Gitiles
Code Review Sign In
gerrit.opencord.org / voltha-helm-charts / dd1fd9d86e0b375192958a115d34070c04a6f1a6 / . / redis / templates / redis-master-statefulset.yaml
blob: c2cd6c937d723852d3e2c61bb4bb9fe4016504a2 [file] [log] [blame]
Tinoj Josephdd1fd9d2022-08-01 23:59:26 +0530[diff] [blame^]1# Copyright 2022-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15{{- if or (not .Values.global.redis.cluster.enabled) (not .Values.global.redis.sentinel.enabled) }}
16apiVersion: apps/v1
17kind: StatefulSet
18metadata:
19 name: {{ template "redis.fullname" . }}
20 namespace: {{ .Release.Namespace | quote }}
21 labels:
22 app: {{ template "redis.name" . }}
23 chart: {{ template "redis.chart" . }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
26 {{- if .Values.master.statefulset.labels }}
27 {{- toYaml .Values.master.statefulset.labels | nindent 4 }}
28 {{- end }}
29{{- if .Values.master.statefulset.annotations }}
30 annotations:
31 {{- toYaml .Values.master.statefulset.annotations | nindent 4 }}
32{{- end }}
33spec:
34 selector:
35 matchLabels:
36 app: {{ template "redis.name" . }}
37 release: {{ .Release.Name }}
38 role: master
39 serviceName: {{ template "redis.fullname" . }}-headless
40 template:
41 metadata:
42 labels:
43 app: {{ template "redis.name" . }}
44 chart: {{ template "redis.chart" . }}
45 release: {{ .Release.Name }}
46 role: master
47 {{- if .Values.master.podLabels }}
48 {{- toYaml .Values.master.podLabels | nindent 8 }}
49 {{- end }}
50 {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
51 {{- toYaml .Values.metrics.podLabels | nindent 8 }}
52 {{- end }}
53 annotations:
54 checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
55 checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
56 checksum/configmap: {{ include (print $.Template.BasePath "/configmap-scripts.yaml") . | sha256sum }}
57 checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
58 {{- if .Values.master.podAnnotations }}
59 {{- toYaml .Values.master.podAnnotations | nindent 8 }}
60 {{- end }}
61 {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
62 {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
63 {{- end }}
64 spec:
65 {{- include "redis.imagePullSecrets" . | nindent 6 }}
66 {{- if .Values.master.hostAliases }}
67 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
68 {{- end }}
69 {{- if .Values.securityContext.enabled }}
70 securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
71 {{- end }}
72 serviceAccountName: {{ template "redis.serviceAccountName" . }}
73 {{- if .Values.master.priorityClassName }}
74 priorityClassName: {{ .Values.master.priorityClassName | quote }}
75 {{- end }}
76 {{- with .Values.master.affinity }}
77 affinity: {{- tpl (toYaml .) $ | nindent 8 }}
78 {{- end }}
79 {{- if .Values.master.nodeSelector }}
80 nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
81 {{- end }}
82 {{- if .Values.master.tolerations }}
83 tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
84 {{- end }}
85 {{- if .Values.master.shareProcessNamespace }}
86 shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
87 {{- end }}
88 {{- if .Values.master.schedulerName }}
89 schedulerName: {{ .Values.master.schedulerName }}
90 {{- end }}
91 containers:
92 - name: {{ template "redis.name" . }}
93 image: {{ template "redis.image" . }}
94 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
95 {{- if .Values.containerSecurityContext.enabled }}
96 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
97 {{- end }}
98 command:
99 - /bin/bash
100 - -c
101 - /opt/bitnami/scripts/start-scripts/start-master.sh
102 env:
103 - name: REDIS_REPLICATION_MODE
104 value: master
105 {{- if .Values.usePassword }}
106 {{- if .Values.usePasswordFile }}
107 - name: REDIS_PASSWORD_FILE
108 value: "/opt/bitnami/redis/secrets/redis-password"
109 {{- else }}
110 - name: REDIS_PASSWORD
111 valueFrom:
112 secretKeyRef:
113 name: {{ template "redis.secretName" . }}
114 key: {{ template "redis.secretPasswordKey" . }}
115 {{- end }}
116 {{- else }}
117 - name: ALLOW_EMPTY_PASSWORD
118 value: "yes"
119 {{- end }}
120 - name: REDIS_TLS_ENABLED
121 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
122 {{- if .Values.tls.enabled }}
123 - name: REDIS_TLS_PORT
124 value: {{ .Values.redisPort | quote }}
125 - name: REDIS_TLS_AUTH_CLIENTS
126 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
127 - name: REDIS_TLS_CERT_FILE
128 value: {{ template "redis.tlsCert" . }}
129 - name: REDIS_TLS_KEY_FILE
130 value: {{ template "redis.tlsCertKey" . }}
131 - name: REDIS_TLS_CA_FILE
132 value: {{ template "redis.tlsCACert" . }}
133 {{- if .Values.tls.dhParamsFilename }}
134 - name: REDIS_TLS_DH_PARAMS_FILE
135 value: {{ template "redis.tlsDHParams" . }}
136 {{- end }}
137 {{- else }}
138 - name: REDIS_PORT
139 value: {{ .Values.redisPort | quote }}
140 {{- end }}
141 {{- if .Values.master.extraEnvVars }}
142 {{- include "redis.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
143 {{- end }}
144 {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
145 envFrom:
146 {{- if .Values.master.extraEnvVarsCM }}
147 - configMapRef:
148 name: {{ .Values.master.extraEnvVarsCM }}
149 {{- end }}
150 {{- if .Values.master.extraEnvVarsSecret }}
151 - secretRef:
152 name: {{ .Values.master.extraEnvVarsSecret }}
153 {{- end }}
154 {{- end }}
155 ports:
156 - name: redis
157 containerPort: {{ .Values.redisPort }}
158 {{- if .Values.master.livenessProbe.enabled }}
159 livenessProbe:
160 initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
161 periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
162 # One second longer than command timeout should prevent generation of zombie processes.
163 timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
164 successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
165 failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
166 exec:
167 command:
168 - sh
169 - -c
170 - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
171 {{- else if .Values.master.customLivenessProbe }}
172 livenessProbe: {{- toYaml .Values.master.customLivenessProbe | nindent 12 }}
173 {{- end }}
174 {{- if .Values.master.readinessProbe.enabled}}
175 readinessProbe:
176 initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
177 periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
178 timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
179 successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
180 failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
181 exec:
182 command:
183 - sh
184 - -c
185 - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
186 {{- else if .Values.master.customReadinessProbe }}
187 readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
188 {{- end }}
189 resources: {{- toYaml .Values.master.resources | nindent 12 }}
190 volumeMounts:
191 - name: start-scripts
192 mountPath: /opt/bitnami/scripts/start-scripts
193 - name: health
194 mountPath: /health
195 {{- if .Values.usePasswordFile }}
196 - name: redis-password
197 mountPath: /opt/bitnami/redis/secrets/
198 {{- end }}
199 - name: redis-data
200 mountPath: {{ .Values.master.persistence.path }}
201 subPath: {{ .Values.master.persistence.subPath }}
202 - name: config
203 mountPath: /opt/bitnami/redis/mounted-etc
204 - name: redis-tmp-conf
205 mountPath: /opt/bitnami/redis/etc/
206 {{- if .Values.tls.enabled }}
207 - name: redis-certificates
208 mountPath: /opt/bitnami/redis/certs
209 readOnly: true
210 {{- end }}
211 {{- if .Values.metrics.enabled }}
212 - name: metrics
213 image: {{ template "redis.metrics.image" . }}
214 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
215 {{- if .Values.containerSecurityContext.enabled }}
216 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
217 {{- end }}
218 command:
219 - /bin/bash
220 - -c
221 - |
222 if [[ -f '/secrets/redis-password' ]]; then
223 export REDIS_PASSWORD=$(cat /secrets/redis-password)
224 fi
225 redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
226 env:
227 - name: REDIS_ALIAS
228 value: {{ template "redis.fullname" . }}
229 {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
230 - name: REDIS_PASSWORD
231 valueFrom:
232 secretKeyRef:
233 name: {{ template "redis.secretName" . }}
234 key: {{ template "redis.secretPasswordKey" . }}
235 {{- end }}
236 {{- if .Values.tls.enabled }}
237 - name: REDIS_ADDR
238 value: rediss://localhost:{{ .Values.redisPort }}
239 - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
240 value: {{ template "redis.tlsCertKey" . }}
241 - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
242 value: {{ template "redis.tlsCert" . }}
243 - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
244 value: {{ template "redis.tlsCACert" . }}
245 {{- end }}
246 volumeMounts:
247 {{- if .Values.usePasswordFile }}
248 - name: redis-password
249 mountPath: /secrets/
250 {{- end }}
251 {{- if .Values.tls.enabled }}
252 - name: redis-certificates
253 mountPath: /opt/bitnami/redis/certs
254 readOnly: true
255 {{- end }}
256 ports:
257 - name: metrics
258 containerPort: 9121
259 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
260 {{- end }}
261 {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
262 {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
263 initContainers:
264 {{- if $needsVolumePermissions }}
265 - name: volume-permissions
266 image: "{{ template "redis.volumePermissions.image" . }}"
267 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
268 command:
269 - /bin/bash
270 - -ec
271 - |
272 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
273 chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }}
274 {{- else }}
275 chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.master.persistence.path }}
276 {{- end }}
277 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
278 securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
279 {{- else }}
280 securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
281 {{- end }}
282 resources: {{- toYaml .Values.volumePermissions.resources | nindent 10 }}
283 volumeMounts:
284 - name: redis-data
285 mountPath: {{ .Values.master.persistence.path }}
286 subPath: {{ .Values.master.persistence.subPath }}
287 {{- end }}
288 {{- if .Values.sysctlImage.enabled }}
289 - name: init-sysctl
290 image: {{ template "redis.sysctl.image" . }}
291 imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
292 resources: {{- toYaml .Values.sysctlImage.resources | nindent 10 }}
293 {{- if .Values.sysctlImage.mountHostSys }}
294 volumeMounts:
295 - name: host-sys
296 mountPath: /host-sys
297 {{- end }}
298 command: {{- toYaml .Values.sysctlImage.command | nindent 10 }}
299 securityContext:
300 privileged: true
301 runAsUser: 0
302 {{- end }}
303 {{- end }}
304 volumes:
305 - name: start-scripts
306 configMap:
307 name: {{ include "redis.fullname" . }}-scripts
308 defaultMode: 0755
309 - name: health
310 configMap:
311 name: {{ template "redis.fullname" . }}-health
312 defaultMode: 0755
313 {{- if .Values.usePasswordFile }}
314 - name: redis-password
315 secret:
316 secretName: {{ template "redis.secretName" . }}
317 items:
318 - key: {{ template "redis.secretPasswordKey" . }}
319 path: redis-password
320 {{- end }}
321 - name: config
322 configMap:
323 name: {{ template "redis.fullname" . }}
324 {{- if not .Values.master.persistence.enabled }}
325 - name: "redis-data"
326 emptyDir: {}
327 {{- else }}
328 {{- if .Values.persistence.existingClaim }}
329 - name: "redis-data"
330 persistentVolumeClaim:
331 claimName: {{ include "redis.tplValue" (dict "value" .Values.persistence.existingClaim "context" $) }}
332 {{- end }}
333 {{- if .Values.master.persistence.volumes }}
334 {{- toYaml .Values.master.persistence.volumes | nindent 8 }}
335 {{- end }}
336 {{- end }}
337 {{- if .Values.sysctlImage.mountHostSys }}
338 - name: host-sys
339 hostPath:
340 path: /sys
341 {{- end }}
342 - name: redis-tmp-conf
343 emptyDir: {}
344 {{- if .Values.tls.enabled }}
345 - name: redis-certificates
346 secret:
347 secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
348 defaultMode: 256
349 {{- end }}
350 {{- if and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.master.persistence.volumes) }}
351 volumeClaimTemplates:
352 - metadata:
353 name: redis-data
354 labels:
355 app: {{ template "redis.name" . }}
356 release: {{ .Release.Name }}
357 heritage: {{ .Release.Service }}
358 component: master
359 {{- if .Values.master.statefulset.volumeClaimTemplates.labels }}
360 {{- toYaml .Values.master.statefulset.volumeClaimTemplates.labels | nindent 10 }}
361 {{- end }}
362 {{- if .Values.master.statefulset.volumeClaimTemplates.annotations }}
363 annotations:
364 {{- toYaml .Values.master.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
365 {{- end }}
366 spec:
367 accessModes:
368 {{- range .Values.master.persistence.accessModes }}
369 - {{ . | quote }}
370 {{- end }}
371 resources:
372 requests:
373 storage: {{ .Values.master.persistence.size | quote }}
374 {{ include "redis.master.storageClass" . }}
375 selector:
376 {{- if .Values.master.persistence.matchLabels }}
377 matchLabels: {{- toYaml .Values.master.persistence.matchLabels | nindent 12 }}
378 {{- end -}}
379 {{- if .Values.master.persistence.matchExpressions }}
380 matchExpressions: {{- toYaml .Values.master.persistence.matchExpressions | nindent 12 }}
381 {{- end -}}
382 {{- end }}
383 updateStrategy:
384 type: {{ .Values.master.statefulset.updateStrategy }}
385 {{- if .Values.master.statefulset.rollingUpdatePartition }}
386 {{- if (eq "Recreate" .Values.master.statefulset.updateStrategy) }}
387 rollingUpdate: null
388 {{- else }}
389 rollingUpdate:
390 partition: {{ .Values.master.statefulset.rollingUpdatePartition }}
391 {{- end }}
392 {{- end }}
393{{- end }}