[VOL-4763] Adding voltha-go-controller and redis helm charts
Change-Id: I21ce624f359989e814c4475cc5e18672fd16c795
diff --git a/redis/.helmignore b/redis/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/redis/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/redis/Chart.yaml b/redis/Chart.yaml
new file mode 100644
index 0000000..4766fed
--- /dev/null
+++ b/redis/Chart.yaml
@@ -0,0 +1,37 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+name: redis
+version: 11.1.0
+appVersion: 6.0.8
+description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.
+keywords:
+ - redis
+ - keyvalue
+ - database
+home: https://github.com/bitnami/charts/tree/master/bitnami/redis
+icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png
+sources:
+ - https://github.com/bitnami/bitnami-docker-redis
+ - http://redis.io/
+maintainers:
+ - name: Bitnami
+ email: containers@bitnami.com
+ - name: desaintmartin
+ email: cedric@desaintmartin.fr
+engine: gotpl
+annotations:
+ category: Database
+
diff --git a/redis/README.md b/redis/README.md
new file mode 100644
index 0000000..f3f259b
--- /dev/null
+++ b/redis/README.md
@@ -0,0 +1,709 @@
+# Redis<sup>TM</sup> Chart packaged by Bitnami
+
+[Redis<sup>TM</sup>](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
+
+Disclaimer: REDIS® is a registered trademark of Redis Labs Ltd.Any rights therein are reserved to Redis Labs Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd.
+
+## TL;DR
+
+```bash
+$ helm repo add bitnami https://charts.bitnami.com/bitnami
+$ helm install my-release bitnami/redis
+```
+
+## Introduction
+
+This chart bootstraps a [Redis<sup>TM</sup>](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
+
+### Choose between Redis<sup>TM</sup> Helm Chart and Redis<sup>TM</sup> Cluster Helm Chart
+
+You can choose any of the two Redis<sup>TM</sup> Helm charts for deploying a Redis<sup>TM</sup> cluster.
+While [Redis<sup>TM</sup> Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-slave cluster using Redis<sup>TM</sup> Sentinel, the [Redis<sup>TM</sup> Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis<sup>TM</sup> Cluster topology with sharding.
+The main features of each chart are the following:
+
+| Redis<sup>TM</sup> | Redis<sup>TM</sup> Cluster |
+|--------------------------------------------------------|------------------------------------------------------------------------|
+| Supports multiple databases | Supports only one database. Better if you have a big dataset |
+| Single write point (single master) | Multiple write points (multiple masters) |
+| ![Redis<sup>TM</sup> Topology](img/redis-topology.png) | ![Redis<sup>TM</sup> Cluster Topology](img/redis-cluster-topology.png) |
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.1.0
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install my-release bitnami/redis
+```
+
+The command deploys Redis<sup>TM</sup> on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Parameters
+
+The following table lists the configurable parameters of the Redis<sup>TM</sup> chart and their default values.
+
+| Parameter | Description | Default |
+|:------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------|
+| `global.imageRegistry` | Global Docker image registry | `nil` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
+| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
+| `global.redis.password` | Redis<sup>TM</sup> password (overrides `password`) | `nil` |
+| `image.registry` | Redis<sup>TM</sup> Image registry | `docker.io` |
+| `image.repository` | Redis<sup>TM</sup> Image name | `bitnami/redis` |
+| `image.tag` | Redis<sup>TM</sup> Image tag | `{TAG_NAME}` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify docker-registry secret names as an array | `nil` |
+| `nameOverride` | String to partially override redis.fullname template with a string (will prepend the release name) | `nil` |
+| `fullnameOverride` | String to fully override redis.fullname template with a string | `nil` |
+| `cluster.enabled` | Use master-slave topology | `true` |
+| `cluster.slaveCount` | Number of slaves | `2` |
+| `existingSecret` | Name of existing secret object (for password authentication) | `nil` |
+| `existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `nil` |
+| `usePassword` | Use password | `true` |
+| `usePasswordFile` | Mount passwords as files instead of environment variables | `false` |
+| `password` | Redis<sup>TM</sup> password (ignored if existingSecret set) | Randomly generated |
+| `configmap` | Additional common Redis<sup>TM</sup> node configuration (this value is evaluated as a template) | See values.yaml |
+| `clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` |
+| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
+| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
+| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` |
+| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` |
+| `securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` |
+| `securityContext.enabled` | Enable security context (both redis master and slave pods) | `true` |
+| `securityContext.fsGroup` | Group ID for the container (both redis master and slave pods) | `1001` |
+| `containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
+| `containerSecurityContext.enabled` | Enable security context (both redis master and slave containers) | `true` |
+| `containerSecurityContext.runAsUser` | User ID for the container (both redis master and slave containers) | `1001` |
+| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
+| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
+| `serviceAccount.annotations` | Specifies annotations to add to ServiceAccount. | `nil` |
+| `rbac.create` | Specifies whether RBAC resources should be created | `false` |
+| `rbac.role.rules` | Rules to create | `[]` |
+| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
+| `metrics.image.registry` | Redis<sup>TM</sup> exporter image registry | `docker.io` |
+| `metrics.image.repository` | Redis<sup>TM</sup> exporter image name | `bitnami/redis-exporter` |
+| `metrics.image.tag` | Redis<sup>TM</sup> exporter image tag | `{TAG_NAME}` |
+| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `nil` |
+| `metrics.extraArgs` | Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter#flags) | {} |
+| `metrics.podLabels` | Additional labels for Metrics exporter pod | {} |
+| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | {} |
+| `metrics.resources` | Exporter resource requests/limit | Memory: `256Mi`, CPU: `100m` |
+| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
+| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` |
+| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` |
+| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` |
+| `metrics.serviceMonitor.relabelings` | ServiceMonitor relabelings. Value is evaluated as a template | `[]` |
+| `metrics.serviceMonitor.metricRelabelings` | ServiceMonitor metricRelabelings. Value is evaluated as a template | `[]` |
+| `metrics.service.type` | Kubernetes Service type (redis metrics) | `ClusterIP` |
+| `metrics.service.externalTrafficPolicy` | External traffic policy (when service type is LoadBalancer) | `Cluster` |
+| `metrics.service.annotations` | Annotations for the services to monitor (redis master and redis slave service) | {} |
+| `metrics.service.labels` | Additional labels for the metrics service | {} |
+| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` |
+| `metrics.priorityClassName` | Metrics exporter pod priorityClassName | `nil` |
+| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
+| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
+| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | Same namespace as redis |
+| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` |
+| `persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
+| `master.persistence.enabled` | Use a PVC to persist data (master node) | `true` |
+| `master.hostAliases` | Add deployment host aliases | `[]` |
+| `master.persistence.path` | Path to mount the volume at, to use other images | `/data` |
+| `master.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
+| `master.persistence.storageClass` | Storage class of backing PVC | `generic` |
+| `master.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` |
+| `master.persistence.size` | Size of data volume | `8Gi` |
+| `master.persistence.matchLabels` | matchLabels persistent volume selector | `{}` |
+| `master.persistence.matchExpressions` | matchExpressions persistent volume selector | `{}` |
+| `master.persistence.volumes` | Additional volumes without creating PVC | `{}` |
+| `master.statefulset.labels` | Additional labels for redis master StatefulSet | `{}` |
+| `master.statefulset.annotations` | Additional annotations for redis master StatefulSet | `{}` |
+| `master.statefulset.updateStrategy` | Update strategy for StatefulSet | onDelete |
+| `master.statefulset.rollingUpdatePartition` | Partition update strategy | `nil` |
+| `master.statefulset.volumeClaimTemplates.labels` | Additional labels for redis master StatefulSet volumeClaimTemplates | `{}` |
+| `master.statefulset.volumeClaimTemplates.annotations` | Additional annotations for redis master StatefulSet volumeClaimTemplates | `{}` |
+| `master.podLabels` | Additional labels for Redis<sup>TM</sup> master pod | {} |
+| `master.podAnnotations` | Additional annotations for Redis<sup>TM</sup> master pod | {} |
+| `master.extraEnvVars` | Additional Environment Variables passed to the pod of the master's stateful set set | `[]` |
+| `master.extraEnvVarCMs` | Additional Environment Variables ConfigMappassed to the pod of the master's stateful set set | `[]` |
+| `master.extraEnvVarsSecret` | Additional Environment Variables Secret passed to the master's stateful set | `[]` |
+| `podDisruptionBudget.enabled` | Pod Disruption Budget toggle | `false` |
+| `podDisruptionBudget.minAvailable` | Minimum available pods | `1` |
+| `podDisruptionBudget.maxUnavailable` | Maximum unavailable | `nil` |
+| `redisPort` | Redis<sup>TM</sup> port (in both master and slaves) | `6379` |
+| `tls.enabled` | Enable TLS support for replication traffic | `false` |
+| `tls.authClients` | Require clients to authenticate or not | `true` |
+| `tls.certificatesSecret` | Name of the secret that contains the certificates | `nil` |
+| `tls.certFilename` | Certificate filename | `nil` |
+| `tls.certKeyFilename` | Certificate key filename | `nil` |
+| `tls.certCAFilename` | CA Certificate filename | `nil` |
+| `tls.dhParamsFilename` | DH params (in order to support DH based ciphers) | `nil` |
+| `master.command` | Redis<sup>TM</sup> master entrypoint string. The command `redis-server` is executed if this is not provided. Note this is prepended with `exec` | `/run.sh` |
+| `master.preExecCmds` | Text to inset into the startup script immediately prior to `master.command`. Use this if you need to run other ad-hoc commands as part of startup | `nil` |
+| `master.configmap` | Additional Redis<sup>TM</sup> configuration for the master nodes (this value is evaluated as a template) | `nil` |
+| `master.disableCommands` | Array of Redis<sup>TM</sup> commands to disable (master) | `["FLUSHDB", "FLUSHALL"]` |
+| `master.extraFlags` | Redis<sup>TM</sup> master additional command line flags | [] |
+| `master.nodeSelector` | Redis<sup>TM</sup> master Node labels for pod assignment | {"beta.kubernetes.io/arch": "amd64"} |
+| `master.tolerations` | Toleration labels for Redis<sup>TM</sup> master pod assignment | [] |
+| `master.affinity` | Affinity settings for Redis<sup>TM</sup> master pod assignment | {} |
+| `master.schedulerName` | Name of an alternate scheduler | `nil` |
+| `master.service.type` | Kubernetes Service type (redis master) | `ClusterIP` |
+| `master.service.externalTrafficPolicy` | External traffic policy (when service type is LoadBalancer) | `Cluster` |
+| `master.service.port` | Kubernetes Service port (redis master) | `6379` |
+| `master.service.nodePort` | Kubernetes Service nodePort (redis master) | `nil` |
+| `master.service.annotations` | annotations for redis master service | {} |
+| `master.service.labels` | Additional labels for redis master service | {} |
+| `master.service.loadBalancerIP` | loadBalancerIP if redis master service type is `LoadBalancer` | `nil` |
+| `master.service.loadBalancerSourceRanges` | loadBalancerSourceRanges if redis master service type is `LoadBalancer` | `nil` |
+| `master.resources` | Redis<sup>TM</sup> master CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` |
+| `master.livenessProbe.enabled` | Turn on and off liveness probe (redis master pod) | `true` |
+| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (redis master pod) | `5` |
+| `master.livenessProbe.periodSeconds` | How often to perform the probe (redis master pod) | `5` |
+| `master.livenessProbe.timeoutSeconds` | When the probe times out (redis master pod) | `5` |
+| `master.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1` |
+| `master.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `master.readinessProbe.enabled` | Turn on and off readiness probe (redis master pod) | `true` |
+| `master.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (redis master pod) | `5` |
+| `master.readinessProbe.periodSeconds` | How often to perform the probe (redis master pod) | `5` |
+| `master.readinessProbe.timeoutSeconds` | When the probe times out (redis master pod) | `1` |
+| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1` |
+| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `master.shareProcessNamespace` | Redis<sup>TM</sup> Master pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` |
+| `master.priorityClassName` | Redis<sup>TM</sup> Master pod priorityClassName | `nil` |
+| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
+| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
+| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
+| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
+| `volumePermissions.resources ` | Init container volume-permissions CPU/Memory resource requests/limits | {} |
+| `volumePermissions.securityContext.*` | Security context of the init container | `{}` |
+| `volumePermissions.securityContext.runAsUser` | UserID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | 0 |
+| `slave.hostAliases` | Add deployment host aliases | `[]` |
+| `slave.service.type` | Kubernetes Service type (redis slave) | `ClusterIP` |
+| `slave.service.externalTrafficPolicy` | External traffic policy (when service type is LoadBalancer) | `Cluster` |
+| `slave.service.nodePort` | Kubernetes Service nodePort (redis slave) | `nil` |
+| `slave.service.annotations` | annotations for redis slave service | {} |
+| `slave.service.labels` | Additional labels for redis slave service | {} |
+| `slave.service.port` | Kubernetes Service port (redis slave) | `6379` |
+| `slave.service.loadBalancerIP` | LoadBalancerIP if Redis<sup>TM</sup> slave service type is `LoadBalancer` | `nil` |
+| `slave.service.loadBalancerSourceRanges` | loadBalancerSourceRanges if Redis<sup>TM</sup> slave service type is `LoadBalancer` | `nil` |
+| `slave.command` | Redis<sup>TM</sup> slave entrypoint string. The command `redis-server` is executed if this is not provided. Note this is prepended with `exec` | `/run.sh` |
+| `slave.preExecCmds` | Text to inset into the startup script immediately prior to `slave.command`. Use this if you need to run other ad-hoc commands as part of startup | `nil` |
+| `slave.configmap` | Additional Redis<sup>TM</sup> configuration for the slave nodes (this value is evaluated as a template) | `nil` |
+| `slave.disableCommands` | Array of Redis<sup>TM</sup> commands to disable (slave) | `[FLUSHDB, FLUSHALL]` |
+| `slave.extraFlags` | Redis<sup>TM</sup> slave additional command line flags | `[]` |
+| `slave.livenessProbe.enabled` | Turn on and off liveness probe (redis slave pod) | `true` |
+| `slave.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (redis slave pod) | `5` |
+| `slave.livenessProbe.periodSeconds` | How often to perform the probe (redis slave pod) | `5` |
+| `slave.livenessProbe.timeoutSeconds` | When the probe times out (redis slave pod) | `5` |
+| `slave.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod) | `1` |
+| `slave.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `slave.readinessProbe.enabled` | Turn on and off slave.readiness probe (redis slave pod) | `true` |
+| `slave.readinessProbe.initialDelaySeconds` | Delay before slave.readiness probe is initiated (redis slave pod) | `5` |
+| `slave.readinessProbe.periodSeconds` | How often to perform the probe (redis slave pod) | `5` |
+| `slave.readinessProbe.timeoutSeconds` | When the probe times out (redis slave pod) | `1` |
+| `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod) | `1` |
+| `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis slave pod) | `5` |
+| `slave.shareProcessNamespace` | Redis<sup>TM</sup> slave pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` |
+| `slave.persistence.enabled` | Use a PVC to persist data (slave node) | `true` |
+| `slave.persistence.path` | Path to mount the volume at, to use other images | `/data` |
+| `slave.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
+| `slave.persistence.storageClass` | Storage class of backing PVC | `generic` |
+| `slave.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` |
+| `slave.persistence.size` | Size of data volume | `8Gi` |
+| `slave.persistence.matchLabels` | matchLabels persistent volume selector | `{}` |
+| `slave.persistence.matchExpressions` | matchExpressions persistent volume selector | `{}` |
+| `slave.statefulset.labels` | Additional labels for redis slave StatefulSet | `{}` |
+| `slave.statefulset.annotations` | Additional annotations for redis slave StatefulSet | `{}` |
+| `slave.statefulset.updateStrategy` | Update strategy for StatefulSet | onDelete |
+| `slave.statefulset.rollingUpdatePartition` | Partition update strategy | `nil` |
+| `slave.statefulset.volumeClaimTemplates.labels` | Additional labels for redis slave StatefulSet volumeClaimTemplates | `{}` |
+| `slave.statefulset.volumeClaimTemplates.annotations` | Additional annotations for redis slave StatefulSet volumeClaimTemplates | `{}` |
+| `slave.extraEnvVars` | Additional Environment Variables passed to the pod of the slave's stateful set set | `[]` |
+| `slave.extraEnvVarCMs` | Additional Environment Variables ConfigMappassed to the pod of the slave's stateful set set | `[]` |
+| `masslaveter.extraEnvVarsSecret` | Additional Environment Variables Secret passed to the slave's stateful set | `[]` |
+| `slave.podLabels` | Additional labels for Redis<sup>TM</sup> slave pod | `master.podLabels` |
+| `slave.podAnnotations` | Additional annotations for Redis<sup>TM</sup> slave pod | `master.podAnnotations` |
+| `slave.schedulerName` | Name of an alternate scheduler | `nil` |
+| `slave.resources` | Redis<sup>TM</sup> slave CPU/Memory resource requests/limits | `{}` |
+| `slave.affinity` | Enable node/pod affinity for slaves | {} |
+| `slave.tolerations` | Toleration labels for Redis<sup>TM</sup> slave pod assignment | [] |
+| `slave.spreadConstraints` | [Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) for Redis<sup>TM</sup> slave pod | {} |
+| `slave.priorityClassName` | Redis<sup>TM</sup> Slave pod priorityClassName | `nil` |
+| `sentinel.enabled` | Enable sentinel containers | `false` |
+| `sentinel.usePassword` | Use password for sentinel containers | `true` |
+| `sentinel.masterSet` | Name of the sentinel master set | `mymaster` |
+| `sentinel.initialCheckTimeout` | Timeout for querying the redis sentinel service for the active sentinel list | `5` |
+| `sentinel.quorum` | Quorum for electing a new master | `2` |
+| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis<sup>TM</sup> node is down | `60000` |
+| `sentinel.failoverTimeout` | Timeout for performing a election failover | `18000` |
+| `sentinel.parallelSyncs` | Number of parallel syncs in the cluster | `1` |
+| `sentinel.port` | Redis<sup>TM</sup> Sentinel port | `26379` |
+| `sentinel.configmap` | Additional Redis<sup>TM</sup> configuration for the sentinel nodes (this value is evaluated as a template) | `nil` |
+| `sentinel.staticID` | Enable static IDs for sentinel replicas (If disabled IDs will be randomly generated on startup) | `false` |
+| `sentinel.service.type` | Kubernetes Service type (redis sentinel) | `ClusterIP` |
+| `sentinel.service.externalTrafficPolicy` | External traffic policy (when service type is LoadBalancer) | `Cluster` |
+| `sentinel.service.nodePort` | Kubernetes Service nodePort (redis sentinel) | `nil` |
+| `sentinel.service.annotations` | annotations for redis sentinel service | {} |
+| `sentinel.service.labels` | Additional labels for redis sentinel service | {} |
+| `sentinel.service.redisPort` | Kubernetes Service port for Redis<sup>TM</sup> read only operations | `6379` |
+| `sentinel.service.sentinelPort` | Kubernetes Service port for Redis<sup>TM</sup> sentinel | `26379` |
+| `sentinel.service.redisNodePort` | Kubernetes Service node port for Redis<sup>TM</sup> read only operations | `` |
+| `sentinel.service.sentinelNodePort` | Kubernetes Service node port for Redis<sup>TM</sup> sentinel | `` |
+| `sentinel.service.loadBalancerIP` | LoadBalancerIP if Redis<sup>TM</sup> sentinel service type is `LoadBalancer` | `nil` |
+| `sentinel.livenessProbe.enabled` | Turn on and off liveness probe (redis sentinel pod) | `true` |
+| `sentinel.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (redis sentinel pod) | `5` |
+| `sentinel.livenessProbe.periodSeconds` | How often to perform the probe (redis sentinel container) | `5` |
+| `sentinel.livenessProbe.timeoutSeconds` | When the probe times out (redis sentinel container) | `5` |
+| `sentinel.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis sentinel container) | `1` |
+| `sentinel.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
+| `sentinel.readinessProbe.enabled` | Turn on and off sentinel.readiness probe (redis sentinel pod) | `true` |
+| `sentinel.readinessProbe.initialDelaySeconds` | Delay before sentinel.readiness probe is initiated (redis sentinel pod) | `5` |
+| `sentinel.readinessProbe.periodSeconds` | How often to perform the probe (redis sentinel pod) | `5` |
+| `sentinel.readinessProbe.timeoutSeconds` | When the probe times out (redis sentinel container) | `1` |
+| `sentinel.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis sentinel container) | `1` |
+| `sentinel.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis sentinel container) | `5` |
+| `sentinel.resources` | Redis<sup>TM</sup> sentinel CPU/Memory resource requests/limits | `{}` |
+| `sentinel.image.registry` | Redis<sup>TM</sup> Sentinel Image registry | `docker.io` |
+| `sentinel.image.repository` | Redis<sup>TM</sup> Sentinel Image name | `bitnami/redis-sentinel` |
+| `sentinel.image.tag` | Redis<sup>TM</sup> Sentinel Image tag | `{TAG_NAME}` |
+| `sentinel.image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `sentinel.image.pullSecrets` | Specify docker-registry secret names as an array | `nil` |
+| `sentinel.extraEnvVars` | Additional Environment Variables passed to the pod of the sentinel node stateful set set | `[]` |
+| `sentinel.extraEnvVarCMs` | Additional Environment Variables ConfigMappassed to the pod of the sentinel node stateful set set | `[]` |
+| `sentinel.extraEnvVarsSecret` | Additional Environment Variables Secret passed to the sentinel node statefulset | `[]` |
+| `sentinel.preExecCmds` | Text to inset into the startup script immediately prior to `sentinel.command`. Use this if you need to run other ad-hoc commands as part of startup | `nil` |
+| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
+| `sysctlImage.command` | sysctlImage command to execute | [] |
+| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
+| `sysctlImage.repository` | sysctlImage Init container name | `bitnami/minideb` |
+| `sysctlImage.tag` | sysctlImage Init container tag | `buster` |
+| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
+| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
+| `sysctlImage.resources` | sysctlImage Init container CPU/Memory resource requests/limits | {} |
+| `podSecurityPolicy.create` | Specifies whether a PodSecurityPolicy should be created | `false` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm install my-release \
+ --set password=secretpassword \
+ bitnami/redis
+```
+
+The above command sets the Redis<sup>TM</sup> server password to `secretpassword`.
+
+> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm install my-release -f values.yaml bitnami/redis
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+> **Note for minikube users**: Current versions of minikube (v0.24.1 at the time of writing) provision `hostPath` persistent volumes that are only writable by root. Using chart defaults cause pod failure for the Redis<sup>TM</sup> pod as it attempts to write to the `/bitnami` directory. Consider installing Redis<sup>TM</sup> with `--set persistence.enabled=false`. See minikube issue [1990](https://github.com/kubernetes/minikube/issues/1990) for more information.
+
+## Configuration and installation details
+
+### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### Change Redis<sup>TM</sup> version
+
+To modify the Redis<sup>TM</sup> version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/redis/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters.
+
+### Cluster topologies
+
+#### Default: Master-Slave
+
+When installing the chart with `cluster.enabled=true`, it will deploy a Redis<sup>TM</sup> master StatefulSet (only one master node allowed) and a Redis<sup>TM</sup> slave StatefulSet. The slaves will be read-replicas of the master. Two services will be exposed:
+
+ - Redis<sup>TM</sup> Master service: Points to the master, where read-write operations can be performed
+ - Redis<sup>TM</sup> Slave service: Points to the slaves, where only read operations are allowed.
+
+In case the master crashes, the slaves will wait until the master node is respawned again by the Kubernetes Controller Manager.
+
+#### Master-Slave with Sentinel
+
+When installing the chart with `cluster.enabled=true` and `sentinel.enabled=true`, it will deploy a Redis<sup>TM</sup> master StatefulSet (only one master allowed) and a Redis<sup>TM</sup> slave StatefulSet. In this case, the pods will contain an extra container with Redis<sup>TM</sup> Sentinel. This container will form a cluster of Redis<sup>TM</sup> Sentinel nodes, which will promote a new master in case the actual one fails. In addition to this, only one service is exposed:
+
+ - Redis<sup>TM</sup> service: Exposes port 6379 for Redis<sup>TM</sup> read-only operations and port 26379 for accessing Redis<sup>TM</sup> Sentinel.
+
+For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis<sup>TM</sup> Sentinel cluster and query the current master using the command below (using redis-cli or similar:
+
+```
+SENTINEL get-master-addr-by-name <name of your MasterSet. Example: mymaster>
+```
+This command will return the address of the current master, which can be accessed from inside the cluster.
+
+In case the current master crashes, the Sentinel containers will elect a new master node.
+
+### Using password file
+To use a password file for Redis<sup>TM</sup> you need to create a secret containing the password.
+
+> *NOTE*: It is important that the file with the password must be called `redis-password`
+
+And then deploy the Helm Chart using the secret name as parameter:
+
+```console
+usePassword=true
+usePasswordFile=true
+existingSecret=redis-password-file
+sentinels.enabled=true
+metrics.enabled=true
+```
+
+### Securing traffic using TLS
+
+TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart:
+
+- `tls.enabled`: Enable TLS support. Defaults to `false`
+- `tls.certificatesSecret`: Name of the secret that contains the certificates. No defaults.
+- `tls.certFilename`: Certificate filename. No defaults.
+- `tls.certKeyFilename`: Certificate key filename. No defaults.
+- `tls.certCAFilename`: CA Certificate filename. No defaults.
+
+For example:
+
+First, create the secret with the cetificates files:
+
+```console
+kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem
+```
+
+Then, use the following parameters:
+
+```console
+tls.enabled="true"
+tls.certificatesSecret="certificates-tls-secret"
+tls.certFilename="cert.pem"
+tls.certKeyFilename="cert.key"
+tls.certCAFilename="ca.pem"
+```
+
+### Metrics
+
+The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint.
+
+If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example:
+
+You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication:
+
+```console
+tls-client-key-file
+tls-client-cert-file
+tls-ca-cert-file
+```
+
+### Host Kernel Settings
+
+Redis<sup>TM</sup> may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
+To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
+
+```
+sysctlImage:
+ enabled: true
+ mountHostSys: true
+ command:
+ - /bin/sh
+ - -c
+ - |-
+ install_packages procps
+ sysctl -w net.core.somaxconn=10000
+ echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
+```
+
+Alternatively, for Kubernetes 1.12+ you can set `securityContext.sysctls` which will configure sysctls for master and slave pods. Example:
+
+```yaml
+securityContext:
+ sysctls:
+ - name: net.core.somaxconn
+ value: "10000"
+```
+
+Note that this will not disable transparent huge tables.
+
+## Persistence
+
+By default, the chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation.
+
+### Existing PersistentVolumeClaim
+
+1. Create the PersistentVolume
+2. Create the PersistentVolumeClaim
+3. Install the chart
+
+```bash
+$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/redis
+```
+
+## Backup and restore
+
+### Backup
+
+To perform a backup you will need to connect to one of the nodes and execute:
+
+```bash
+$ kubectl exec -it my-redis-master-0 bash
+
+$ redis-cli
+127.0.0.1:6379> auth your_current_redis_password
+OK
+127.0.0.1:6379> save
+OK
+```
+
+Then you will need to get the created dump file form the redis node:
+
+```bash
+$ kubectl cp my-redis-master-0:/data/dump.rdb dump.rdb -c redis
+```
+
+### Restore
+
+To restore in a new cluster, you will need to change a parameter in the redis.conf file and then upload the `dump.rdb` to the volume.
+
+Follow the following steps:
+
+- First you will need to set in the `values.yaml` the parameter `appendonly` to `no`, if it is already `no` you can skip this step.
+
+```yaml
+configmap: |-
+ # Enable AOF https://redis.io/topics/persistence#append-only-file
+ appendonly no
+ # Disable RDB persistence, AOF persistence already enabled.
+ save ""
+```
+
+- Start the new cluster to create the PVCs.
+
+For example, :
+
+```bash
+helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3
+```
+
+- Now that the PVC were created, stop it and copy the `dump.rdp` on the persisted data by using a helping pod.
+
+```
+$ helm delete new-redis
+
+$ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides='
+{
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "redisvolpod"
+ },
+ "spec": {
+ "containers": [{
+ "command": [
+ "tail",
+ "-f",
+ "/dev/null"
+ ],
+ "image": "bitnami/minideb",
+ "name": "mycontainer",
+ "volumeMounts": [{
+ "mountPath": "/mnt",
+ "name": "redisdata"
+ }]
+ }],
+ "restartPolicy": "Never",
+ "volumes": [{
+ "name": "redisdata",
+ "persistentVolumeClaim": {
+ "claimName": "redis-data-new-redis-master-0"
+ }
+ }]
+ }
+}' --image="bitnami/minideb"
+
+$ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb
+$ kubectl delete pod volpod
+```
+
+- Start again the cluster:
+
+```
+helm install new-redis -f values.yaml . --set cluster.enabled=true --set cluster.slaveCount=3
+```
+
+## NetworkPolicy
+
+To enable network policy for Redis<sup>TM</sup>, install
+[a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
+and set `networkPolicy.enabled` to `true`.
+
+For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
+the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
+
+ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
+
+With NetworkPolicy enabled, only pods with the generated client label will be
+able to connect to Redis<sup>TM</sup>. This label will be displayed in the output
+after a successful install.
+
+With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set:
+
+```
+networkPolicy:
+ enabled: true
+ ingressNSMatchLabels:
+ redis: external
+ ingressNSPodMatchLabels:
+ redis-client: true
+```
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 11.0.0
+
+When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version.
+
+### To 10.0.0
+
+For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases:
+
+- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced.
+- Where redis clients need to be updated to support sentinel authentication.
+
+If using a master/slave topology, or with `usePassword: false`, no action is required.
+
+### To 8.0.18
+
+For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details.
+
+### To 7.0.0
+
+This version causes a change in the Redis<sup>TM</sup> Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done:
+
+- Recommended: Create a clone of the Redis<sup>TM</sup> Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC.
+
+ ```
+ helm install my-release bitnami/redis --set persistence.existingClaim=<NEW PVC>
+ ```
+
+- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis<sup>TM</sup> Master StatefulSet. As a consequence, the following commands can be done to upgrade the release
+
+ ```
+ helm delete --purge <RELEASE>
+ helm install <RELEASE> bitnami/redis
+ ```
+
+Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters.
+
+Some values have changed as well:
+
+- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves)
+- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves)
+
+By default, the upgrade will not change the cluster topology. In case you want to use Redis<sup>TM</sup> Sentinel, you must explicitly set `sentinel.enabled` to `true`.
+
+### To 6.0.0
+
+Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`.
+
+### To 5.0.0
+
+The default image in this release may be switched out for any image containing the `redis-server`
+and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command`
+must be specified.
+
+#### Breaking changes
+
+- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`.
+- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values.
+- `master.persistence.path` now defaults to `/data`.
+
+### 4.0.0
+
+This version removes the `chart` label from the `spec.selector.matchLabels`
+which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently
+added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726.
+
+It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set.
+
+Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable.
+
+In order to upgrade, delete the Redis<sup>TM</sup> StatefulSet before upgrading:
+
+```bash
+kubectl delete statefulsets.apps --cascade=false my-release-redis-master
+```
+
+And edit the Redis<sup>TM</sup> slave (and metrics if enabled) deployment:
+
+```bash
+kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
+kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
+```
+
+## Upgrading
+
+### To 12.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+**What changes were introduced in this major version?**
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
+
+**Considerations when upgrading to this version**
+
+- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
+
+**Useful links**
+
+- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
+- https://helm.sh/docs/topics/v2_v3_migration/
+- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+
+### To 11.0.0
+
+When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml`
+
+### To 9.0.0
+
+The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis<sup>TM</sup> exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter).
+
+### To 7.0.0
+
+In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all.
+
+This version also allows enabling Redis<sup>TM</sup> Sentinel containers inside of the Redis<sup>TM</sup> Pods (feature disabled by default). In case the master crashes, a new Redis<sup>TM</sup> node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. Find more information [in this section](#master-slave-with-sentinel).
diff --git a/redis/templates/NOTES.txt b/redis/templates/NOTES.txt
new file mode 100644
index 0000000..a680c72
--- /dev/null
+++ b/redis/templates/NOTES.txt
@@ -0,0 +1,136 @@
+** Please be patient while the chart is being deployed **
+
+{{- if contains .Values.master.service.type "LoadBalancer" }}
+{{- if not .Values.usePassword }}
+{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }}
+
+-------------------------------------------------------------------------------
+ WARNING
+
+ By specifying "master.service.type=LoadBalancer" and "usePassword=false" you have
+ most likely exposed the Redis(TM) service externally without any authentication
+ mechanism.
+
+ For security reasons, we strongly suggest that you switch to "ClusterIP" or
+ "NodePort". As alternative, you can also switch to "usePassword=true"
+ providing a valid password on "password" parameter.
+
+-------------------------------------------------------------------------------
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- if and .Values.global.redis.sentinel.enabled (not .Values.global.redis.cluster.enabled)}}
+
+-------------------------------------------------------------------------------
+ WARNING
+
+ Using redis sentinel without a cluster is not supported. A single pod with
+ standalone redis has been deployed.
+
+ To deploy redis sentinel, please use the values "cluster.enabled=true" and
+ "sentinel.enabled=true".
+
+-------------------------------------------------------------------------------
+{{- end }}
+
+{{- if .Values.global.redis.cluster.enabled }}
+{{- if .Values.global.redis.sentinel.enabled }}
+Redis can be accessed via port {{ .Values.sentinel.service.redisPort }} on the following DNS name from within your cluster:
+
+{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
+
+For read/write operations, first access the Redis(TM) Sentinel cluster, which is available in port {{ .Values.sentinel.service.sentinelPort }} using the same domain name above.
+
+{{- else }}
+Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS names from within your cluster:
+
+{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read/write operations
+{{ template "redis.fullname" . }}-slave.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read-only operations
+{{- end }}
+
+{{- else }}
+Redis(TM) can be accessed via port {{ .Values.redisPort }} on the following DNS name from within your cluster:
+
+{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+
+{{- end }}
+
+{{ if .Values.usePassword }}
+To get your password run:
+
+ export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 --decode)
+{{- end }}
+
+To connect to your Redis(TM) server:
+
+1. Run a Redis(TM) pod that you can use as a client:
+
+{{- if .Values.tls.enabled }}
+ kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image {{ template "redis.image" . }} --command -- sleep infinity
+
+ Copy your TLS certificates to the pod:
+
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert {{ template "redis.fullname" . }}-client:/tmp/client.cert
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key {{ template "redis.fullname" . }}-client:/tmp/client.key
+ kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert {{ template "redis.fullname" . }}-client:/tmp/CA.cert
+
+ Use the following command to attach to the pod:
+
+ kubectl exec --tty -i {{ template "redis.fullname" . }}-client \
+ {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }}
+ --namespace {{ .Release.Namespace }} -- bash
+{{- else }}
+ kubectl run --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }}-client --rm --tty -i --restart='Never' \
+ {{ if .Values.usePassword }} --env REDIS_PASSWORD=$REDIS_PASSWORD \{{ end }}
+ {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "redis.fullname" . }}-client=true" \{{- end }}
+ --image {{ template "redis.image" . }} -- bash
+{{- end }}
+
+2. Connect using the Redis(TM) CLI:
+
+{{- if .Values.global.redis.cluster.enabled }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.redisPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations
+ redis-cli -h {{ template "redis.fullname" . }} -p {{ .Values.sentinel.service.sentinelPort }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access
+ {{- else }}
+ redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+ redis-cli -h {{ template "redis.fullname" . }}-slave{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+ {{- end }}
+{{- else }}
+ redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+{{- end }}
+
+{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+Note: Since NetworkPolicy is enabled, only pods with label
+{{ template "redis.fullname" . }}-client=true"
+will be able to connect to redis.
+{{- else -}}
+
+To connect to your database from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.master.service.type }}
+
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "redis.fullname" . }}-master)
+ redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- else if contains "LoadBalancer" .Values.master.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "redis.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- else if contains "ClusterIP" .Values.master.service.type }}
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "redis.fullname" . }}-master {{ .Values.redisPort }}:{{ .Values.redisPort }} &
+ redis-cli -h 127.0.0.1 -p {{ .Values.redisPort }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
+
+{{- end }}
+{{- end }}
+
+{{ include "redis.checkRollingTags" . }}
+
+{{- include "redis.validateValues" . }}
diff --git a/redis/templates/_helpers.tpl b/redis/templates/_helpers.tpl
new file mode 100644
index 0000000..478a3ba
--- /dev/null
+++ b/redis/templates/_helpers.tpl
@@ -0,0 +1,435 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "redis.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the chart plus release name (used by the chart label)
+*/}}
+{{- define "redis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "redis.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "extensions/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Redis(TM) image name
+*/}}
+{{- define "redis.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Redis(TM) Sentinel image name
+*/}}
+{{- define "sentinel.image" -}}
+{{- $registryName := .Values.sentinel.image.registry -}}
+{{- $repositoryName := .Values.sentinel.image.repository -}}
+{{- $tag := .Values.sentinel.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the metrics image)
+*/}}
+{{- define "redis.metrics.image" -}}
+{{- $registryName := .Values.metrics.image.registry -}}
+{{- $repositoryName := .Values.metrics.image.repository -}}
+{{- $tag := .Values.metrics.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "redis.volumePermissions.image" -}}
+{{- $registryName := .Values.volumePermissions.image.registry -}}
+{{- $repositoryName := .Values.volumePermissions.image.repository -}}
+{{- $tag := .Values.volumePermissions.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert file.
+*/}}
+{{- define "redis.tlsCert" -}}
+{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert key file.
+*/}}
+{{- define "redis.tlsCertKey" -}}
+{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the CA cert file.
+*/}}
+{{- define "redis.tlsCACert" -}}
+{{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}}
+{{- end -}}
+
+{{/*
+Return the path to the DH params file.
+*/}}
+{{- define "redis.tlsDHParams" -}}
+{{- if .Values.tls.dhParamsFilename -}}
+{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "redis.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "redis.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "redis.secretName" -}}
+{{- if .Values.existingSecret -}}
+{{- printf "%s" .Values.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "redis.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password key to be retrieved from Redis(TM) secret.
+*/}}
+{{- define "redis.secretPasswordKey" -}}
+{{- if and .Values.existingSecret .Values.existingSecretPasswordKey -}}
+{{- printf "%s" .Values.existingSecretPasswordKey -}}
+{{- else -}}
+{{- printf "redis-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return Redis(TM) password
+*/}}
+{{- define "redis.password" -}}
+{{- if not (empty .Values.global.redis.password) }}
+ {{- .Values.global.redis.password -}}
+{{- else if not (empty .Values.password) -}}
+ {{- .Values.password -}}
+{{- else -}}
+ {{- randAlphaNum 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return sysctl image
+*/}}
+{{- define "redis.sysctl.image" -}}
+{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
+{{- $repositoryName := .Values.sysctlImage.repository -}}
+{{- $tag := default "buster" .Values.sysctlImage.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+ {{- if .Values.global.imageRegistry }}
+ {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+ {{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+ {{- end -}}
+{{- else -}}
+ {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "redis.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.sysctlImage.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.volumePermissions.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.metrics.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.sysctlImage.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- range .Values.volumePermissions.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/* Check if there are rolling tags in the images */}}
+{{- define "redis.checkRollingTags" -}}
+{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+{{- if and (contains "bitnami/" .Values.sentinel.image.repository) (not (.Values.sentinel.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .Values.sentinel.image.repository }}:{{ .Values.sentinel.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+{{- end -}}
+
+{{/*
+Return the proper Storage Class for master
+*/}}
+{{- define "redis.master.storageClass" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+*/}}
+{{- if .Values.global -}}
+ {{- if .Values.global.storageClass -}}
+ {{- if (eq "-" .Values.global.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+ {{- end -}}
+ {{- else -}}
+ {{- if .Values.master.persistence.storageClass -}}
+ {{- if (eq "-" .Values.master.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- else -}}
+ {{- if .Values.master.persistence.storageClass -}}
+ {{- if (eq "-" .Values.master.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Storage Class for slave
+*/}}
+{{- define "redis.slave.storageClass" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+*/}}
+{{- if .Values.global -}}
+ {{- if .Values.global.storageClass -}}
+ {{- if (eq "-" .Values.global.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+ {{- end -}}
+ {{- else -}}
+ {{- if .Values.slave.persistence.storageClass -}}
+ {{- if (eq "-" .Values.slave.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- else -}}
+ {{- if .Values.slave.persistence.storageClass -}}
+ {{- if (eq "-" .Values.slave.persistence.storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "redis.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "redis.validateValues.spreadConstraints" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Redis(TM) - spreadConstrainsts K8s version */}}
+{{- define "redis.validateValues.spreadConstraints" -}}
+{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.slave.spreadConstraints -}}
+redis: spreadConstraints
+ Pod Topology Spread Constraints are only available on K8s >= 1.16
+ Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+{{- end -}}
+{{- end -}}
+
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "redis.tplValue" (dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "redis.tplValue" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
diff --git a/redis/templates/configmap-scripts.yaml b/redis/templates/configmap-scripts.yaml
new file mode 100644
index 0000000..8ebaa25
--- /dev/null
+++ b/redis/templates/configmap-scripts.yaml
@@ -0,0 +1,394 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}-scripts
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+ start-node.sh: |
+ #!/bin/bash
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ echo "I am master"
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ else
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ fi
+
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ else
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ fi
+
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+
+ start-sentinel.sh: |
+ #!/bin/bash
+ replace_in_file() {
+ local filename="${1:?filename is required}"
+ local match_regex="${2:?match regex is required}"
+ local substitute_regex="${3:?substitute regex is required}"
+ local posix_regex=${4:-true}
+
+ local result
+
+ # We should avoid using 'sed in-place' substitutions
+ # 1) They are not compatible with files mounted from ConfigMap(s)
+ # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+ del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+ if [[ $posix_regex = true ]]; then
+ result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ else
+ result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+ fi
+ echo "$result" > "$filename"
+ }
+ sentinel_conf_set() {
+ local -r key="${1:?missing key}"
+ local value="${2:-}"
+
+ # Sanitize inputs
+ value="${value//\\/\\\\}"
+ value="${value//&/\\&}"
+ value="${value//\?/\\?}"
+ [[ "$value" = "" ]] && value="\"$value\""
+
+ replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
+ }
+ sentinel_conf_add() {
+ echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
+ }
+ is_boolean_yes() {
+ local -r bool="${1:-}"
+ # comparison is performed without regard to the case of alphabetic characters
+ shopt -s nocasematch
+ if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+ true
+ else
+ false
+ fi
+ }
+ host_id() {
+ echo "$1" | openssl sha1 | awk '{print $2}'
+ }
+
+ HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+ REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+
+ if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
+ cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.usePassword }}
+ printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- if .Values.sentinel.usePassword }}
+ printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.staticID }}
+ printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+ {{- end }}
+ fi
+
+ export REDIS_REPLICATION_MODE="slave"
+ if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
+ export REDIS_REPLICATION_MODE="master"
+ fi
+
+ if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+ REDIS_MASTER_HOST="$(hostname -i)"
+ REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
+ else
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+ REDIS_SENTINEL_INFO=($($sentinel_info_command))
+ REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+ REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+ # Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
+ # or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
+ # container to be ready and restart the it. By then the new master will likely have been elected
+ if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ else
+ sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+ fi
+
+ if [[ ! ($($sentinel_info_command)) ]]; then
+ # master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
+ # and are reporting the old one still. Once this happens the container will get stuck and never see the new
+ # master. We stop here to allow the container to not pass the liveness check and be restarted.
+ exit 1
+ fi
+ fi
+ sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
+
+ add_replica() {
+ if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
+ sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
+ fi
+ }
+
+ {{- if .Values.sentinel.staticID }}
+ # remove generated known sentinels and replicas
+ tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
+ echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf
+
+ for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
+ NAME="{{ template "redis.fullname" . }}-node-$node"
+ IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
+ if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
+ sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
+ add_replica "$IP"
+ fi
+ done
+ add_replica "$(hostname -i)"
+ {{- end }}
+
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
+ ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
+ ARGS+=("--tls-replication" "yes")
+ ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sentinel.preExecCmds }}
+ {{ .Values.sentinel.preExecCmds | nindent 4 }}
+ {{- end }}
+ exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
+{{- else }}
+ start-master.sh: |
+ #!/bin/bash
+ echo "y" | /opt/bitnami/redis/bin/redis-check-aof --fix /data/appendonly.aof
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.master.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+ {{- if .Values.master.extraFlags }}
+ {{- range .Values.master.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.master.preExecCmds }}
+ {{ .Values.master.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.master.command }}
+ exec {{ .Values.master.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- if .Values.global.redis.cluster.enabled }}
+ start-slave.sh: |
+ #!/bin/bash
+ {{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
+ useradd redis
+ chown -R redis {{ .Values.slave.persistence.path }}
+ {{- end }}
+ if [[ -n $REDIS_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+ fi
+ if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+ fi
+ if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+ cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+ fi
+ {{- if .Values.tls.enabled }}
+ ARGS=("--port" "0")
+ ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+ ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+ ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+ ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+ ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+ ARGS+=("--tls-replication" "yes")
+ {{- if .Values.tls.dhParamsFilename }}
+ ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+ {{- end }}
+ {{- else }}
+ ARGS=("--port" "${REDIS_PORT}")
+ {{- end }}
+ ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+ {{- if .Values.usePassword }}
+ ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+ ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+ {{- else }}
+ ARGS+=("--protected-mode" "no")
+ {{- end }}
+ ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+ ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+ {{- if .Values.slave.extraFlags }}
+ {{- range .Values.slave.extraFlags }}
+ ARGS+=({{ . | quote }})
+ {{- end }}
+ {{- end }}
+ {{- if .Values.slave.preExecCmds }}
+ {{ .Values.slave.preExecCmds | nindent 4}}
+ {{- end }}
+ {{- if .Values.slave.command }}
+ exec {{ .Values.slave.command }} "${ARGS[@]}"
+ {{- else }}
+ exec redis-server "${ARGS[@]}"
+ {{- end }}
+ {{- end }}
+
+{{- end -}}
diff --git a/redis/templates/configmap.yaml b/redis/templates/configmap.yaml
new file mode 100644
index 0000000..1dd6dd7
--- /dev/null
+++ b/redis/templates/configmap.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ redis.conf: |-
+{{- if .Values.configmap }}
+ # User-supplied configuration:
+{{- tpl .Values.configmap . | nindent 4 }}
+{{- end }}
+ master.conf: |-
+ dir {{ .Values.master.persistence.path }}
+{{- if .Values.master.configmap }}
+ # User-supplied master configuration:
+{{- tpl .Values.master.configmap . | nindent 4 }}
+{{- end }}
+{{- if .Values.master.disableCommands }}
+{{- range .Values.master.disableCommands }}
+ rename-command {{ . }} ""
+{{- end }}
+{{- end }}
+ replica.conf: |-
+ dir {{ .Values.slave.persistence.path }}
+ slave-read-only yes
+{{- if .Values.slave.configmap }}
+ # User-supplied slave configuration:
+{{- tpl .Values.slave.configmap . | nindent 4 }}
+{{- end }}
+{{- if .Values.slave.disableCommands }}
+{{- range .Values.slave.disableCommands }}
+ rename-command {{ . }} ""
+{{- end }}
+{{- end }}
+{{- if .Values.global.redis.sentinel.enabled }}
+ sentinel.conf: |-
+ dir "/tmp"
+ # bind 0.0.0.0 ::
+ port {{ .Values.sentinel.port }}
+ sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "redis.fullname" . }}-node-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.redisPort }} {{ .Values.sentinel.quorum }}
+ sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
+ sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
+ sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
+{{- if .Values.sentinel.configmap }}
+ # User-supplied sentinel configuration:
+{{- tpl .Values.sentinel.configmap . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/redis/templates/headless-svc.yaml b/redis/templates/headless-svc.yaml
new file mode 100644
index 0000000..834d63a
--- /dev/null
+++ b/redis/templates/headless-svc.yaml
@@ -0,0 +1,42 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-headless
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ {{- if .Values.global.redis.sentinel.enabled }}
+ publishNotReadyAddresses: true
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.redisPort }}
+ targetPort: redis
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - name: redis-sentinel
+ port: {{ .Values.sentinel.port }}
+ targetPort: redis-sentinel
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
diff --git a/redis/templates/health-configmap.yaml b/redis/templates/health-configmap.yaml
new file mode 100644
index 0000000..14a9c8b
--- /dev/null
+++ b/redis/templates/health-configmap.yaml
@@ -0,0 +1,176 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "redis.fullname" . }}-health
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ ping_readiness_local.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_TLS_PORT \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_liveness_local.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_TLS_PORT \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+ echo "$response"
+ exit 1
+ fi
+{{- if .Values.global.redis.sentinel.enabled }}
+ ping_sentinel.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_PASSWORD_FILE}`
+ export REDIS_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h localhost \
+{{- if .Values.tls.enabled }}
+ -p $REDIS_SENTINEL_TLS_PORT_NUMBER \
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- else }}
+ -p $REDIS_SENTINEL_PORT \
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ parse_sentinels.awk: |-
+ /ip/ {FOUND_IP=1}
+ /port/ {FOUND_PORT=1}
+ /runid/ {FOUND_RUNID=1}
+ !/ip|port|runid/ {
+ if (FOUND_IP==1) {
+ IP=$1; FOUND_IP=0;
+ }
+ else if (FOUND_PORT==1) {
+ PORT=$1;
+ FOUND_PORT=0;
+ } else if (FOUND_RUNID==1) {
+ printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
+ }
+ }
+{{- end }}
+ ping_readiness_master.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h $REDIS_MASTER_HOST \
+ -p $REDIS_MASTER_PORT_NUMBER \
+{{- if .Values.tls.enabled }}
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_liveness_master.sh: |-
+ #!/bin/bash
+{{- if .Values.usePasswordFile }}
+ password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+ export REDIS_MASTER_PASSWORD=$password_aux
+{{- end }}
+ export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+ response=$(
+ timeout -s 3 $1 \
+ redis-cli \
+ -h $REDIS_MASTER_HOST \
+ -p $REDIS_MASTER_PORT_NUMBER \
+{{- if .Values.tls.enabled }}
+ --tls \
+ --cacert {{ template "redis.tlsCACert" . }} \
+ {{- if .Values.tls.authClients }}
+ --cert {{ template "redis.tlsCert" . }} \
+ --key {{ template "redis.tlsCertKey" . }} \
+ {{- end }}
+{{- end }}
+ ping
+ )
+ if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+ echo "$response"
+ exit 1
+ fi
+ ping_readiness_local_and_master.sh: |-
+ script_dir="$(dirname "$0")"
+ exit_status=0
+ "$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
+ "$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
+ exit $exit_status
+ ping_liveness_local_and_master.sh: |-
+ script_dir="$(dirname "$0")"
+ exit_status=0
+ "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
+ "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
+ exit $exit_status
diff --git a/redis/templates/metrics-prometheus.yaml b/redis/templates/metrics-prometheus.yaml
new file mode 100644
index 0000000..6bfe719
--- /dev/null
+++ b/redis/templates/metrics-prometheus.yaml
@@ -0,0 +1,53 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and (.Values.metrics.enabled) (.Values.metrics.serviceMonitor.enabled) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- range $key, $value := .Values.metrics.serviceMonitor.selector }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: metrics
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ app.kubernetes.io/component: "metrics"
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end -}}
diff --git a/redis/templates/metrics-svc.yaml b/redis/templates/metrics-svc.yaml
new file mode 100644
index 0000000..27d6b06
--- /dev/null
+++ b/redis/templates/metrics-svc.yaml
@@ -0,0 +1,48 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-metrics
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ app.kubernetes.io/component: "metrics"
+ {{- if .Values.metrics.service.labels -}}
+ {{- toYaml .Values.metrics.service.labels | nindent 4 }}
+ {{- end -}}
+ {{- if .Values.metrics.service.annotations }}
+ annotations: {{- toYaml .Values.metrics.service.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type }}
+ {{ if eq .Values.metrics.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }}
+ {{- end }}
+ {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: metrics
+ port: 9121
+ targetPort: metrics
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/networkpolicy.yaml b/redis/templates/networkpolicy.yaml
new file mode 100644
index 0000000..69c192e
--- /dev/null
+++ b/redis/templates/networkpolicy.yaml
@@ -0,0 +1,88 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "networkPolicy.apiVersion" . }}
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.global.redis.cluster.enabled }}
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ # Allow dns resolution
+ - ports:
+ - port: 53
+ protocol: UDP
+ # Allow outbound connections to other cluster pods
+ - ports:
+ - port: {{ .Values.redisPort }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - port: {{ .Values.sentinel.port }}
+ {{- end }}
+ to:
+ - podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- end }}
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: {{ .Values.redisPort }}
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - port: {{ .Values.sentinel.port }}
+ {{- end }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "redis.fullname" . }}-client: "true"
+ - podSelector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.networkPolicy.ingressNSMatchLabels }}
+ - namespaceSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
+ podSelector:
+ matchLabels:
+ {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ # Allow prometheus scrapes for metrics
+ - ports:
+ - port: 9121
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/pdb.yaml b/redis/templates/pdb.yaml
new file mode 100644
index 0000000..2b7fe99
--- /dev/null
+++ b/redis/templates/pdb.yaml
@@ -0,0 +1,36 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+spec:
+ {{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/prometheusrule.yaml b/redis/templates/prometheusrule.yaml
new file mode 100644
index 0000000..ec09907
--- /dev/null
+++ b/redis/templates/prometheusrule.yaml
@@ -0,0 +1,39 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.metrics.prometheusRule.namespace }}
+ namespace: {{ .Values.metrics.prometheusRule.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name | quote }}
+ heritage: {{ .Release.Service | quote }}
+{{- with .Values.metrics.prometheusRule.additionalLabels }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+{{- with .Values.metrics.prometheusRule.rules }}
+ groups:
+ - name: {{ template "redis.name" $ }}
+ rules: {{- tpl (toYaml .) $ | nindent 8 }}
+{{- end }}
+{{- end }}
diff --git a/redis/templates/psp.yaml b/redis/templates/psp.yaml
new file mode 100644
index 0000000..8796578
--- /dev/null
+++ b/redis/templates/psp.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.podSecurityPolicy.create }}
+apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.securityContext.fsGroup }}
+ max: {{ .Values.securityContext.fsGroup }}
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ privileged: false
+ readOnlyRootFilesystem: false
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ volumes:
+ - 'configMap'
+ - 'secret'
+ - 'emptyDir'
+ - 'persistentVolumeClaim'
+{{- end }}
diff --git a/redis/templates/pvc.yaml b/redis/templates/pvc.yaml
new file mode 100755
index 0000000..d1980ee
--- /dev/null
+++ b/redis/templates/pvc.yaml
@@ -0,0 +1,164 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker1 }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker2 }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ claimRef:
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+ namespace: default
+ hostPath:
+ path: "{{ .Values.global.redis.volumePath }}/redis"
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - {{ .Values.global.hostname.worker3 }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-0
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-1
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-node-2
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+{{- else }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-0
+ labels:
+ type: local
+spec:
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ hostPath:
+ path: "{{ .Values.global.volumePath }}/data/redis"
+
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: redis-data-{{ template "redis.fullname" . }}-0
+spec:
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: "2Gi"
+
+
+{{- end }}
+
diff --git a/redis/templates/redis-master-statefulset.yaml b/redis/templates/redis-master-statefulset.yaml
new file mode 100644
index 0000000..c2cd6c9
--- /dev/null
+++ b/redis/templates/redis-master-statefulset.yaml
@@ -0,0 +1,393 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if or (not .Values.global.redis.cluster.enabled) (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.master.statefulset.labels }}
+ {{- toYaml .Values.master.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.master.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.master.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: master
+ serviceName: {{ template "redis.fullname" . }}-headless
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ role: master
+ {{- if .Values.master.podLabels }}
+ {{- toYaml .Values.master.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.master.podAnnotations }}
+ {{- toYaml .Values.master.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.master.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.master.priorityClassName }}
+ priorityClassName: {{ .Values.master.priorityClassName | quote }}
+ {{- end }}
+ {{- with .Values.master.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.tolerations }}
+ tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.master.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
+ {{- end }}
+ {{- if .Values.master.schedulerName }}
+ schedulerName: {{ .Values.master.schedulerName }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-master.sh
+ env:
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ {{- if .Values.master.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.master.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.master.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.master.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.master.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.master.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
+ # One second longer than command timeout should prevent generation of zombie processes.
+ timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.master.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.master.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
+ {{- else if .Values.master.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.master.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.master.persistence.path }}
+ subPath: {{ .Values.master.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc/
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: "{{ template "redis.volumePermissions.image" . }}"
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.master.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 10 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.master.persistence.path }}
+ subPath: {{ .Values.master.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 10 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 10 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if not .Values.master.persistence.enabled }}
+ - name: "redis-data"
+ emptyDir: {}
+ {{- else }}
+ {{- if .Values.persistence.existingClaim }}
+ - name: "redis-data"
+ persistentVolumeClaim:
+ claimName: {{ include "redis.tplValue" (dict "value" .Values.persistence.existingClaim "context" $) }}
+ {{- end }}
+ {{- if .Values.master.persistence.volumes }}
+ {{- toYaml .Values.master.persistence.volumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.master.persistence.volumes) }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: master
+ {{- if .Values.master.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.master.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.master.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.master.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.master.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.master.persistence.size | quote }}
+ {{ include "redis.master.storageClass" . }}
+ selector:
+ {{- if .Values.master.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.master.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.master.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.master.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.master.statefulset.updateStrategy }}
+ {{- if .Values.master.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.master.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-master-svc.yaml b/redis/templates/redis-master-svc.yaml
new file mode 100644
index 0000000..27c5389
--- /dev/null
+++ b/redis/templates/redis-master-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if not .Values.global.redis.sentinel.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.master.service.labels -}}
+ {{- toYaml .Values.master.service.labels | nindent 4 }}
+ {{- end -}}
+{{- if .Values.master.service.annotations }}
+ annotations: {{- toYaml .Values.master.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.master.service.type }}
+ {{ if eq .Values.master.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.master.service.type "LoadBalancer") .Values.master.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- with .Values.master.service.loadBalancerSourceRanges }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.master.service.port }}
+ targetPort: redis
+ {{- if .Values.master.service.nodePort }}
+ nodePort: {{ .Values.master.service.nodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: master
+{{- end }}
diff --git a/redis/templates/redis-node-statefulset.yaml b/redis/templates/redis-node-statefulset.yaml
new file mode 100644
index 0000000..22bb252
--- /dev/null
+++ b/redis/templates/redis-node-statefulset.yaml
@@ -0,0 +1,510 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}-node
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.statefulset.labels }}
+ {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.slave.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+{{- if .Values.slave.updateStrategy }}
+ strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
+{{- end }}
+ replicas: {{ .Values.cluster.slaveCount }}
+ serviceName: {{ template "redis.fullname" . }}-headless
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: node
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ template "redis.chart" . }}
+ role: node
+ {{- if .Values.slave.podLabels }}
+ {{- toYaml .Values.slave.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.slave.podAnnotations }}
+ {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.slave.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.slave.priorityClassName }}
+ priorityClassName: "{{ .Values.slave.priorityClassName }}"
+ {{- end }}
+ {{- if .Values.slave.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.tolerations }}
+ tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.schedulerName }}
+ schedulerName: {{ .Values.slave.schedulerName }}
+ {{- end }}
+ {{- if .Values.master.spreadConstraints }}
+ topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
+ {{- end }}
+ {{- with .Values.slave.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-node.sh
+ env:
+ - name: REDIS_MASTER_PORT_NUMBER
+ value: {{ .Values.redisPort | quote }}
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ - name: REDIS_MASTER_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ - name: REDIS_MASTER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ - name: REDIS_DATA_DIR
+ value: {{ .Values.slave.persistence.path }}
+ {{- if .Values.sentinel.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.sentinel.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.sentinel.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.sentinel.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.sentinel.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.sentinel.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.slave.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
+ exec:
+ command:
+ - sh
+ - -c
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else }}
+ - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- end }}
+ {{- else if .Values.slave.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.slave.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ {{- if .Values.global.redis.sentinel.enabled }}
+ - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else }}
+ - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- end }}
+ {{- else if .Values.slave.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.slave.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
+ - name: sentinel
+ image: {{ template "sentinel.image" . }}
+ imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-sentinel.sh
+ env:
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_SENTINEL_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_SENTINEL_TLS_PORT_NUMBER
+ value: {{ .Values.sentinel.port | quote }}
+ - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_SENTINEL_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_SENTINEL_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_SENTINEL_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.dhParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_SENTINEL_PORT
+ value: {{ .Values.sentinel.port | quote }}
+ {{- end }}
+ ports:
+ - name: redis-sentinel
+ containerPort: {{ .Values.sentinel.port }}
+ {{- if .Values.sentinel.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.sentinel.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.sentinel.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.sentinel.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ - name: config
+ mountPath: /opt/bitnami/redis-sentinel/mounted-etc
+ - name: sentinel-tmp-conf
+ mountPath: /opt/bitnami/redis-sentinel/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: {{ template "redis.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: sentinel-tmp-conf
+ emptyDir: {}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if not .Values.slave.persistence.enabled }}
+ - name: redis-data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: slave
+ {{- if .Values.slave.statefulset.volumeClaimTemplates }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.slave.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.slave.persistence.size | quote }}
+ {{ include "redis.slave.storageClass" . }}
+ selector:
+ {{- if .Values.slave.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.slave.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.slave.statefulset.updateStrategy }}
+ {{- if .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-role.yaml b/redis/templates/redis-role.yaml
new file mode 100644
index 0000000..c5fdc9a
--- /dev/null
+++ b/redis/templates/redis-role.yaml
@@ -0,0 +1,36 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+{{- if .Values.podSecurityPolicy.create }}
+ - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ template "redis.fullname" . }}]
+{{- end -}}
+{{- if .Values.rbac.role.rules }}
+{{- toYaml .Values.rbac.role.rules | nindent 2 }}
+{{- end -}}
+{{- end -}}
diff --git a/redis/templates/redis-rolebinding.yaml b/redis/templates/redis-rolebinding.yaml
new file mode 100644
index 0000000..3d715fe
--- /dev/null
+++ b/redis/templates/redis-rolebinding.yaml
@@ -0,0 +1,33 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "redis.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "redis.serviceAccountName" . }}
+{{- end -}}
diff --git a/redis/templates/redis-serviceaccount.yaml b/redis/templates/redis-serviceaccount.yaml
new file mode 100644
index 0000000..07933cc
--- /dev/null
+++ b/redis/templates/redis-serviceaccount.yaml
@@ -0,0 +1,29 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "redis.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.serviceAccount.annotations }}
+ annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/redis/templates/redis-slave-statefulset.yaml b/redis/templates/redis-slave-statefulset.yaml
new file mode 100644
index 0000000..b04b037
--- /dev/null
+++ b/redis/templates/redis-slave-statefulset.yaml
@@ -0,0 +1,400 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "redis.fullname" . }}-slave
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.statefulset.labels }}
+ {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.slave.statefulset.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
+{{- end }}
+spec:
+{{- if .Values.slave.updateStrategy }}
+ strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
+{{- end }}
+ replicas: {{ .Values.cluster.slaveCount }}
+ serviceName: {{ template "redis.fullname" . }}-headless
+ selector:
+ matchLabels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: slave
+ template:
+ metadata:
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ template "redis.chart" . }}
+ role: slave
+ {{- if .Values.slave.podLabels }}
+ {{- toYaml .Values.slave.podLabels | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+ {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- if .Values.slave.podAnnotations }}
+ {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "redis.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.slave.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "redis.serviceAccountName" . }}
+ {{- if .Values.slave.priorityClassName }}
+ priorityClassName: {{ .Values.slave.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.slave.nodeSelector }}
+ nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.tolerations }}
+ tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.slave.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }}
+ {{- end }}
+ {{- if .Values.slave.schedulerName }}
+ schedulerName: {{ .Values.slave.schedulerName }}
+ {{- end }}
+ {{- if .Values.master.spreadConstraints }}
+ topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
+ {{- end }}
+ {{- with .Values.slave.affinity }}
+ affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redis.name" . }}
+ image: {{ template "redis.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - /opt/bitnami/scripts/start-scripts/start-slave.sh
+ env:
+ - name: REDIS_REPLICATION_MODE
+ value: slave
+ - name: REDIS_MASTER_HOST
+ value: {{ template "redis.fullname" . }}-master-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+ - name: REDIS_MASTER_PORT_NUMBER
+ value: {{ .Values.redisPort | quote }}
+ {{- if .Values.usePassword }}
+ {{- if .Values.usePasswordFile }}
+ - name: REDIS_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ - name: REDIS_MASTER_PASSWORD_FILE
+ value: "/opt/bitnami/redis/secrets/redis-password"
+ {{- else }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ - name: REDIS_MASTER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- else }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: "yes"
+ {{- end }}
+ - name: REDIS_TLS_ENABLED
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_TLS_PORT
+ value: {{ .Values.redisPort | quote }}
+ - name: REDIS_TLS_AUTH_CLIENTS
+ value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+ - name: REDIS_TLS_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_TLS_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_TLS_CA_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- if .Values.tls.dhParamsFilename }}
+ - name: REDIS_TLS_DH_PARAMS_FILE
+ value: {{ template "redis.tlsDHParams" . }}
+ {{- end }}
+ {{- else }}
+ - name: REDIS_PORT
+ value: {{ .Values.redisPort | quote }}
+ {{- end }}
+ {{- if .Values.slave.extraEnvVars }}
+ {{- include "redis.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.slave.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.slave.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.slave.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.slave.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ containerPort: {{ .Values.redisPort }}
+ {{- if .Values.slave.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+ {{- else if .Values.slave.customLivenessProbe }}
+ livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.slave.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
+ exec:
+ command:
+ - sh
+ - -c
+ - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
+ {{- else if .Values.slave.customReadinessProbe }}
+ readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.slave.resources | nindent 12 }}
+ volumeMounts:
+ - name: start-scripts
+ mountPath: /opt/bitnami/scripts/start-scripts
+ - name: health
+ mountPath: /health
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /opt/bitnami/redis/secrets/
+ {{- end }}
+ - name: redis-data
+ mountPath: /data
+ - name: config
+ mountPath: /opt/bitnami/redis/mounted-etc
+ - name: redis-tmp-conf
+ mountPath: /opt/bitnami/redis/etc
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "redis.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ if [[ -f '/secrets/redis-password' ]]; then
+ export REDIS_PASSWORD=$(cat /secrets/redis-password)
+ fi
+ redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+ env:
+ - name: REDIS_ALIAS
+ value: {{ template "redis.fullname" . }}
+ {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "redis.secretName" . }}
+ key: {{ template "redis.secretPasswordKey" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: REDIS_ADDR
+ value: rediss://localhost:{{ .Values.redisPort }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+ value: {{ template "redis.tlsCertKey" . }}
+ - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+ value: {{ template "redis.tlsCert" . }}
+ - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+ value: {{ template "redis.tlsCACert" . }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ mountPath: /secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ mountPath: /opt/bitnami/redis/certs
+ readOnly: true
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9121
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
+ {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+ initContainers:
+ {{- if $needsVolumePermissions }}
+ - name: volume-permissions
+ image: {{ template "redis.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
+ {{- else }}
+ chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ volumeMounts:
+ - name: redis-data
+ mountPath: {{ .Values.slave.persistence.path }}
+ subPath: {{ .Values.slave.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.sysctlImage.enabled }}
+ - name: init-sysctl
+ image: {{ template "redis.sysctl.image" . }}
+ imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+ resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ volumeMounts:
+ - name: host-sys
+ mountPath: /host-sys
+ {{- end }}
+ command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: start-scripts
+ configMap:
+ name: {{ include "redis.fullname" . }}-scripts
+ defaultMode: 0755
+ - name: health
+ configMap:
+ name: {{ template "redis.fullname" . }}-health
+ defaultMode: 0755
+ {{- if .Values.usePasswordFile }}
+ - name: redis-password
+ secret:
+ secretName: {{ template "redis.secretName" . }}
+ items:
+ - key: {{ template "redis.secretPasswordKey" . }}
+ path: redis-password
+ {{- end }}
+ - name: config
+ configMap:
+ name: {{ template "redis.fullname" . }}
+ {{- if .Values.sysctlImage.mountHostSys }}
+ - name: host-sys
+ hostPath:
+ path: /sys
+ {{- end }}
+ - name: redis-tmp-conf
+ emptyDir: {}
+ {{- if .Values.tls.enabled }}
+ - name: redis-certificates
+ secret:
+ secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if not .Values.slave.persistence.enabled }}
+ - name: redis-data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: redis-data
+ labels:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: slave
+ {{- if .Values.slave.statefulset.volumeClaimTemplates }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
+ {{- end }}
+ {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
+ annotations:
+ {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.slave.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.slave.persistence.size | quote }}
+ {{ include "redis.slave.storageClass" . }}
+ selector:
+ {{- if .Values.slave.persistence.matchLabels }}
+ matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
+ {{- end -}}
+ {{- if .Values.slave.persistence.matchExpressions }}
+ matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
+ {{- end -}}
+ {{- end }}
+ updateStrategy:
+ type: {{ .Values.slave.statefulset.updateStrategy }}
+ {{- if .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
+ rollingUpdate: null
+ {{- else }}
+ rollingUpdate:
+ partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/redis/templates/redis-slave-svc.yaml b/redis/templates/redis-slave-svc.yaml
new file mode 100644
index 0000000..c56aa1d
--- /dev/null
+++ b/redis/templates/redis-slave-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}-slave
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.slave.service.labels -}}
+ {{- toYaml .Values.slave.service.labels | nindent 4 }}
+ {{- end -}}
+{{- if .Values.slave.service.annotations }}
+ annotations: {{- toYaml .Values.slave.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.slave.service.type }}
+ {{ if eq .Values.slave.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.slave.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.slave.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.slave.service.type "LoadBalancer") .Values.slave.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- with .Values.slave.service.loadBalancerSourceRanges }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: redis
+ port: {{ .Values.slave.service.port }}
+ targetPort: redis
+ {{- if .Values.slave.service.nodePort }}
+ nodePort: {{ .Values.slave.service.nodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+ role: slave
+{{- end }}
diff --git a/redis/templates/redis-with-sentinel-svc.yaml b/redis/templates/redis-with-sentinel-svc.yaml
new file mode 100644
index 0000000..004f2d7
--- /dev/null
+++ b/redis/templates/redis-with-sentinel-svc.yaml
@@ -0,0 +1,57 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.global.redis.sentinel.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.sentinel.service.labels }}
+ {{- toYaml .Values.sentinel.service.labels | nindent 4 }}
+ {{- end }}
+{{- if .Values.sentinel.service.annotations }}
+ annotations: {{- toYaml .Values.sentinel.service.annotations | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.sentinel.service.type }}
+ {{ if eq .Values.sentinel.service.type "LoadBalancer" }}
+ externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy }}
+ {{- end }}
+ {{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
+ {{ end -}}
+ {{- end -}}
+ ports:
+ - name: redis
+ port: {{ .Values.sentinel.service.redisPort }}
+ targetPort: redis
+ {{- if .Values.sentinel.service.redisNodePort }}
+ nodePort: {{ .Values.sentinel.service.redisNodePort }}
+ {{- end }}
+ - name: redis-sentinel
+ port: {{ .Values.sentinel.service.sentinelPort }}
+ targetPort: redis-sentinel
+ {{- if .Values.sentinel.service.sentinelNodePort }}
+ nodePort: {{ .Values.sentinel.service.sentinelNodePort }}
+ {{- end }}
+ selector:
+ app: {{ template "redis.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/redis/templates/secret.yaml b/redis/templates/secret.yaml
new file mode 100644
index 0000000..599831f
--- /dev/null
+++ b/redis/templates/secret.yaml
@@ -0,0 +1,29 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.usePassword (not .Values.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "redis.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ app: {{ template "redis.name" . }}
+ chart: {{ template "redis.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+ redis-password: {{ include "redis.password" . | b64enc | quote }}
+{{- end -}}
diff --git a/redis/values.yaml b/redis/values.yaml
new file mode 100644
index 0000000..7f31053
--- /dev/null
+++ b/redis/values.yaml
@@ -0,0 +1,960 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+#global:
+ # imageRegistry: myRegistryName
+ # imagePullSecrets:
+ # - myRegistryKeySecretName
+ # storageClass: myStorageClass
+ # redis: {}
+
+## Bitnami Redis(TM) image version
+## ref: https://hub.docker.com/r/bitnami/redis/tags/
+
+##
+global:
+ image_registry: ''
+ image_org: "voltha/"
+ image_tag: ~
+ image_pullPolicy: "Always"
+ redisPort: 6379
+ redis:
+ volumePath: "/kafka_zookeeper"
+ cluster:
+ enabled: false
+ sentinel:
+ enabled: false
+
+image:
+ registry: "docker-registry.com:5000"
+ repository: bitnami/redis
+ ## Bitnami Redis(TM) image tag
+ ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links
+ ##
+ tag: 6.0.10-debian-10-r19
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+## String to partially override redis.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override redis.fullname template
+##
+fullnameOverride: redis-master
+
+## Cluster settings
+##
+cluster:
+ enabled: true
+ slaveCount: 3
+
+## Use redis sentinel in the redis pod. This will disable the master and slave services and
+## create one redis service with ports to the sentinel and the redis instances
+##
+sentinel:
+ enabled: true
+ ## Require password authentication on the sentinel itself
+ ## ref: https://redis.io/topics/sentinel
+ usePassword: false
+ ## Bitnami Redis Sentintel image version
+ ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/
+ ##
+ image:
+ registry: "docker-registry.com:5000"
+ repository: bitnami/redis-sentinel
+ ## Bitnami Redis(TM) image tag
+ ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links
+ ##
+ tag: 6.0.10-debian-10-r18
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ masterSet: mymaster
+ initialCheckTimeout: 5
+ quorum: 2
+ downAfterMilliseconds: 60000
+ failoverTimeout: 18000
+ parallelSyncs: 1
+ port: 26379
+ ## Additional Redis(TM) configuration for the sentinel nodes
+ ## ref: https://redis.io/topics/config
+ ##
+ configmap:
+ ## Enable or disable static sentinel IDs for each replicas
+ ## If disabled each sentinel will generate a random id at startup
+ ## If enabled, each replicas will have a constant ID on each start-up
+ ##
+ staticID: false
+ ## Configure extra options for Redis(TM) Sentinel liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 5
+ customLivenessProbe: {}
+ customReadinessProbe: {}
+ ## Redis(TM) Sentinel resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # resources:
+ # requests:
+ # memory: 256Mi
+ # cpu: 100m
+ ## Redis(TM) Sentinel Service properties
+ ##
+ service:
+ ## Redis(TM) Sentinel Service type
+ ##
+ type: ClusterIP
+ sentinelPort: 26379
+ redisPort: 6379
+
+ ## External traffic policy (when service type is LoadBalancer)
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # sentinelNodePort:
+ # redisNodePort:
+
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ labels: {}
+ loadBalancerIP:
+
+ ## Additional commands to run prior to starting Redis(TM) node with sentinel
+ ##
+ preExecCmds: ""
+
+ ## An array to add extra env var to the sentinel node configurations
+ ## For example:
+ ## extraEnvVars:
+ ## - name: name
+ ## value: value
+ ## - name: other_name
+ ## valueFrom:
+ ## fieldRef:
+ ## fieldPath: fieldPath
+ ##
+ extraEnvVars: []
+
+ ## ConfigMap with extra env vars:
+ ##
+ extraEnvVarsCM: []
+
+ ## Secret with extra env vars:
+ ##
+ extraEnvVarsSecret: []
+
+## Specifies the Kubernetes Cluster's Domain Name.
+##
+clusterDomain: cluster.local
+
+networkPolicy:
+ ## Specifies whether a NetworkPolicy should be created
+ ##
+ enabled: false
+
+ ## The Policy model to apply. When set to false, only pods with the correct
+ ## client label will have network access to the port Redis(TM) is listening
+ ## on. When true, Redis(TM) will accept connections from any source
+ ## (with the correct destination port).
+ ##
+ # allowExternal: true
+
+ ## Allow connections from other namespaces. Just set label for namespace and set label for pods (optional).
+ ##
+ ingressNSMatchLabels: {}
+ ingressNSPodMatchLabels: {}
+
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ name:
+ ## Add annotations to service account
+ # annotations:
+ # iam.gke.io/gcp-service-account: "sa@project.iam.gserviceaccount.com"
+
+rbac:
+ ## Specifies whether RBAC resources should be created
+ ##
+ create: false
+
+ role:
+ ## Rules to create. It follows the role specification
+ # rules:
+ # - apiGroups:
+ # - extensions
+ # resources:
+ # - podsecuritypolicies
+ # verbs:
+ # - use
+ # resourceNames:
+ # - gce.unprivileged
+ rules: []
+
+## Redis(TM) pod Security Context
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ ## sysctl settings for master and slave pods
+ ##
+ ## Uncomment the setting below to increase the net.core.somaxconn value
+ ##
+ # sysctls:
+ # - name: net.core.somaxconn
+ # value: "10000"
+
+## Container Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+containerSecurityContext:
+ enabled: true
+ runAsUser: 0
+
+## Use password authentication
+usePassword: false
+## Redis password (both master and slave)
+## Defaults to a random 10-character alphanumeric string if not set and usePassword is true
+## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run
+##
+password:
+## Use existing secret (ignores previous password)
+# existingSecret:
+## Password key to be retrieved from Redis(TM) secret
+##
+# existingSecretPasswordKey:
+
+## Mount secrets as files instead of environment variables
+##
+usePasswordFile: false
+
+## Persist data to a persistent volume (Redis(TM) Master)
+##
+persistence:
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ ##
+ existingClaim:
+
+# Redis(TM) port
+redisPort: 6379
+
+##
+## TLS configuration
+##
+tls:
+ # Enable TLS traffic
+ enabled: false
+ #
+ # Whether to require clients to authenticate or not.
+ authClients: true
+ #
+ # Name of the Secret that contains the certificates
+ certificatesSecret:
+ #
+ # Certificate filename
+ certFilename:
+ #
+ # Certificate Key filename
+ certKeyFilename:
+ #
+ # CA Certificate filename
+ certCAFilename:
+ #
+ # File containing DH params (in order to support DH based ciphers)
+ # dhParamsFilename:
+
+##
+## Redis(TM) Master parameters
+##
+master:
+ ## Redis(TM) command arguments
+ ##
+ ## Can be used to specify command line arguments, for example:
+ ## Note `exec` is prepended to command
+ ##
+ #command: "/run.sh"
+ ## Additional commands to run prior to starting Redis
+ ##
+ command: "redis-server"
+ ## Additional Redis configuration for the master nodes
+ ## ref: https://redis.io/topics/config
+ preExecCmds: ""
+ ## Additional Redis(TM) configuration for the master nodes
+ ## ref: https://redis.io/topics/config
+ ##
+ configmap:
+ ## Deployment pod host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## Redis(TM) additional command line flags
+ ##
+ ## Can be used to specify command line flags, for example:
+ ## extraFlags:
+ ## - "--maxmemory-policy volatile-ttl"
+ ## - "--repl-backlog-size 1024mb"
+ ##
+ extraFlags: []
+ ## Comma-separated list of Redis(TM) commands to disable
+ ##
+ ## Can be used to disable Redis(TM) commands for security reasons.
+ ## Commands will be completely disabled by renaming each to an empty string.
+ ## ref: https://redis.io/topics/security#disabling-of-specific-commands
+ ##
+ disableCommands:
+ # - FLUSHDB
+ # - FLUSHALL
+
+ ## Redis(TM) Master additional pod labels and annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ podAnnotations: {}
+
+ ## Redis(TM) Master resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # resources:
+ # requests:
+ # memory: 256Mi
+ # cpu: 100m
+ ## Use an alternate scheduler, e.g. "stork".
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ # schedulerName:
+
+ # Enable shared process namespace in a pod.
+ # If set to false (default), each container will run in separate namespace, redis will have PID=1.
+ # If set to true, the /pause will run as init process and will reap any zombie PIDs,
+ # for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
+ # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
+ # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
+ shareProcessNamespace: false
+ ## Configure extra options for Redis(TM) Master liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 5
+
+ ## Configure custom probes for images other images like
+ ## rhscl/redis-32-rhel7 rhscl/redis-5-rhel7
+ ## Only used if readinessProbe.enabled: false / livenessProbe.enabled: false
+ ##
+ # customLivenessProbe:
+ # tcpSocket:
+ # port: 6379
+ # initialDelaySeconds: 10
+ # periodSeconds: 5
+ # customReadinessProbe:
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 5
+ # exec:
+ # command:
+ # - "container-entrypoint"
+ # - "bash"
+ # - "-c"
+ # - "redis-cli set liveness-probe \"`date`\" | grep OK"
+ customLivenessProbe: {}
+ customReadinessProbe: {}
+
+ ## Redis(TM) Master Node selectors and tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
+ ##
+ # nodeSelector: {"beta.kubernetes.io/arch": "amd64"}
+ # tolerations: []
+ ## Redis(TM) Master pod/node affinity/anti-affinity
+ ##
+ affinity: {}
+
+ ## Redis(TM) Master Service properties
+ ##
+ service:
+ ## Redis(TM) Master Service type
+ ##
+ type: ClusterIP
+ port: 6379
+
+ ## External traffic policy (when service type is LoadBalancer)
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ labels: {}
+ loadBalancerIP:
+ # loadBalancerSourceRanges: ["10.0.0.0/8"]
+
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ persistence:
+ enabled: true
+ ## The path the volume will be mounted at, useful when using different
+ ## Redis(TM) images.
+ ##
+ path: /data
+ ## The subdirectory of the volume to mount to, useful in dev environments
+ ## and one PV for multiple services.
+ ##
+ subPath: ""
+ ## redis data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessModes:
+ - ReadWriteOnce
+ size: 8Gi
+ ## Persistent Volume selectors
+ ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
+ ##
+ matchLabels: {}
+ matchExpressions: {}
+ volumes:
+ # - name: volume_name
+ # emptyDir: {}
+
+ ## Update strategy, can be set to RollingUpdate or onDelete by default.
+ ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
+ ##
+ statefulset:
+ labels: {}
+ annotations: {}
+ updateStrategy: RollingUpdate
+ ## Partition update strategy
+ ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
+ # rollingUpdatePartition:
+ volumeClaimTemplates:
+ labels: {}
+ annotations: {}
+
+ ## Redis(TM) Master pod priorityClassName
+ ##
+ priorityClassName: {}
+
+ ## An array to add extra env vars
+ ## For example:
+ ## extraEnvVars:
+ ## - name: name
+ ## value: value
+ ## - name: other_name
+ ## valueFrom:
+ ## fieldRef:
+ ## fieldPath: fieldPath
+ ##
+ extraEnvVars: []
+
+ ## ConfigMap with extra env vars:
+ ##
+ extraEnvVarsCM: []
+
+ ## Secret with extra env vars:
+ ##
+ extraEnvVarsSecret: []
+
+##
+## Redis(TM) Slave properties
+## Note: service.type is a mandatory parameter
+## The rest of the parameters are either optional or, if undefined, will inherit those declared in Redis(TM) Master
+##
+slave:
+ ## Slave Service properties
+ ##
+ service:
+ ## Redis(TM) Slave Service type
+ ##
+ type: ClusterIP
+ ## Redis(TM) port
+ ##
+ port: 6379
+
+ ## External traffic policy (when service type is LoadBalancer)
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ labels: {}
+ loadBalancerIP:
+ # loadBalancerSourceRanges: ["10.0.0.0/8"]
+
+ ## Redis(TM) slave port
+ ##
+ port: 6379
+ ## Deployment pod host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## Can be used to specify command line arguments, for example:
+ ## Note `exec` is prepended to command
+ ##
+ #command: "/run.sh"
+ ## Additional commands to run prior to starting Redis
+ ##
+ command: "redis-server"
+ ## Additional Redis configuration for the slave nodes
+ preExecCmds: ""
+ ## Additional Redis(TM) configuration for the slave nodes
+ ## ref: https://redis.io/topics/config
+ ##
+ configmap:
+ ## Redis(TM) extra flags
+ ##
+ extraFlags: []
+ ## List of Redis(TM) commands to disable
+ ##
+ disableCommands:
+ - FLUSHDB
+ - FLUSHALL
+
+ ## Redis(TM) Slave pod/node affinity/anti-affinity
+ ##
+ affinity: {}
+
+ ## Kubernetes Spread Constraints for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ # - maxSkew: 1
+ # topologyKey: node
+ # whenUnsatisfiable: DoNotSchedule
+ spreadConstraints: {}
+
+ # Enable shared process namespace in a pod.
+ # If set to false (default), each container will run in separate namespace, redis will have PID=1.
+ # If set to true, the /pause will run as init process and will reap any zombie PIDs,
+ # for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
+ # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
+ # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
+ shareProcessNamespace: false
+ ## Configure extra options for Redis(TM) Slave liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+
+ ## Configure custom probes for images other images like
+ ## rhscl/redis-32-rhel7 rhscl/redis-5-rhel7
+ ## Only used if readinessProbe.enabled: false / livenessProbe.enabled: false
+ ##
+ # customLivenessProbe:
+ # tcpSocket:
+ # port: 6379
+ # initialDelaySeconds: 10
+ # periodSeconds: 5
+ # customReadinessProbe:
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 5
+ # exec:
+ # command:
+ # - "container-entrypoint"
+ # - "bash"
+ # - "-c"
+ # - "redis-cli set liveness-probe \"`date`\" | grep OK"
+ customLivenessProbe: {}
+ customReadinessProbe: {}
+
+ ## Redis(TM) slave Resource
+ # resources:
+ # requests:
+ # memory: 256Mi
+ # cpu: 100m
+
+ ## Redis(TM) slave selectors and tolerations for pod assignment
+ # nodeSelector: {"beta.kubernetes.io/arch": "amd64"}
+ # tolerations: []
+
+ ## Use an alternate scheduler, e.g. "stork".
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ # schedulerName:
+
+ ## Redis(TM) slave pod Annotation and Labels
+ ##
+ podLabels: {}
+ podAnnotations: {}
+
+ ## Redis slave pod priorityClassName
+ # priorityClassName: {}
+
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ persistence:
+ enabled: true
+ ## The path the volume will be mounted at, useful when using different
+ ## Redis(TM) images.
+ ##
+ path: /data
+ ## The subdirectory of the volume to mount to, useful in dev environments
+ ## and one PV for multiple services.
+ ##
+ subPath: ""
+ ## redis data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessModes:
+ - ReadWriteOnce
+ size: 8Gi
+ ## Persistent Volume selectors
+ ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
+ ##
+ matchLabels: {}
+ matchExpressions: {}
+
+ ## Update strategy, can be set to RollingUpdate or onDelete by default.
+ ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets
+ ##
+ statefulset:
+ labels: {}
+ annotations: {}
+ updateStrategy: RollingUpdate
+ ## Partition update strategy
+ ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
+ # rollingUpdatePartition:
+ volumeClaimTemplates:
+ labels: {}
+ annotations: {}
+
+ ## An array to add extra env vars
+ ## For example:
+ ## extraEnvVars:
+ ## - name: name
+ ## value: value
+ ## - name: other_name
+ ## valueFrom:
+ ## fieldRef:
+ ## fieldPath: fieldPath
+ ##
+ extraEnvVars: []
+
+ ## ConfigMap with extra env vars:
+ ##
+ extraEnvVarsCM: []
+
+ ## Secret with extra env vars:
+ ##
+ extraEnvVarsSecret: []
+
+## Prometheus Exporter / Metrics
+##
+metrics:
+ enabled: false
+
+ image:
+ registry: docker.io
+ repository: bitnami/redis-exporter
+ tag: 1.16.0-debian-10-r7
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+ ## Metrics exporter resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ # resources: {}
+
+ ## Extra arguments for Metrics exporter, for example:
+ ## extraArgs:
+ ## check-keys: myKey,myOtherKey
+ # extraArgs: {}
+
+ ## Metrics exporter pod Annotation and Labels
+ ##
+ podAnnotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9121"
+ # podLabels: {}
+
+ # Enable this if you're using https://github.com/coreos/prometheus-operator
+ serviceMonitor:
+ enabled: false
+ ## Specify a namespace if needed
+ # namespace: monitoring
+ # fallback to the prometheus default unless specified
+ # interval: 10s
+ ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#tldr)
+ ## [Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-operator-1)
+ ## [Kube Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#exporters)
+ ##
+ selector:
+ prometheus: kube-prometheus
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+ ## Custom PrometheusRule to be defined
+ ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+ ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+ ##
+ prometheusRule:
+ enabled: false
+ additionalLabels: {}
+ namespace: ""
+ ## Redis(TM) prometheus rules
+ ## These are just examples rules, please adapt them to your needs.
+ ## Make sure to constraint the rules to the current redis service.
+ # rules:
+ # - alert: RedisDown
+ # expr: redis_up{service="{{ template "redis.fullname" . }}-metrics"} == 0
+ # for: 2m
+ # labels:
+ # severity: error
+ # annotations:
+ # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} down
+ # description: Redis(TM) instance {{ "{{ $labels.instance }}" }} is down
+ # - alert: RedisMemoryHigh
+ # expr: >
+ # redis_memory_used_bytes{service="{{ template "redis.fullname" . }}-metrics"} * 100
+ # /
+ # redis_memory_max_bytes{service="{{ template "redis.fullname" . }}-metrics"}
+ # > 90
+ # for: 2m
+ # labels:
+ # severity: error
+ # annotations:
+ # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} is using too much memory
+ # description: |
+ # Redis(TM) instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
+ # - alert: RedisKeyEviction
+ # expr: |
+ # increase(redis_evicted_keys_total{service="{{ template "redis.fullname" . }}-metrics"}[5m]) > 0
+ # for: 1s
+ # labels:
+ # severity: error
+ # annotations:
+ # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} has evicted keys
+ # description: |
+ # Redis(TM) instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
+ rules: []
+
+ ## Metrics exporter pod priorityClassName
+ # priorityClassName: {}
+ service:
+ type: ClusterIP
+
+ ## External traffic policy (when service type is LoadBalancer)
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+ ## Use serviceLoadBalancerIP to request a specific static IP,
+ ## otherwise leave blank
+ # loadBalancerIP:
+ annotations: {}
+ labels: {}
+
+##
+## Init containers parameters:
+## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
+##
+volumePermissions:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: bitnami/minideb
+ tag: buster
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ resources: {}
+ # resources:
+ # requests:
+ # memory: 128Mi
+ # cpu: 100m
+
+ ## Init container Security Context
+ ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
+ ## and not the below volumePermissions.securityContext.runAsUser
+ ## When runAsUser is set to special value "auto", init container will try to chwon the
+ ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
+ ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
+ ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
+ ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false
+ ##
+ securityContext:
+ runAsUser: 0
+
+## Redis(TM) config file
+## ref: https://redis.io/topics/config
+##
+configmap: |-
+ # Enable AOF https://redis.io/topics/persistence#append-only-file
+ appendonly yes
+ appendfsync everysec
+ #no-appendfsync-on-rewrite no
+ #save 900 1
+ #save 300 10
+ #save 60 10000
+ # Disable RDB persistence, AOF persistence already enabled.
+ save ""
+
+## Sysctl InitContainer
+## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
+##
+sysctlImage:
+ enabled: false
+ command: []
+ registry: docker.io
+ repository: bitnami/minideb
+ tag: buster
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ mountHostSys: false
+ resources: {}
+ # resources:
+ # requests:
+ # memory: 128Mi
+ # cpu: 100m
+
+## PodSecurityPolicy configuration
+## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+##
+podSecurityPolicy:
+ ## Specifies whether a PodSecurityPolicy should be created
+ ##
+ create: false
+
+## Define a disruption budget
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+##
+podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ # maxUnavailable: 1
diff --git a/voltha-go-controller/Chart.yaml b/voltha-go-controller/Chart.yaml
new file mode 100644
index 0000000..cf2778f
--- /dev/null
+++ b/voltha-go-controller/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: voltha-go-controller
+version: 0.1.0
diff --git a/voltha-go-controller/templates/deployment.yaml b/voltha-go-controller/templates/deployment.yaml
new file mode 100644
index 0000000..7d1516e
--- /dev/null
+++ b/voltha-go-controller/templates/deployment.yaml
@@ -0,0 +1,66 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ .Chart.Name }}"
+ labels:
+ release: {{ .Release.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: "{{ .Chart.Name }}"
+ template:
+ metadata:
+ labels:
+ app: "{{ .Chart.Name }}"
+ spec:
+ containers:
+ - env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: VOLTHA_HOST
+ value: "$(NAMESPACE)-voltha-api.$(NAMESPACE).svc.cluster.local"
+ - name: VOLTHA_PORT
+ value: "55555"
+ - name: KV_STORE_TYPE
+ value: "redis"
+ - name: KV_STORE_HOST
+ value: "redis-master.{{ .Values.global.voltha_infra_namespace }}.svc.cluster.local"
+ - name: KV_STORE_PORT
+ value: "6379"
+ - name: KAFKA_ADAPTER_HOST
+ value: "internal-kafka-headless.{{ .Values.global.voltha_infra_namespace }}.svc.cluster.local"
+ - name: KAFKA_ADAPTER_PORT
+ value: "9092"
+ - name: LOG_LEVEL
+ value: .Values.global.log_level
+ image: '{{ tpl .Values.images.voltha_go_controller.registry . }}{{ tpl .Values.images.voltha_go_controller.repository . }}:{{ tpl ( tpl .Values.images.voltha_go_controller.tag . ) . }}'
+ imagePullPolicy: {{ tpl .Values.images.voltha_go_controller.pullPolicy . }}
+ name: voltha-go-controller
+ ports:
+ - containerPort: {{ .Values.voltha_go_controller.sshPort }}
+ name: ssh-port
+ - containerPort: {{ .Values.voltha_go_controller.uiPort }}
+ name: ui-port
+ protocol: "{{ .Values.voltha_go_controller.uiProtocol }}"
+ restartPolicy: "Always"
diff --git a/voltha-go-controller/templates/service.yaml b/voltha-go-controller/templates/service.yaml
new file mode 100644
index 0000000..4833f2a
--- /dev/null
+++ b/voltha-go-controller/templates/service.yaml
@@ -0,0 +1,31 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ name: "{{ .Chart.Name }}"
+ release: {{ .Release.Name }}
+ name: "{{ .Chart.Name }}"
+spec:
+ ports:
+ - name: of
+ port: {{ .Values.voltha_go_controller.ofPort }}
+ targetPort: {{ .Values.voltha_go_controller.ofPort }}
+ - name: ui
+ port: {{ .Values.voltha_go_controller.uiPort }}
+ targetPort: {{ .Values.voltha_go_controller.uiPort }}
+ selector:
+ app: "{{ .Chart.Name }}"
diff --git a/voltha-go-controller/values.yaml b/voltha-go-controller/values.yaml
new file mode 100644
index 0000000..346724e
--- /dev/null
+++ b/voltha-go-controller/values.yaml
@@ -0,0 +1,105 @@
+# Copyright 2022-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for voltha-go-controller.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+global:
+ stack_name: voltha
+ log_level: "WARN"
+ voltha_infra_name: "voltha-infra"
+ voltha_infra_namespace: "infra"
+ image_registry: ""
+ image_tag: ~
+ image_org: "voltha/"
+ image_pullPolicy: "IfNotPresent"
+
+image:
+ repository: nginx
+ tag: stable
+ pullPolicy: IfNotPresent
+
+voltha_go_controller:
+ sshPort: 8101
+ uiPort: 8181
+ ofPort: 6653
+ uiProtocol: TCP
+
+images:
+ voltha_go_controller:
+ registry: '{{ .Values.global.image_registry }}'
+ repository: '{{ .Values.global.image_org }}voltha-go-controller'
+ tag: '{{- if hasKey .Values.global "image_tag" }}{{- if .Values.global.image_tag }}{{ .Values.global.image_tag }}{{- else }}{{ .Chart.AppVersion }}{{- end }}{{- else }}{{ .Chart.AppVersion }}{{- end }}'
+ pullPolicy: '{{ .Values.global.image_pullPolicy | default "Always" }}'
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: 80
+
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths: []
+
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/voltha-infra/Chart.yaml b/voltha-infra/Chart.yaml
index 98dca75..ab14cf4 100644
--- a/voltha-infra/Chart.yaml
+++ b/voltha-infra/Chart.yaml
@@ -29,13 +29,17 @@
name: voltha-infra
appVersion: "2.10"
-version: 2.10.5
+version: 2.10.6
dependencies:
- name: onos-classic
repository: https://charts.onosproject.org
version: 0.1.29
condition: onos-classic.enabled
+ - name: redis
+ repository: file://../redis
+ version: 11.1.0
+ condition: redis.enabled
- name: bbsim-sadis-server
repository: file://../bbsim-sadis-server
version: 0.3.1
diff --git a/voltha-stack/Chart.yaml b/voltha-stack/Chart.yaml
index b5f0c45..5c564ee 100644
--- a/voltha-stack/Chart.yaml
+++ b/voltha-stack/Chart.yaml
@@ -28,7 +28,7 @@
name: voltha-stack
appVersion: "2.10"
-version: 2.10.7
+version: 2.10.8
dependencies:
- name: voltha
@@ -43,3 +43,7 @@
repository: file://../voltha-adapter-openolt
version: 2.11.3
condition: voltha-adapter-openolt.enabled
+ - name: voltha-go-controller
+ repository: file://../voltha-go-controller
+ version: 0.1.0
+ condition: voltha-go-controller.enabled