
{{- end -}}
|
||||
{{- if kindIs "invalid" .Values.cluster.update.currentNumberOfReplicas -}}
|
||||
valkey-cluster: currentNumberOfReplicas
|
||||
You must provide the currentNumberOfReplicas to perform an upgrade when not using external access.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Valkey Cluster - tls settings */}}
|
||||
{{- define "valkey-cluster.validateValues.tlsParameters" -}}
|
||||
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) }}
|
||||
{{- if and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) -}}
|
||||
valkey-cluster: TLSSecretMissingSecret
|
||||
A secret containing the certificates for the TLS traffic is required when TLS is enabled. Please set the tls.existingSecret value
|
||||
{{- end -}}
|
||||
{{- if not .Values.tls.certFilename -}}
|
||||
valkey-cluster: TLSSecretMissingCert
|
||||
A certificate filename is required when TLS is enabled. Please set the tls.certFilename value
|
||||
{{- end -}}
|
||||
{{- if not .Values.tls.certKeyFilename -}}
|
||||
valkey-cluster: TLSSecretMissingCertKey
|
||||
A certificate key filename is required when TLS is enabled. Please set the tls.certKeyFilename value
|
||||
{{- end -}}
|
||||
{{- if not .Values.tls.certCAFilename -}}
|
||||
valkey-cluster: TLSSecretMissingCertCA
|
||||
A certificate CA filename is required when TLS is enabled. Please set the tls.certCAFilename value
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Valkey - PodSecurityPolicy create */}}
|
||||
{{- define "valkey-cluster.validateValues.tls" -}}
|
||||
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }}
|
||||
valkey-cluster: tls.enabled
|
||||
In order to enable TLS, you also need to provide
|
||||
an existing secret containing the TLS certificates or
|
||||
enable auto-generated certificates.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,9 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- range .Values.extraDeploy }}
|
||||
---
|
||||
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,28 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ printf "%s-headless" (include "common.names.fullname" . ) | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.service.headless.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
publishNotReadyAddresses: true
|
||||
ports:
|
||||
- name: tcp-redis
|
||||
port: {{ .Values.valkey.containerPorts.valkey }}
|
||||
targetPort: tcp-redis
|
||||
- name: tcp-redis-bus
|
||||
port: {{ .Values.valkey.containerPorts.bus }}
|
||||
targetPort: tcp-redis-bus
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
@@ -0,0 +1,45 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.metrics.serviceMonitor.jobLabel }}
|
||||
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
|
||||
{{- end }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.metrics.serviceMonitor.interval }}
|
||||
interval: {{ .Values.metrics.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.relabelings }}
|
||||
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
|
||||
{{- if .Values.metrics.serviceMonitor.selector }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: "metrics"
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.metrics.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ printf "%s-metrics" (include "common.names.fullname" . ) | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: "metrics"
|
||||
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.metrics.service.type }}
|
||||
{{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.metrics.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
port: {{ .Values.metrics.service.ports.http }}
|
||||
targetPort: http-metrics
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,81 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
kind: NetworkPolicy
|
||||
apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }}
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
{{- if .Values.networkPolicy.allowExternalEgress }}
|
||||
egress:
|
||||
- {}
|
||||
{{- else }}
|
||||
egress:
|
||||
# Allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
# Allow outbound connections to other cluster pods
|
||||
- ports:
|
||||
- port: {{ .Values.valkey.containerPorts.valkey }}
|
||||
- port: {{ .Values.valkey.containerPorts.bus }}
|
||||
to:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
||||
{{- if .Values.networkPolicy.extraEgress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ingress:
|
||||
# Allow inbound connections
|
||||
- ports:
|
||||
- port: {{ .Values.valkey.containerPorts.valkey }}
|
||||
- port: {{ .Values.valkey.containerPorts.bus }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
# Allow prometheus scrapes for metrics
|
||||
- port: {{ .Values.metrics.containerPorts.http }}
|
||||
{{- end }}
|
||||
{{- if not .Values.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ template "common.names.fullname" . }}-client: "true"
|
||||
- podSelector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
|
||||
{{ $key | quote }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.extraIngress }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,32 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if or .Values.podDisruptionBudget .Values.pdb.create }}
|
||||
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.podDisruptionBudget "context" $) | nindent 2 }}
|
||||
{{- else }}
|
||||
{{- if .Values.pdb.minAvailable }}
|
||||
minAvailable: {{ .Values.pdb.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable) }}
|
||||
maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
matchExpressions:
|
||||
- {key: job-name, operator: NotIn, values: [{{ template "common.names.fullname" . }}-cluster-update]}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,25 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.metrics.prometheusRule.additionalLabels }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.metrics.prometheusRule.rules }}
|
||||
groups:
|
||||
- name: {{ template "common.names.name" $ }}
|
||||
rules: {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,113 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-scripts" (include "common.names.fullname" . ) | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
ping_readiness_local.sh: |-
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
VALKEY_STATUS_FILE=/tmp/.valkey_cluster_check
|
||||
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
password_aux=`cat ${VALKEY_PASSWORD_FILE}`
|
||||
export REDISCLI_AUTH=$password_aux
|
||||
{{- else }}
|
||||
if [ ! -z "$VALKEY_PASSWORD" ]; then export REDISCLI_AUTH=$VALKEY_PASSWORD; fi;
|
||||
{{- end }}
|
||||
response=$(
|
||||
timeout -s 15 $1 \
|
||||
valkey-cli \
|
||||
-h localhost \
|
||||
{{- if .Values.tls.enabled }}
|
||||
-p $VALKEY_TLS_PORT_NUMBER \
|
||||
--tls \
|
||||
--cert {{ template "valkey-cluster.tlsCert" . }} \
|
||||
--key {{ template "valkey-cluster.tlsCertKey" . }} \
|
||||
--cacert {{ template "valkey-cluster.tlsCACert" . }} \
|
||||
{{- else }}
|
||||
-p $VALKEY_PORT_NUMBER \
|
||||
{{- end }}
|
||||
ping
|
||||
)
|
||||
if [ "$?" -eq "124" ]; then
|
||||
echo "Timed out"
|
||||
exit 1
|
||||
fi
|
||||
if [ "$response" != "PONG" ]; then
|
||||
echo "$response"
|
||||
exit 1
|
||||
fi
|
||||
{{- if not .Values.cluster.externalAccess.enabled }}
|
||||
if [ ! -f "$VALKEY_STATUS_FILE" ]; then
|
||||
response=$(
|
||||
timeout -s 15 $1 \
|
||||
valkey-cli \
|
||||
-h localhost \
|
||||
{{- if .Values.tls.enabled }}
|
||||
-p $VALKEY_TLS_PORT_NUMBER \
|
||||
--tls \
|
||||
--cert {{ template "valkey-cluster.tlsCert" . }} \
|
||||
--key {{ template "valkey-cluster.tlsCertKey" . }} \
|
||||
--cacert {{ template "valkey-cluster.tlsCACert" . }} \
|
||||
{{- else }}
|
||||
-p $VALKEY_PORT_NUMBER \
|
||||
{{- end }}
|
||||
CLUSTER INFO | grep cluster_state | tr -d '[:space:]'
|
||||
)
|
||||
if [ "$?" -eq "124" ]; then
|
||||
echo "Timed out"
|
||||
exit 1
|
||||
fi
|
||||
if [ "$response" != "cluster_state:ok" ]; then
|
||||
echo "$response"
|
||||
exit 1
|
||||
else
|
||||
touch "$VALKEY_STATUS_FILE"
|
||||
fi
|
||||
fi
|
||||
{{- end }}
|
||||
ping_liveness_local.sh: |-
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
password_aux=`cat ${VALKEY_PASSWORD_FILE}`
|
||||
export REDISCLI_AUTH=$password_aux
|
||||
{{- else }}
|
||||
if [ ! -z "$VALKEY_PASSWORD" ]; then export REDISCLI_AUTH=$VALKEY_PASSWORD; fi;
|
||||
{{- end }}
|
||||
response=$(
|
||||
timeout -s 15 $1 \
|
||||
valkey-cli \
|
||||
-h localhost \
|
||||
{{- if .Values.tls.enabled }}
|
||||
-p $VALKEY_TLS_PORT_NUMBER \
|
||||
--tls \
|
||||
--cert {{ template "valkey-cluster.tlsCert" . }} \
|
||||
--key {{ template "valkey-cluster.tlsCertKey" . }} \
|
||||
--cacert {{ template "valkey-cluster.tlsCACert" . }} \
|
||||
{{- else }}
|
||||
-p $VALKEY_PORT_NUMBER \
|
||||
{{- end }}
|
||||
ping
|
||||
)
|
||||
if [ "$?" -eq "124" ]; then
|
||||
echo "Timed out"
|
||||
exit 1
|
||||
fi
|
||||
responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
|
||||
if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then
|
||||
echo "$response"
|
||||
exit 1
|
||||
fi
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.usePassword (not .Values.existingSecret) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
valkey-password: {{ include "valkey-cluster.password" . | b64enc | quote }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,64 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.cluster.externalAccess.enabled }}
|
||||
{{- $fullName := include "common.names.fullname" . }}
|
||||
{{- $nodesCount := .Values.cluster.nodes | int }}
|
||||
{{- $root := . }}
|
||||
|
||||
{{- range $i, $e := until $nodesCount }}
|
||||
{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }}
|
||||
{{- $_ := set $ "targetPod" $targetPod }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" $ }}-{{ $i }}-svc
|
||||
namespace: {{ $.Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
pod: {{ $targetPod }}
|
||||
{{- if or
|
||||
($root.Values.cluster.externalAccess.service.annotations)
|
||||
($root.Values.commonAnnotations)
|
||||
(ne $root.Values.cluster.externalAccess.service.loadBalancerIPAnnotaion "") }}
|
||||
{{- $loadBalancerIPAnnotaion := "" }}
|
||||
{{- if ne $root.Values.cluster.externalAccess.service.loadBalancerIPAnnotaion ""}}
|
||||
{{- $loadBalancerIPAnnotaion = printf
|
||||
"%s: %s"
|
||||
$root.Values.cluster.externalAccess.service.loadBalancerIPAnnotaion
|
||||
(index $root.Values.cluster.externalAccess.service.loadBalancerIP $i) }}
|
||||
{{- end }}
|
||||
{{- $annotations := include "common.tplvalues.merge"
|
||||
( dict "values"
|
||||
( list
|
||||
$root.Values.cluster.externalAccess.service.annotations
|
||||
$root.Values.commonAnnotations
|
||||
$loadBalancerIPAnnotaion
|
||||
) "context" $ ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ $root.Values.cluster.externalAccess.service.type }}
|
||||
{{- if and
|
||||
($root.Values.cluster.externalAccess.service.loadBalancerIP)
|
||||
(eq $root.Values.cluster.externalAccess.service.loadBalancerIPAnnotaion "")
|
||||
(not $root.Values.cluster.externalAccess.service.disableLoadBalancerIP) }}
|
||||
loadBalancerIP: {{ index $root.Values.cluster.externalAccess.service.loadBalancerIP $i }}
|
||||
{{- end }}
|
||||
{{- if and (eq $root.Values.cluster.externalAccess.service.type "LoadBalancer") $root.Values.cluster.externalAccess.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml $root.Values.cluster.externalAccess.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: tcp-redis
|
||||
port: {{ $root.Values.cluster.externalAccess.service.port }}
|
||||
targetPort: tcp-redis
|
||||
- name: tcp-redis-bus
|
||||
targetPort: tcp-redis-bus
|
||||
port: {{ $root.Values.valkey.containerPorts.bus }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.valkey.podLabels $root.Values.commonLabels ) "context" $ ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
statefulset.kubernetes.io/pod-name: {{ $targetPod }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,30 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if (include "valkey-cluster.createTlsSecret" .) }}
|
||||
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
|
||||
{{- $ca := genCA "valkey-cluster-ca" 365 }}
|
||||
{{- $releaseNamespace := .Release.Namespace }}
|
||||
{{- $clusterDomain := .Values.clusterDomain }}
|
||||
{{- $fullname := include "common.names.fullname" . }}
|
||||
{{- $serviceName := include "common.names.fullname" . }}
|
||||
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
|
||||
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
|
||||
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
|
||||
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
|
||||
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,266 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.cluster.update.addNodes ( or (and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.service.loadBalancerIP) ( not .Values.cluster.externalAccess.enabled )) }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}-cluster-update
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.updateJob.helmHook }}
|
||||
{{- if or .Values.updateJob.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updateJob.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
activeDeadlineSeconds: {{ .Values.updateJob.activeDeadlineSeconds }}
|
||||
template:
|
||||
metadata:
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.updateJob.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 8 }}
|
||||
{{- if or .Values.updateJob.podAnnotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.updateJob.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "valkey-cluster.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.updateJob.automountServiceAccountToken }}
|
||||
{{- if .Values.updateJob.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAffinityPreset "customLabels" $labels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.updateJob.podAntiAffinityPreset "customLabels" $labels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.updateJob.nodeAffinityPreset.type "key" .Values.updateJob.nodeAffinityPreset.key "values" .Values.updateJob.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.tolerations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.priorityClassName }}
|
||||
priorityClassName: {{ .Values.updateJob.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "valkey-cluster.serviceAccountName" . }}
|
||||
{{- if .Values.updateJob.initContainers }}
|
||||
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: trigger
|
||||
image: {{ include "valkey-cluster.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.updateJob.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.command "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
command: ['/bin/bash', '-c']
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.updateJob.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.updateJob.args "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
args:
|
||||
- |
|
||||
. /opt/bitnami/scripts/libnet.sh
|
||||
. /opt/bitnami/scripts/libos.sh
|
||||
# Backwards compatibility change
|
||||
if ! [[ -f /opt/bitnami/valkey/etc/valkey.conf ]]; then
|
||||
cp /opt/bitnami/valkey/etc/valkey-default.conf /opt/bitnami/valkey/etc/valkey.conf
|
||||
fi
|
||||
firstNodeIP=$(wait_for_dns_lookup {{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless 120 5)
|
||||
{{- if .Values.cluster.externalAccess.enabled }}
|
||||
newNodeCounter=0
|
||||
for nodeIP in $(echo "{{ .Values.cluster.update.newExternalIPs }}" | cut -d [ -f2 | cut -d ] -f 1 ); do
|
||||
{{- if .Values.tls.enabled }}
|
||||
while [[ $(valkey-cli -h "$nodeIP" -p "$VALKEY_TLS_PORT_NUMBER" --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} ping) != 'PONG' ]]; do
|
||||
{{- else }}
|
||||
while [[ $(valkey-cli -h "$nodeIP" -p "$VALKEY_PORT_NUMBER" ping) != 'PONG' ]]; do
|
||||
{{- end }}
|
||||
echo "Node $nodeIP not ready, waiting for all the nodes to be ready..."
|
||||
sleep 5
|
||||
done
|
||||
replica=()
|
||||
if (( $VALKEY_CLUSTER_REPLICAS >= 1 )) && (( newNodeCounter % (( $VALKEY_CLUSTER_REPLICAS + 1 )) )); then
|
||||
replica+=("--cluster-slave")
|
||||
fi
|
||||
{{- if .Values.tls.enabled }}
|
||||
while ! valkey-cli --cluster --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} add-node "${nodeIP}:${VALKEY_TLS_PORT_NUMBER}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_TLS_PORT_NUMBER}" ${replica[@]}; do
|
||||
{{- else }}
|
||||
while ! valkey-cli --cluster add-node "${nodeIP}:${VALKEY_PORT_NUMBER}" "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_PORT_NUMBER}" ${replica[@]}; do
|
||||
{{- end }}
|
||||
echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying"
|
||||
sleep 5
|
||||
done
|
||||
((newNodeCounter += 1))
|
||||
done
|
||||
|
||||
{{- if .Values.tls.enabled }}
|
||||
while ! valkey-cli --cluster rebalance --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_TLS_PORT_NUMBER}" --cluster-use-empty-masters; do
|
||||
{{- else }}
|
||||
while ! valkey-cli --cluster rebalance "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_PORT_NUMBER}" --cluster-use-empty-masters; do
|
||||
{{- end }}
|
||||
echo "Rebalance failed, retrying"
|
||||
sleep 5
|
||||
{{- if .Values.tls.enabled }}
|
||||
valkey-cli --cluster fix --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_TLS_PORT_NUMBER}"
|
||||
{{- else }}
|
||||
valkey-cli --cluster fix "{{ index .Values.cluster.externalAccess.service.loadBalancerIP 0 }}:${VALKEY_PORT_NUMBER}"
|
||||
{{- end }}
|
||||
done
|
||||
|
||||
{{- else }}
|
||||
# number of currently deployed valkey primary nodes
|
||||
currentPrimaryNodesNum="$(( {{ .Values.cluster.update.currentNumberOfNodes }} / (( {{ .Values.cluster.update.currentNumberOfReplicas }} + 1 )) ))"
|
||||
# end postion of new replicas that should be assigned to original valkey primary nodes
|
||||
replicaNodesEndPos="$(( {{ .Values.cluster.update.currentNumberOfNodes }} + (($VALKEY_CLUSTER_REPLICAS - {{ .Values.cluster.update.currentNumberOfReplicas }})) * $currentPrimaryNodesNum ))"
|
||||
for node in $(seq $((1+{{ .Values.cluster.update.currentNumberOfNodes }})) {{ .Values.cluster.nodes }}); do
|
||||
newNodeIndex="$(($node - 1))"
|
||||
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
|
||||
{{- if .Values.tls.enabled }}
|
||||
while [[ $(valkey-cli -h "$newNodeIP" -p "$VALKEY_TLS_PORT_NUMBER" --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} ping) != 'PONG' ]]; do
|
||||
{{- else }}
|
||||
while [[ $(valkey-cli -h "$newNodeIP" -p "$VALKEY_PORT_NUMBER" ping) != 'PONG' ]]; do
|
||||
{{- end }}
|
||||
echo "Node $newNodeIP not ready, waiting for all the nodes to be ready..."
|
||||
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
|
||||
sleep 5
|
||||
done
|
||||
replica=()
|
||||
# when the index of the new node is less than `replicaNodesEndPos`,the added node is a replica that assigned to original valkey primary node
|
||||
# when the index of the new node is greater than or equal to `replicaNodesEndPos`,and it is not a multiple of `$VALKEY_CLUSTER_REPLICAS + 1`, the added node is a replica that assigned to newly added primary node
|
||||
if (( $VALKEY_CLUSTER_REPLICAS >= 1 )) && (( (( $newNodeIndex < $replicaNodesEndPos )) || (( (( $newNodeIndex >= $replicaNodesEndPos )) && (( $newNodeIndex % (( $VALKEY_CLUSTER_REPLICAS + 1 )) )) )) )); then
|
||||
replica+=("--cluster-slave")
|
||||
fi
|
||||
{{- if .Values.tls.enabled }}
|
||||
while ! valkey-cli --cluster add-node --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} "${newNodeIP}:${VALKEY_TLS_PORT_NUMBER}" "${firstNodeIP}:${VALKEY_TLS_PORT_NUMBER}" ${replica[@]}; do
|
||||
{{- else }}
|
||||
while ! valkey-cli --cluster add-node "${newNodeIP}:${VALKEY_PORT_NUMBER}" "${firstNodeIP}:${VALKEY_PORT_NUMBER}" ${replica[@]}; do
|
||||
{{- end }}
|
||||
echo "Add-node ${newNodeIndex} ${newNodeIP} failed, retrying"
|
||||
sleep 5
|
||||
firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5)
|
||||
newNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-${newNodeIndex}.{{ template "common.names.fullname" . }}-headless" 120 5)
|
||||
done
|
||||
done
|
||||
|
||||
{{- if .Values.tls.enabled }}
|
||||
while ! valkey-cli --cluster rebalance --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} "${firstNodeIP}:${VALKEY_TLS_PORT_NUMBER}" --cluster-use-empty-masters; do
|
||||
{{- else }}
|
||||
while ! valkey-cli --cluster rebalance "${firstNodeIP}:${VALKEY_PORT_NUMBER}" --cluster-use-empty-masters; do
|
||||
{{- end }}
|
||||
echo "Rebalance failed, retrying"
|
||||
sleep 5
|
||||
firstNodeIP=$(wait_for_dns_lookup "{{ template "common.names.fullname" . }}-0.{{ template "common.names.fullname" . }}-headless" 120 5)
|
||||
{{- if .Values.tls.enabled }}
|
||||
valkey-cli --cluster fix --tls --cert ${VALKEY_TLS_CERT_FILE} --key ${VALKEY_TLS_KEY_FILE} --cacert ${VALKEY_TLS_CA_FILE} "${firstNodeIP}:${VALKEY_TLS_PORT_NUMBER}"
|
||||
{{- else }}
|
||||
valkey-cli --cluster fix "${firstNodeIP}:${VALKEY_PORT_NUMBER}"
|
||||
{{- end }}
|
||||
done
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
|
||||
{{- if .Values.cluster.externalAccess.enabled }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: VALKEY_TLS_CERT_FILE
|
||||
value: {{ template "valkey-cluster.tlsCert" . }}
|
||||
- name: VALKEY_TLS_KEY_FILE
|
||||
value: {{ template "valkey-cluster.tlsCertKey" . }}
|
||||
- name: VALKEY_TLS_CA_FILE
|
||||
value: {{ template "valkey-cluster.tlsCACert" . }}
|
||||
- name: VALKEY_TLS_PORT_NUMBER
|
||||
{{- else }}
|
||||
- name: VALKEY_PORT_NUMBER
|
||||
{{- end }}
|
||||
value: {{ .Values.cluster.externalAccess.service.port | quote }}
|
||||
{{- else }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: VALKEY_TLS_CERT_FILE
|
||||
value: {{ template "valkey-cluster.tlsCert" . }}
|
||||
- name: VALKEY_TLS_KEY_FILE
|
||||
value: {{ template "valkey-cluster.tlsCertKey" . }}
|
||||
- name: VALKEY_TLS_CA_FILE
|
||||
value: {{ template "valkey-cluster.tlsCACert" . }}
|
||||
- name: VALKEY_TLS_PORT_NUMBER
|
||||
{{- else }}
|
||||
- name: VALKEY_PORT_NUMBER
|
||||
{{- end }}
|
||||
value: {{ .Values.valkey.containerPorts.valkey | quote }}
|
||||
{{- end }}
|
||||
- name: VALKEY_CLUSTER_REPLICAS
|
||||
value: {{ .Values.cluster.replicas | quote }}
|
||||
{{- if .Values.usePassword }}
|
||||
- name: REDISCLI_AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "valkey-cluster.secretName" . }}
|
||||
key: {{ template "valkey-cluster.secretPasswordKey" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.updateJob.extraEnvVarsCM .Values.updateJob.extraEnvVarsSecret }}
|
||||
envFrom:
|
||||
{{- if .Values.updateJob.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsCM "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" (dict "value" .Values.updateJob.extraEnvVarsSecret "context" $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.resources }}
|
||||
resources: {{- toYaml .Values.updateJob.resources | nindent 12 }}
|
||||
{{- else if ne .Values.updateJob.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.updateJob.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.tls.enabled .Values.updateJob.extraVolumeMounts }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: valkey-certificates
|
||||
mountPath: /opt/bitnami/valkey/certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
{{- if or .Values.tls.enabled .Values.updateJob.extraVolumes }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: valkey-certificates
|
||||
secret:
|
||||
secretName: {{ include "common.tplvalues.render" (dict "value" .Values.tls.certificatesSecret "context" $) }}
|
||||
{{- end }}
|
||||
{{- if .Values.updateJob.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.updateJob.extraVolumes "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.rbac.role.rules }}
|
||||
{{- toYaml .Values.rbac.role.rules | nindent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,23 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "valkey-cluster.serviceAccountName" . }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,18 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "valkey-cluster.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,509 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{- if (include "valkey-cluster.createStatefulSet" .) }}
|
||||
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.valkey.updateStrategy }}
|
||||
updateStrategy: {{- toYaml .Values.valkey.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector:
|
||||
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
|
||||
replicas: {{ .Values.cluster.nodes }}
|
||||
serviceName: {{ include "common.names.fullname" . }}-headless
|
||||
podManagementPolicy: {{ .Values.valkey.podManagementPolicy }}
|
||||
template:
|
||||
metadata:
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
|
||||
{{- toYaml .Values.metrics.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
|
||||
{{- if not .Values.existingSecret }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- if .Values.valkey.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.valkey.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
hostNetwork: {{ .Values.valkey.hostNetwork }}
|
||||
enableServiceLinks: false
|
||||
{{- include "valkey-cluster.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "valkey-cluster.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.valkey.automountServiceAccountToken }}
|
||||
{{- if .Values.valkey.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.priorityClassName }}
|
||||
priorityClassName: {{ .Values.valkey.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.valkey.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.valkey.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.valkey.nodeAffinityPreset.type "key" .Values.valkey.nodeAffinityPreset.key "values" .Values.valkey.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.tolerations "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.shareProcessNamespace }}
|
||||
shareProcessNamespace: {{ .Values.valkey.shareProcessNamespace }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.schedulerName }}
|
||||
schedulerName: {{ .Values.valkey.schedulerName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.topologySpreadConstraints }}
|
||||
topologySpreadConstraints: {{- include "common.tplvalues.render" ( dict "value" .Values.valkey.topologySpreadConstraints "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ include "common.names.fullname" . }}
|
||||
image: {{ include "valkey-cluster.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
{{- else if .Values.valkey.command }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.command "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
command: ['/bin/bash', '-c']
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.valkey.args }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.args "context" $) | nindent 12 }}
|
||||
{{- else if .Values.cluster.externalAccess.enabled }}
|
||||
args:
|
||||
- |
|
||||
# Backwards compatibility change
|
||||
if ! [[ -f /opt/bitnami/valkey/etc/valkey.conf ]]; then
|
||||
cp /opt/bitnami/valkey/etc/valkey-default.conf /opt/bitnami/valkey/etc/valkey.conf
|
||||
fi
|
||||
pod_index=($(echo "$POD_NAME" | tr "-" "\n"))
|
||||
pod_index="${pod_index[-1]}"
|
||||
ips=($(echo "{{ .Values.cluster.externalAccess.service.loadBalancerIP }}" | cut -d [ -f2 | cut -d ] -f 1))
|
||||
{{- if .Values.cluster.externalAccess.hostMode }}
|
||||
export VALKEY_CLUSTER_ANNOUNCE_HOSTNAME="${ips[$pod_index]}"
|
||||
{{- else }}
|
||||
export VALKEY_CLUSTER_ANNOUNCE_IP="${ips[$pod_index]}"
|
||||
{{- end }}
|
||||
export VALKEY_NODES="${ips[@]}"
|
||||
{{- if .Values.cluster.init }}
|
||||
if [[ "$pod_index" == "0" ]]; then
|
||||
export VALKEY_CLUSTER_CREATOR="yes"
|
||||
export VALKEY_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}"
|
||||
fi
|
||||
{{- end }}
|
||||
/opt/bitnami/scripts/valkey-cluster/entrypoint.sh /opt/bitnami/scripts/valkey-cluster/run.sh
|
||||
{{- else }}
|
||||
args:
|
||||
- |
|
||||
# Backwards compatibility change
|
||||
if ! [[ -f /opt/bitnami/valkey/etc/valkey.conf ]]; then
|
||||
echo COPYING FILE
|
||||
cp /opt/bitnami/valkey/etc/valkey-default.conf /opt/bitnami/valkey/etc/valkey.conf
|
||||
fi
|
||||
{{- if .Values.cluster.init }}
|
||||
pod_index=($(echo "$POD_NAME" | tr "-" "\n"))
|
||||
pod_index="${pod_index[-1]}"
|
||||
if [[ "$pod_index" == "0" ]]; then
|
||||
export VALKEY_CLUSTER_CREATOR="yes"
|
||||
export VALKEY_CLUSTER_REPLICAS="{{ .Values.cluster.replicas }}"
|
||||
fi
|
||||
{{- end }}
|
||||
/opt/bitnami/scripts/valkey-cluster/entrypoint.sh /opt/bitnami/scripts/valkey-cluster/run.sh
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
{{- if and .Values.cluster.externalAccess.enabled .Values.cluster.externalAccess.hostMode }}
|
||||
- name: VALKEY_CLUSTER_DYNAMIC_IPS
|
||||
value: "yes"
|
||||
- name: VALKEY_CLUSTER_PREFERRED_ENDPOINT_TYPE
|
||||
value: "hostname"
|
||||
{{- else if .Values.cluster.externalAccess.enabled }}
|
||||
- name: VALKEY_CLUSTER_DYNAMIC_IPS
|
||||
value: "no"
|
||||
{{- else }}
|
||||
- name: VALKEY_NODES
|
||||
value: "{{ $count := .Values.cluster.nodes | int }}{{ range $i, $v := until $count }}{{ include "common.names.fullname" $ }}-{{ $i }}.{{ template "common.names.fullname" $ }}-headless {{ end }}"
|
||||
{{- end }}
|
||||
{{- if .Values.usePassword }}
|
||||
- name: REDISCLI_AUTH
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "valkey-cluster.secretName" . }}
|
||||
key: {{ template "valkey-cluster.secretPasswordKey" . }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: VALKEY_PASSWORD_FILE
|
||||
value: "/opt/bitnami/valkey/secrets/valkey-password"
|
||||
{{- else }}
|
||||
- name: VALKEY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "valkey-cluster.secretName" . }}
|
||||
key: {{ template "valkey-cluster.secretPasswordKey" . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: ALLOW_EMPTY_PASSWORD
|
||||
value: "yes"
|
||||
{{- end }}
|
||||
- name: VALKEY_AOF_ENABLED
|
||||
value: {{ .Values.valkey.useAOFPersistence | quote }}
|
||||
- name: VALKEY_TLS_ENABLED
|
||||
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: VALKEY_TLS_PORT_NUMBER
|
||||
value: {{ .Values.valkey.containerPorts.valkey | quote }}
|
||||
- name: VALKEY_TLS_AUTH_CLIENTS
|
||||
value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
|
||||
- name: VALKEY_TLS_CERT_FILE
|
||||
value: {{ template "valkey-cluster.tlsCert" . }}
|
||||
- name: VALKEY_TLS_KEY_FILE
|
||||
value: {{ template "valkey-cluster.tlsCertKey" . }}
|
||||
- name: VALKEY_TLS_CA_FILE
|
||||
value: {{ template "valkey-cluster.tlsCACert" . }}
|
||||
{{- if .Values.tls.dhParamsFilename }}
|
||||
- name: VALKEY_TLS_DH_PARAMS_FILE
|
||||
value: {{ template "valkey-cluster.tlsDHParams" . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: VALKEY_PORT_NUMBER
|
||||
value: {{ .Values.valkey.containerPorts.valkey | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.valkey.extraEnvVars "context" $ ) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.valkey.extraEnvVarsCM .Values.valkey.extraEnvVarsSecret }}
|
||||
envFrom:
|
||||
{{- if .Values.valkey.extraEnvVarsCM }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.tplvalues.render" ( dict "value" .Values.valkey.extraEnvVarsCM "context" $ ) }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ include "common.tplvalues.render" ( dict "value" .Values.valkey.extraEnvVarsSecret "context" $ ) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: tcp-redis
|
||||
containerPort: {{ .Values.valkey.containerPorts.valkey }}
|
||||
- name: tcp-redis-bus
|
||||
containerPort: {{ .Values.valkey.containerPorts.bus }}
|
||||
{{- if not .Values.diagnosticMode.enabled }}
|
||||
{{- if .Values.valkey.customLivenessProbe }}
|
||||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.customLivenessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.valkey.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
initialDelaySeconds: {{ .Values.valkey.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.valkey.livenessProbe.periodSeconds }}
|
||||
# One second longer than command timeout should prevent generation of zombie processes.
|
||||
timeoutSeconds: {{ add1 .Values.valkey.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.valkey.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.valkey.livenessProbe.failureThreshold }}
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- /scripts/ping_liveness_local.sh {{ .Values.valkey.livenessProbe.timeoutSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.customReadinessProbe }}
|
||||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.customReadinessProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.valkey.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
initialDelaySeconds: {{ .Values.valkey.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.valkey.readinessProbe.periodSeconds }}
|
||||
# One second longer than command timeout should prevent generation of zombie processes.
|
||||
timeoutSeconds: {{ add1 .Values.valkey.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.valkey.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.valkey.readinessProbe.failureThreshold }}
|
||||
exec:
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- /scripts/ping_readiness_local.sh {{ .Values.valkey.readinessProbe.timeoutSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.customStartupProbe }}
|
||||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.customStartupProbe "context" $) | nindent 12 }}
|
||||
{{- else if .Values.valkey.startupProbe.enabled }}
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: tcp-redis
|
||||
initialDelaySeconds: {{ .Values.valkey.startupProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.valkey.startupProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.valkey.startupProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.valkey.startupProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.valkey.startupProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.lifecycleHooks }}
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.valkey.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.resources }}
|
||||
resources: {{- toYaml .Values.valkey.resources | nindent 12 }}
|
||||
{{- else if ne .Values.valkey.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.valkey.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: scripts
|
||||
mountPath: /scripts
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
- name: valkey-password
|
||||
mountPath: /opt/bitnami/valkey/secrets/
|
||||
{{- end }}
|
||||
- name: valkey-data
|
||||
mountPath: {{ .Values.persistence.path }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
- name: default-config
|
||||
mountPath: /opt/bitnami/valkey/etc/valkey-default.conf
|
||||
subPath: valkey-default.conf
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/valkey/etc/
|
||||
subPath: app-conf-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/valkey/tmp
|
||||
subPath: app-tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/valkey/logs
|
||||
subPath: app-logs-dir
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: valkey-certificates
|
||||
mountPath: /opt/bitnami/valkey/certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.valkey.extraVolumeMounts "context" $ ) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
- name: metrics
|
||||
image: {{ template "valkey-cluster.metrics.image" . }}
|
||||
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
|
||||
{{- if .Values.metrics.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.diagnosticMode.enabled }}
|
||||
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
||||
{{- else }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
|
||||
{{- end }}
|
||||
redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
|
||||
- name: REDIS_ALIAS
|
||||
value: {{ template "common.names.fullname" . }}
|
||||
- name: REDIS_ADDR
|
||||
value: {{ printf "%s://127.0.0.1:%g" (ternary "rediss" "redis" .Values.tls.enabled) .Values.valkey.containerPorts.valkey | quote }}
|
||||
{{- if .Values.usePassword }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: REDIS_PASSWORD_FILE
|
||||
value: "/opt/bitnami/valkey/secrets/valkey-password"
|
||||
{{- else }}
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "valkey-cluster.secretName" . }}
|
||||
key: {{ template "valkey-cluster.secretPasswordKey" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
|
||||
value: {{ template "valkey-cluster.tlsCertKey" . }}
|
||||
- name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
|
||||
value: {{ template "valkey-cluster.tlsCert" . }}
|
||||
- name: REDIS_EXPORTER_TLS_CA_CERT_FILE
|
||||
value: {{ template "valkey-cluster.tlsCACert" . }}
|
||||
{{- end }}
|
||||
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
|
||||
value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
|
||||
{{- if .Values.metrics.extraEnvVars }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.usePassword .Values.usePasswordFiles) .Values.tls.enabled }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
- name: valkey-password
|
||||
mountPath: /opt/bitnami/valkey/secrets/
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: valkey-certificates
|
||||
mountPath: /opt/bitnami/valkey/certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http-metrics
|
||||
containerPort: {{ .Values.metrics.containerPorts.http }}
|
||||
{{- if .Values.metrics.resources }}
|
||||
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
|
||||
{{- else if ne .Values.metrics.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.sidecars }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.valkey.sidecars "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.containerSecurityContext.enabled }}
|
||||
{{- if or $needsVolumePermissions .Values.sysctlImage.enabled .Values.valkey.initContainers }}
|
||||
initContainers:
|
||||
{{- if $needsVolumePermissions }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "valkey-cluster.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command: ["/bin/chown", "-R", "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}", "{{ .Values.persistence.path }}"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: valkey-data
|
||||
mountPath: {{ .Values.persistence.path }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- if .Values.sysctlImage.enabled }}
|
||||
- name: init-sysctl
|
||||
image: {{ template "valkey-cluster.sysctl.image" . }}
|
||||
imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
|
||||
{{- if .Values.sysctlImage.resources }}
|
||||
resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
|
||||
{{- else if ne .Values.sysctlImage.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.sysctlImage.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.sysctlImage.mountHostSys }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: host-sys
|
||||
mountPath: /host-sys
|
||||
{{- end }}
|
||||
command:
|
||||
{{- toYaml .Values.sysctlImage.command | nindent 12 }}
|
||||
{{- if .Values.sysctlImage.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sysctlImage.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.valkey.initContainers }}
|
||||
{{- toYaml .Values.valkey.initContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: {{ include "common.names.fullname" . }}-scripts
|
||||
defaultMode: 0755
|
||||
{{- if and .Values.usePassword .Values.usePasswordFiles }}
|
||||
- name: valkey-password
|
||||
secret:
|
||||
secretName: {{ include "valkey-cluster.secretName" . }}
|
||||
items:
|
||||
- key: {{ include "valkey-cluster.secretPasswordKey" . }}
|
||||
path: valkey-password
|
||||
{{- end }}
|
||||
- name: default-config
|
||||
configMap:
|
||||
name: {{ include "common.names.fullname" . }}-default
|
||||
{{- if .Values.sysctlImage.mountHostSys }}
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.valkey.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.valkey.extraVolumes "context" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: valkey-certificates
|
||||
secret:
|
||||
secretName: {{ include "valkey-cluster.tlsSecretName" . }}
|
||||
defaultMode: 256
|
||||
{{- end }}
|
||||
{{- if not .Values.persistence.enabled }}
|
||||
- name: valkey-data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }}
|
||||
persistentVolumeClaimRetentionPolicy:
|
||||
whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
|
||||
whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: valkey-data
|
||||
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }}
|
||||
{{- if .Values.persistence.labels }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.persistence.labels "context" $) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.annotations }}
|
||||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
|
||||
{{- if or .Values.persistence.matchLabels .Values.persistence.matchExpressions }}
|
||||
selector:
|
||||
{{- if .Values.persistence.matchLabels }}
|
||||
matchLabels:
|
||||
{{- toYaml .Values.persistence.matchLabels | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- if .Values.persistence.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- toYaml .Values.persistence.matchExpressions | nindent 12 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,51 @@
|
||||
{{- /*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "common.names.fullname" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.labels .Values.commonLabels ) "context" . ) }}
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
|
||||
{{- if or .Values.service.annotations .Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
|
||||
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
|
||||
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
|
||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.sessionAffinityConfig }}
|
||||
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: tcp-redis
|
||||
port: {{ .Values.service.ports.valkey }}
|
||||
targetPort: tcp-redis
|
||||
protocol: TCP
|
||||
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.valkey)) }}
|
||||
nodePort: {{ .Values.service.nodePorts.valkey }}
|
||||
{{- else if eq .Values.service.type "ClusterIP" }}
|
||||
nodePort: null
|
||||
{{- end }}
|
||||
{{- if .Values.service.extraPorts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.valkey.podLabels .Values.commonLabels ) "context" . ) }}
|
||||
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
|
||||
Reference in New Issue
Block a user