Tinoj Joseph | dd1fd9d | 2022-08-01 23:59:26 +0530 | [diff] [blame^] | 1 | # Copyright 2022-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | {{- if or (not .Values.global.redis.cluster.enabled) (not .Values.global.redis.sentinel.enabled) }} |
| 16 | apiVersion: apps/v1 |
| 17 | kind: StatefulSet |
| 18 | metadata: |
| 19 | name: {{ template "redis.fullname" . }} |
| 20 | namespace: {{ .Release.Namespace | quote }} |
| 21 | labels: |
| 22 | app: {{ template "redis.name" . }} |
| 23 | chart: {{ template "redis.chart" . }} |
| 24 | release: {{ .Release.Name }} |
| 25 | heritage: {{ .Release.Service }} |
| 26 | {{- if .Values.master.statefulset.labels }} |
| 27 | {{- toYaml .Values.master.statefulset.labels | nindent 4 }} |
| 28 | {{- end }} |
| 29 | {{- if .Values.master.statefulset.annotations }} |
| 30 | annotations: |
| 31 | {{- toYaml .Values.master.statefulset.annotations | nindent 4 }} |
| 32 | {{- end }} |
| 33 | spec: |
| 34 | selector: |
| 35 | matchLabels: |
| 36 | app: {{ template "redis.name" . }} |
| 37 | release: {{ .Release.Name }} |
| 38 | role: master |
| 39 | serviceName: {{ template "redis.fullname" . }}-headless |
| 40 | template: |
| 41 | metadata: |
| 42 | labels: |
| 43 | app: {{ template "redis.name" . }} |
| 44 | chart: {{ template "redis.chart" . }} |
| 45 | release: {{ .Release.Name }} |
| 46 | role: master |
| 47 | {{- if .Values.master.podLabels }} |
| 48 | {{- toYaml .Values.master.podLabels | nindent 8 }} |
| 49 | {{- end }} |
| 50 | {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} |
| 51 | {{- toYaml .Values.metrics.podLabels | nindent 8 }} |
| 52 | {{- end }} |
| 53 | annotations: |
| 54 | checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} |
| 55 | checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} |
| 56 | checksum/configmap: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }} |
| 57 | checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} |
| 58 | {{- if .Values.master.podAnnotations }} |
| 59 | {{- toYaml .Values.master.podAnnotations | nindent 8 }} |
| 60 | {{- end }} |
| 61 | {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} |
| 62 | {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} |
| 63 | {{- end }} |
| 64 | spec: |
| 65 | {{- include "redis.imagePullSecrets" . | nindent 6 }} |
| 66 | {{- if .Values.master.hostAliases }} |
| 67 | hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} |
| 68 | {{- end }} |
| 69 | {{- if .Values.securityContext.enabled }} |
| 70 | securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} |
| 71 | {{- end }} |
| 72 | serviceAccountName: {{ template "redis.serviceAccountName" . }} |
| 73 | {{- if .Values.master.priorityClassName }} |
| 74 | priorityClassName: {{ .Values.master.priorityClassName | quote }} |
| 75 | {{- end }} |
| 76 | {{- with .Values.master.affinity }} |
| 77 | affinity: {{- tpl (toYaml .) $ | nindent 8 }} |
| 78 | {{- end }} |
| 79 | {{- if .Values.master.nodeSelector }} |
| 80 | nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }} |
| 81 | {{- end }} |
| 82 | {{- if .Values.master.tolerations }} |
| 83 | tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} |
| 84 | {{- end }} |
| 85 | {{- if .Values.master.shareProcessNamespace }} |
| 86 | shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} |
| 87 | {{- end }} |
| 88 | {{- if .Values.master.schedulerName }} |
| 89 | schedulerName: {{ .Values.master.schedulerName }} |
| 90 | {{- end }} |
| 91 | containers: |
| 92 | - name: {{ template "redis.name" . }} |
| 93 | image: {{ template "redis.image" . }} |
| 94 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} |
| 95 | {{- if .Values.containerSecurityContext.enabled }} |
| 96 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 97 | {{- end }} |
| 98 | command: |
| 99 | - /bin/bash |
| 100 | - -c |
| 101 | - /opt/bitnami/scripts/start-scripts/start-master.sh |
| 102 | env: |
| 103 | - name: REDIS_REPLICATION_MODE |
| 104 | value: master |
| 105 | {{- if .Values.usePassword }} |
| 106 | {{- if .Values.usePasswordFile }} |
| 107 | - name: REDIS_PASSWORD_FILE |
| 108 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 109 | {{- else }} |
| 110 | - name: REDIS_PASSWORD |
| 111 | valueFrom: |
| 112 | secretKeyRef: |
| 113 | name: {{ template "redis.secretName" . }} |
| 114 | key: {{ template "redis.secretPasswordKey" . }} |
| 115 | {{- end }} |
| 116 | {{- else }} |
| 117 | - name: ALLOW_EMPTY_PASSWORD |
| 118 | value: "yes" |
| 119 | {{- end }} |
| 120 | - name: REDIS_TLS_ENABLED |
| 121 | value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} |
| 122 | {{- if .Values.tls.enabled }} |
| 123 | - name: REDIS_TLS_PORT |
| 124 | value: {{ .Values.redisPort | quote }} |
| 125 | - name: REDIS_TLS_AUTH_CLIENTS |
| 126 | value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} |
| 127 | - name: REDIS_TLS_CERT_FILE |
| 128 | value: {{ template "redis.tlsCert" . }} |
| 129 | - name: REDIS_TLS_KEY_FILE |
| 130 | value: {{ template "redis.tlsCertKey" . }} |
| 131 | - name: REDIS_TLS_CA_FILE |
| 132 | value: {{ template "redis.tlsCACert" . }} |
| 133 | {{- if .Values.tls.dhParamsFilename }} |
| 134 | - name: REDIS_TLS_DH_PARAMS_FILE |
| 135 | value: {{ template "redis.tlsDHParams" . }} |
| 136 | {{- end }} |
| 137 | {{- else }} |
| 138 | - name: REDIS_PORT |
| 139 | value: {{ .Values.redisPort | quote }} |
| 140 | {{- end }} |
| 141 | {{- if .Values.master.extraEnvVars }} |
| 142 | {{- include "redis.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} |
| 143 | {{- end }} |
| 144 | {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} |
| 145 | envFrom: |
| 146 | {{- if .Values.master.extraEnvVarsCM }} |
| 147 | - configMapRef: |
| 148 | name: {{ .Values.master.extraEnvVarsCM }} |
| 149 | {{- end }} |
| 150 | {{- if .Values.master.extraEnvVarsSecret }} |
| 151 | - secretRef: |
| 152 | name: {{ .Values.master.extraEnvVarsSecret }} |
| 153 | {{- end }} |
| 154 | {{- end }} |
| 155 | ports: |
| 156 | - name: redis |
| 157 | containerPort: {{ .Values.redisPort }} |
| 158 | {{- if .Values.master.livenessProbe.enabled }} |
| 159 | livenessProbe: |
| 160 | initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} |
| 161 | periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} |
| 162 | # One second longer than command timeout should prevent generation of zombie processes. |
| 163 | timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} |
| 164 | successThreshold: {{ .Values.master.livenessProbe.successThreshold }} |
| 165 | failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} |
| 166 | exec: |
| 167 | command: |
| 168 | - sh |
| 169 | - -c |
| 170 | - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} |
| 171 | {{- else if .Values.master.customLivenessProbe }} |
| 172 | livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }} |
| 173 | {{- end }} |
| 174 | {{- if .Values.master.readinessProbe.enabled}} |
| 175 | readinessProbe: |
| 176 | initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} |
| 177 | periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} |
| 178 | timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} |
| 179 | successThreshold: {{ .Values.master.readinessProbe.successThreshold }} |
| 180 | failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} |
| 181 | exec: |
| 182 | command: |
| 183 | - sh |
| 184 | - -c |
| 185 | - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} |
| 186 | {{- else if .Values.master.customReadinessProbe }} |
| 187 | readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }} |
| 188 | {{- end }} |
| 189 | resources: {{- toYaml .Values.master.resources | nindent 12 }} |
| 190 | volumeMounts: |
| 191 | - name: start-scripts |
| 192 | mountPath: /opt/bitnami/scripts/start-scripts |
| 193 | - name: health |
| 194 | mountPath: /health |
| 195 | {{- if .Values.usePasswordFile }} |
| 196 | - name: redis-password |
| 197 | mountPath: /opt/bitnami/redis/secrets/ |
| 198 | {{- end }} |
| 199 | - name: redis-data |
| 200 | mountPath: {{ .Values.master.persistence.path }} |
| 201 | subPath: {{ .Values.master.persistence.subPath }} |
| 202 | - name: config |
| 203 | mountPath: /opt/bitnami/redis/mounted-etc |
| 204 | - name: redis-tmp-conf |
| 205 | mountPath: /opt/bitnami/redis/etc/ |
| 206 | {{- if .Values.tls.enabled }} |
| 207 | - name: redis-certificates |
| 208 | mountPath: /opt/bitnami/redis/certs |
| 209 | readOnly: true |
| 210 | {{- end }} |
| 211 | {{- if .Values.metrics.enabled }} |
| 212 | - name: metrics |
| 213 | image: {{ template "redis.metrics.image" . }} |
| 214 | imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} |
| 215 | {{- if .Values.containerSecurityContext.enabled }} |
| 216 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 217 | {{- end }} |
| 218 | command: |
| 219 | - /bin/bash |
| 220 | - -c |
| 221 | - | |
| 222 | if [[ -f '/secrets/redis-password' ]]; then |
| 223 | export REDIS_PASSWORD=$(cat /secrets/redis-password) |
| 224 | fi |
| 225 | redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} |
| 226 | env: |
| 227 | - name: REDIS_ALIAS |
| 228 | value: {{ template "redis.fullname" . }} |
| 229 | {{- if and .Values.usePassword (not .Values.usePasswordFile) }} |
| 230 | - name: REDIS_PASSWORD |
| 231 | valueFrom: |
| 232 | secretKeyRef: |
| 233 | name: {{ template "redis.secretName" . }} |
| 234 | key: {{ template "redis.secretPasswordKey" . }} |
| 235 | {{- end }} |
| 236 | {{- if .Values.tls.enabled }} |
| 237 | - name: REDIS_ADDR |
| 238 | value: rediss://localhost:{{ .Values.redisPort }} |
| 239 | - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE |
| 240 | value: {{ template "redis.tlsCertKey" . }} |
| 241 | - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE |
| 242 | value: {{ template "redis.tlsCert" . }} |
| 243 | - name: REDIS_EXPORTER_TLS_CA_CERT_FILE |
| 244 | value: {{ template "redis.tlsCACert" . }} |
| 245 | {{- end }} |
| 246 | volumeMounts: |
| 247 | {{- if .Values.usePasswordFile }} |
| 248 | - name: redis-password |
| 249 | mountPath: /secrets/ |
| 250 | {{- end }} |
| 251 | {{- if .Values.tls.enabled }} |
| 252 | - name: redis-certificates |
| 253 | mountPath: /opt/bitnami/redis/certs |
| 254 | readOnly: true |
| 255 | {{- end }} |
| 256 | ports: |
| 257 | - name: metrics |
| 258 | containerPort: 9121 |
| 259 | resources: {{- toYaml .Values.metrics.resources | nindent 12 }} |
| 260 | {{- end }} |
| 261 | {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }} |
| 262 | {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }} |
| 263 | initContainers: |
| 264 | {{- if $needsVolumePermissions }} |
| 265 | - name: volume-permissions |
| 266 | image: "{{ template "redis.volumePermissions.image" . }}" |
| 267 | imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} |
| 268 | command: |
| 269 | - /bin/bash |
| 270 | - -ec |
| 271 | - | |
| 272 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} |
| 273 | chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} |
| 274 | {{- else }} |
| 275 | chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.master.persistence.path }} |
| 276 | {{- end }} |
| 277 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}} |
| 278 | securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} |
| 279 | {{- else }} |
| 280 | securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} |
| 281 | {{- end }} |
| 282 | resources: {{- toYaml .Values.volumePermissions.resources | nindent 10 }} |
| 283 | volumeMounts: |
| 284 | - name: redis-data |
| 285 | mountPath: {{ .Values.master.persistence.path }} |
| 286 | subPath: {{ .Values.master.persistence.subPath }} |
| 287 | {{- end }} |
| 288 | {{- if .Values.sysctlImage.enabled }} |
| 289 | - name: init-sysctl |
| 290 | image: {{ template "redis.sysctl.image" . }} |
| 291 | imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }} |
| 292 | resources: {{- toYaml .Values.sysctlImage.resources | nindent 10 }} |
| 293 | {{- if .Values.sysctlImage.mountHostSys }} |
| 294 | volumeMounts: |
| 295 | - name: host-sys |
| 296 | mountPath: /host-sys |
| 297 | {{- end }} |
| 298 | command: {{- toYaml .Values.sysctlImage.command | nindent 10 }} |
| 299 | securityContext: |
| 300 | privileged: true |
| 301 | runAsUser: 0 |
| 302 | {{- end }} |
| 303 | {{- end }} |
| 304 | volumes: |
| 305 | - name: start-scripts |
| 306 | configMap: |
| 307 | name: {{ include "redis.fullname" . }}-scripts |
| 308 | defaultMode: 0755 |
| 309 | - name: health |
| 310 | configMap: |
| 311 | name: {{ template "redis.fullname" . }}-health |
| 312 | defaultMode: 0755 |
| 313 | {{- if .Values.usePasswordFile }} |
| 314 | - name: redis-password |
| 315 | secret: |
| 316 | secretName: {{ template "redis.secretName" . }} |
| 317 | items: |
| 318 | - key: {{ template "redis.secretPasswordKey" . }} |
| 319 | path: redis-password |
| 320 | {{- end }} |
| 321 | - name: config |
| 322 | configMap: |
| 323 | name: {{ template "redis.fullname" . }} |
| 324 | {{- if not .Values.master.persistence.enabled }} |
| 325 | - name: "redis-data" |
| 326 | emptyDir: {} |
| 327 | {{- else }} |
| 328 | {{- if .Values.persistence.existingClaim }} |
| 329 | - name: "redis-data" |
| 330 | persistentVolumeClaim: |
| 331 | claimName: {{ include "redis.tplValue" (dict "value" .Values.persistence.existingClaim "context" $) }} |
| 332 | {{- end }} |
| 333 | {{- if .Values.master.persistence.volumes }} |
| 334 | {{- toYaml .Values.master.persistence.volumes | nindent 8 }} |
| 335 | {{- end }} |
| 336 | {{- end }} |
| 337 | {{- if .Values.sysctlImage.mountHostSys }} |
| 338 | - name: host-sys |
| 339 | hostPath: |
| 340 | path: /sys |
| 341 | {{- end }} |
| 342 | - name: redis-tmp-conf |
| 343 | emptyDir: {} |
| 344 | {{- if .Values.tls.enabled }} |
| 345 | - name: redis-certificates |
| 346 | secret: |
| 347 | secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }} |
| 348 | defaultMode: 256 |
| 349 | {{- end }} |
| 350 | {{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.master.persistence.volumes) }} |
| 351 | volumeClaimTemplates: |
| 352 | - metadata: |
| 353 | name: redis-data |
| 354 | labels: |
| 355 | app: {{ template "redis.name" . }} |
| 356 | release: {{ .Release.Name }} |
| 357 | heritage: {{ .Release.Service }} |
| 358 | component: master |
| 359 | {{- if .Values.master.statefulset.volumeClaimTemplates.labels }} |
| 360 | {{- toYaml .Values.master.statefulset.volumeClaimTemplates.labels | nindent 10 }} |
| 361 | {{- end }} |
| 362 | {{- if .Values.master.statefulset.volumeClaimTemplates.annotations }} |
| 363 | annotations: |
| 364 | {{- toYaml .Values.master.statefulset.volumeClaimTemplates.annotations | nindent 10 }} |
| 365 | {{- end }} |
| 366 | spec: |
| 367 | accessModes: |
| 368 | {{- range .Values.master.persistence.accessModes }} |
| 369 | - {{ . | quote }} |
| 370 | {{- end }} |
| 371 | resources: |
| 372 | requests: |
| 373 | storage: {{ .Values.master.persistence.size | quote }} |
| 374 | {{ include "redis.master.storageClass" . }} |
| 375 | selector: |
| 376 | {{- if .Values.master.persistence.matchLabels }} |
| 377 | matchLabels: {{- toYaml .Values.master.persistence.matchLabels | nindent 12 }} |
| 378 | {{- end -}} |
| 379 | {{- if .Values.master.persistence.matchExpressions }} |
| 380 | matchExpressions: {{- toYaml .Values.master.persistence.matchExpressions | nindent 12 }} |
| 381 | {{- end -}} |
| 382 | {{- end }} |
| 383 | updateStrategy: |
| 384 | type: {{ .Values.master.statefulset.updateStrategy }} |
| 385 | {{- if .Values.master.statefulset.rollingUpdatePartition }} |
| 386 | {{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }} |
| 387 | rollingUpdate: null |
| 388 | {{- else }} |
| 389 | rollingUpdate: |
| 390 | partition: {{ .Values.master.statefulset.rollingUpdatePartition }} |
| 391 | {{- end }} |
| 392 | {{- end }} |
| 393 | {{- end }} |