Tinoj Joseph | dd1fd9d | 2022-08-01 23:59:26 +0530 | [diff] [blame^] | 1 | # Copyright 2022-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | {{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }} |
| 16 | apiVersion: apps/v1 |
| 17 | kind: StatefulSet |
| 18 | metadata: |
| 19 | name: {{ template "redis.fullname" . }}-node |
| 20 | namespace: {{ .Release.Namespace | quote }} |
| 21 | labels: |
| 22 | app: {{ template "redis.name" . }} |
| 23 | chart: {{ template "redis.chart" . }} |
| 24 | release: {{ .Release.Name }} |
| 25 | heritage: {{ .Release.Service }} |
| 26 | {{- if .Values.slave.statefulset.labels }} |
| 27 | {{- toYaml .Values.slave.statefulset.labels | nindent 4 }} |
| 28 | {{- end }} |
| 29 | {{- if .Values.slave.statefulset.annotations }} |
| 30 | annotations: |
| 31 | {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }} |
| 32 | {{- end }} |
| 33 | spec: |
| 34 | {{- if .Values.slave.updateStrategy }} |
| 35 | strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }} |
| 36 | {{- end }} |
| 37 | replicas: {{ .Values.cluster.slaveCount }} |
| 38 | serviceName: {{ template "redis.fullname" . }}-headless |
| 39 | selector: |
| 40 | matchLabels: |
| 41 | app: {{ template "redis.name" . }} |
| 42 | release: {{ .Release.Name }} |
| 43 | role: node |
| 44 | template: |
| 45 | metadata: |
| 46 | labels: |
| 47 | app: {{ template "redis.name" . }} |
| 48 | release: {{ .Release.Name }} |
| 49 | chart: {{ template "redis.chart" . }} |
| 50 | role: node |
| 51 | {{- if .Values.slave.podLabels }} |
| 52 | {{- toYaml .Values.slave.podLabels | nindent 8 }} |
| 53 | {{- end }} |
| 54 | {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} |
| 55 | {{- toYaml .Values.metrics.podLabels | nindent 8 }} |
| 56 | {{- end }} |
| 57 | annotations: |
| 58 | checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} |
| 59 | checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} |
| 60 | checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} |
| 61 | {{- if .Values.slave.podAnnotations }} |
| 62 | {{- toYaml .Values.slave.podAnnotations | nindent 8 }} |
| 63 | {{- end }} |
| 64 | {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} |
| 65 | {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} |
| 66 | {{- end }} |
| 67 | spec: |
| 68 | {{- include "redis.imagePullSecrets" . | nindent 6 }} |
| 69 | {{- if .Values.slave.hostAliases }} |
| 70 | hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }} |
| 71 | {{- end }} |
| 72 | {{- if .Values.securityContext.enabled }} |
| 73 | securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} |
| 74 | {{- end }} |
| 75 | serviceAccountName: {{ template "redis.serviceAccountName" . }} |
| 76 | {{- if .Values.slave.priorityClassName }} |
| 77 | priorityClassName: "{{ .Values.slave.priorityClassName }}" |
| 78 | {{- end }} |
| 79 | {{- if .Values.slave.nodeSelector }} |
| 80 | nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }} |
| 81 | {{- end }} |
| 82 | {{- if .Values.slave.tolerations }} |
| 83 | tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }} |
| 84 | {{- end }} |
| 85 | {{- if .Values.slave.schedulerName }} |
| 86 | schedulerName: {{ .Values.slave.schedulerName }} |
| 87 | {{- end }} |
| 88 | {{- if .Values.master.spreadConstraints }} |
| 89 | topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }} |
| 90 | {{- end }} |
| 91 | {{- with .Values.slave.affinity }} |
| 92 | affinity: {{- tpl (toYaml .) $ | nindent 8 }} |
| 93 | {{- end }} |
| 94 | containers: |
| 95 | - name: {{ template "redis.name" . }} |
| 96 | image: {{ template "redis.image" . }} |
| 97 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} |
| 98 | {{- if .Values.containerSecurityContext.enabled }} |
| 99 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 100 | {{- end }} |
| 101 | command: |
| 102 | - /bin/bash |
| 103 | - -c |
| 104 | - /opt/bitnami/scripts/start-scripts/start-node.sh |
| 105 | env: |
| 106 | - name: REDIS_MASTER_PORT_NUMBER |
| 107 | value: {{ .Values.redisPort | quote }} |
| 108 | {{- if .Values.usePassword }} |
| 109 | {{- if .Values.usePasswordFile }} |
| 110 | - name: REDIS_PASSWORD_FILE |
| 111 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 112 | - name: REDIS_MASTER_PASSWORD_FILE |
| 113 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 114 | {{- else }} |
| 115 | - name: REDIS_PASSWORD |
| 116 | valueFrom: |
| 117 | secretKeyRef: |
| 118 | name: {{ template "redis.secretName" . }} |
| 119 | key: {{ template "redis.secretPasswordKey" . }} |
| 120 | - name: REDIS_MASTER_PASSWORD |
| 121 | valueFrom: |
| 122 | secretKeyRef: |
| 123 | name: {{ template "redis.secretName" . }} |
| 124 | key: {{ template "redis.secretPasswordKey" . }} |
| 125 | {{- end }} |
| 126 | {{- else }} |
| 127 | - name: ALLOW_EMPTY_PASSWORD |
| 128 | value: "yes" |
| 129 | {{- end }} |
| 130 | - name: REDIS_TLS_ENABLED |
| 131 | value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} |
| 132 | {{- if .Values.tls.enabled }} |
| 133 | - name: REDIS_TLS_PORT |
| 134 | value: {{ .Values.redisPort | quote }} |
| 135 | - name: REDIS_TLS_AUTH_CLIENTS |
| 136 | value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} |
| 137 | - name: REDIS_TLS_CERT_FILE |
| 138 | value: {{ template "redis.tlsCert" . }} |
| 139 | - name: REDIS_TLS_KEY_FILE |
| 140 | value: {{ template "redis.tlsCertKey" . }} |
| 141 | - name: REDIS_TLS_CA_FILE |
| 142 | value: {{ template "redis.tlsCACert" . }} |
| 143 | {{- if .Values.tls.dhParamsFilename }} |
| 144 | - name: REDIS_TLS_DH_PARAMS_FILE |
| 145 | value: {{ template "redis.tlsDHParams" . }} |
| 146 | {{- end }} |
| 147 | {{- else }} |
| 148 | - name: REDIS_PORT |
| 149 | value: {{ .Values.redisPort | quote }} |
| 150 | {{- end }} |
| 151 | - name: REDIS_DATA_DIR |
| 152 | value: {{ .Values.slave.persistence.path }} |
| 153 | {{- if .Values.sentinel.extraEnvVars }} |
| 154 | {{- include "redis.tplValue" (dict "value" .Values.sentinel.extraEnvVars "context" $) | nindent 12 }} |
| 155 | {{- end }} |
| 156 | {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} |
| 157 | envFrom: |
| 158 | {{- if .Values.sentinel.extraEnvVarsCM }} |
| 159 | - configMapRef: |
| 160 | name: {{ .Values.sentinel.extraEnvVarsCM }} |
| 161 | {{- end }} |
| 162 | {{- if .Values.sentinel.extraEnvVarsSecret }} |
| 163 | - secretRef: |
| 164 | name: {{ .Values.sentinel.extraEnvVarsSecret }} |
| 165 | {{- end }} |
| 166 | {{- end }} |
| 167 | ports: |
| 168 | - name: redis |
| 169 | containerPort: {{ .Values.redisPort }} |
| 170 | {{- if .Values.slave.livenessProbe.enabled }} |
| 171 | livenessProbe: |
| 172 | initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }} |
| 173 | periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }} |
| 174 | timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 175 | successThreshold: {{ .Values.slave.livenessProbe.successThreshold }} |
| 176 | failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}} |
| 177 | exec: |
| 178 | command: |
| 179 | - sh |
| 180 | - -c |
| 181 | {{- if .Values.global.redis.sentinel.enabled }} |
| 182 | - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 183 | {{- else }} |
| 184 | - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 185 | {{- end }} |
| 186 | {{- else if .Values.slave.customLivenessProbe }} |
| 187 | livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }} |
| 188 | {{- end }} |
| 189 | {{- if .Values.slave.readinessProbe.enabled }} |
| 190 | readinessProbe: |
| 191 | initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }} |
| 192 | periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }} |
| 193 | timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }} |
| 194 | successThreshold: {{ .Values.slave.readinessProbe.successThreshold }} |
| 195 | failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }} |
| 196 | exec: |
| 197 | command: |
| 198 | - sh |
| 199 | - -c |
| 200 | {{- if .Values.global.redis.sentinel.enabled }} |
| 201 | - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 202 | {{- else }} |
| 203 | - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 204 | {{- end }} |
| 205 | {{- else if .Values.slave.customReadinessProbe }} |
| 206 | readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }} |
| 207 | {{- end }} |
| 208 | resources: {{- toYaml .Values.slave.resources | nindent 12 }} |
| 209 | volumeMounts: |
| 210 | - name: start-scripts |
| 211 | mountPath: /opt/bitnami/scripts/start-scripts |
| 212 | - name: health |
| 213 | mountPath: /health |
| 214 | {{- if .Values.usePasswordFile }} |
| 215 | - name: redis-password |
| 216 | mountPath: /opt/bitnami/redis/secrets/ |
| 217 | {{- end }} |
| 218 | - name: redis-data |
| 219 | mountPath: {{ .Values.slave.persistence.path }} |
| 220 | subPath: {{ .Values.slave.persistence.subPath }} |
| 221 | - name: config |
| 222 | mountPath: /opt/bitnami/redis/mounted-etc |
| 223 | - name: redis-tmp-conf |
| 224 | mountPath: /opt/bitnami/redis/etc |
| 225 | {{- if .Values.tls.enabled }} |
| 226 | - name: redis-certificates |
| 227 | mountPath: /opt/bitnami/redis/certs |
| 228 | readOnly: true |
| 229 | {{- end }} |
| 230 | {{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }} |
| 231 | - name: sentinel |
| 232 | image: {{ template "sentinel.image" . }} |
| 233 | imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} |
| 234 | {{- if .Values.containerSecurityContext.enabled }} |
| 235 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 236 | {{- end }} |
| 237 | command: |
| 238 | - /bin/bash |
| 239 | - -c |
| 240 | - /opt/bitnami/scripts/start-scripts/start-sentinel.sh |
| 241 | env: |
| 242 | {{- if .Values.usePassword }} |
| 243 | {{- if .Values.usePasswordFile }} |
| 244 | - name: REDIS_PASSWORD_FILE |
| 245 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 246 | {{- else }} |
| 247 | - name: REDIS_PASSWORD |
| 248 | valueFrom: |
| 249 | secretKeyRef: |
| 250 | name: {{ template "redis.secretName" . }} |
| 251 | key: {{ template "redis.secretPasswordKey" . }} |
| 252 | {{- end }} |
| 253 | {{- else }} |
| 254 | - name: ALLOW_EMPTY_PASSWORD |
| 255 | value: "yes" |
| 256 | {{- end }} |
| 257 | - name: REDIS_SENTINEL_TLS_ENABLED |
| 258 | value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} |
| 259 | {{- if .Values.tls.enabled }} |
| 260 | - name: REDIS_SENTINEL_TLS_PORT_NUMBER |
| 261 | value: {{ .Values.sentinel.port | quote }} |
| 262 | - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS |
| 263 | value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} |
| 264 | - name: REDIS_SENTINEL_TLS_CERT_FILE |
| 265 | value: {{ template "redis.tlsCert" . }} |
| 266 | - name: REDIS_SENTINEL_TLS_KEY_FILE |
| 267 | value: {{ template "redis.tlsCertKey" . }} |
| 268 | - name: REDIS_SENTINEL_TLS_CA_FILE |
| 269 | value: {{ template "redis.tlsCACert" . }} |
| 270 | {{- if .Values.tls.dhParamsFilename }} |
| 271 | - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE |
| 272 | value: {{ template "redis.dhParams" . }} |
| 273 | {{- end }} |
| 274 | {{- else }} |
| 275 | - name: REDIS_SENTINEL_PORT |
| 276 | value: {{ .Values.sentinel.port | quote }} |
| 277 | {{- end }} |
| 278 | ports: |
| 279 | - name: redis-sentinel |
| 280 | containerPort: {{ .Values.sentinel.port }} |
| 281 | {{- if .Values.sentinel.livenessProbe.enabled }} |
| 282 | livenessProbe: |
| 283 | initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} |
| 284 | periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} |
| 285 | timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} |
| 286 | successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} |
| 287 | failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} |
| 288 | exec: |
| 289 | command: |
| 290 | - sh |
| 291 | - -c |
| 292 | - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} |
| 293 | {{- else if .Values.sentinel.customLivenessProbe }} |
| 294 | livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }} |
| 295 | {{- end }} |
| 296 | {{- if .Values.sentinel.readinessProbe.enabled}} |
| 297 | readinessProbe: |
| 298 | initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} |
| 299 | periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} |
| 300 | timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} |
| 301 | successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} |
| 302 | failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} |
| 303 | exec: |
| 304 | command: |
| 305 | - sh |
| 306 | - -c |
| 307 | - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} |
| 308 | {{- else if .Values.sentinel.customReadinessProbe }} |
| 309 | readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }} |
| 310 | {{- end }} |
| 311 | resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} |
| 312 | volumeMounts: |
| 313 | - name: start-scripts |
| 314 | mountPath: /opt/bitnami/scripts/start-scripts |
| 315 | - name: health |
| 316 | mountPath: /health |
| 317 | {{- if .Values.usePasswordFile }} |
| 318 | - name: redis-password |
| 319 | mountPath: /opt/bitnami/redis/secrets/ |
| 320 | {{- end }} |
| 321 | - name: redis-data |
| 322 | mountPath: {{ .Values.slave.persistence.path }} |
| 323 | subPath: {{ .Values.slave.persistence.subPath }} |
| 324 | - name: config |
| 325 | mountPath: /opt/bitnami/redis-sentinel/mounted-etc |
| 326 | - name: sentinel-tmp-conf |
| 327 | mountPath: /opt/bitnami/redis-sentinel/etc |
| 328 | {{- if .Values.tls.enabled }} |
| 329 | - name: redis-certificates |
| 330 | mountPath: /opt/bitnami/redis/certs |
| 331 | readOnly: true |
| 332 | {{- end }} |
| 333 | {{- end }} |
| 334 | {{- if .Values.metrics.enabled }} |
| 335 | - name: metrics |
| 336 | image: {{ template "redis.metrics.image" . }} |
| 337 | imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} |
| 338 | {{- if .Values.containerSecurityContext.enabled }} |
| 339 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 340 | {{- end }} |
| 341 | command: |
| 342 | - /bin/bash |
| 343 | - -c |
| 344 | - | |
| 345 | if [[ -f '/secrets/redis-password' ]]; then |
| 346 | export REDIS_PASSWORD=$(cat /secrets/redis-password) |
| 347 | fi |
| 348 | redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} |
| 349 | env: |
| 350 | - name: REDIS_ALIAS |
| 351 | value: {{ template "redis.fullname" . }} |
| 352 | {{- if and .Values.usePassword (not .Values.usePasswordFile) }} |
| 353 | - name: REDIS_PASSWORD |
| 354 | valueFrom: |
| 355 | secretKeyRef: |
| 356 | name: {{ template "redis.secretName" . }} |
| 357 | key: {{ template "redis.secretPasswordKey" . }} |
| 358 | {{- end }} |
| 359 | {{- if .Values.tls.enabled }} |
| 360 | - name: REDIS_ADDR |
| 361 | value: rediss://localhost:{{ .Values.redisPort }} |
| 362 | - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE |
| 363 | value: {{ template "redis.tlsCertKey" . }} |
| 364 | - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE |
| 365 | value: {{ template "redis.tlsCert" . }} |
| 366 | - name: REDIS_EXPORTER_TLS_CA_CERT_FILE |
| 367 | value: {{ template "redis.tlsCACert" . }} |
| 368 | {{- end }} |
| 369 | volumeMounts: |
| 370 | {{- if .Values.usePasswordFile }} |
| 371 | - name: redis-password |
| 372 | mountPath: /secrets/ |
| 373 | {{- end }} |
| 374 | {{- if .Values.tls.enabled }} |
| 375 | - name: redis-certificates |
| 376 | mountPath: /opt/bitnami/redis/certs |
| 377 | readOnly: true |
| 378 | {{- end }} |
| 379 | ports: |
| 380 | - name: metrics |
| 381 | containerPort: 9121 |
| 382 | resources: {{- toYaml .Values.metrics.resources | nindent 12 }} |
| 383 | {{- end }} |
| 384 | {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }} |
| 385 | {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }} |
| 386 | initContainers: |
| 387 | {{- if $needsVolumePermissions }} |
| 388 | - name: volume-permissions |
| 389 | image: {{ template "redis.volumePermissions.image" . }} |
| 390 | imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} |
| 391 | command: |
| 392 | - /bin/bash |
| 393 | - -ec |
| 394 | - | |
| 395 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} |
| 396 | chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }} |
| 397 | {{- else }} |
| 398 | chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }} |
| 399 | {{- end }} |
| 400 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}} |
| 401 | securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} |
| 402 | {{- else }} |
| 403 | securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} |
| 404 | {{- end }} |
| 405 | resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} |
| 406 | volumeMounts: |
| 407 | - name: redis-data |
| 408 | mountPath: {{ .Values.slave.persistence.path }} |
| 409 | subPath: {{ .Values.slave.persistence.subPath }} |
| 410 | {{- end }} |
| 411 | {{- if .Values.sysctlImage.enabled }} |
| 412 | - name: init-sysctl |
| 413 | image: {{ template "redis.sysctl.image" . }} |
| 414 | imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }} |
| 415 | resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} |
| 416 | {{- if .Values.sysctlImage.mountHostSys }} |
| 417 | volumeMounts: |
| 418 | - name: host-sys |
| 419 | mountPath: /host-sys |
| 420 | {{- end }} |
| 421 | command: {{- toYaml .Values.sysctlImage.command | nindent 12 }} |
| 422 | securityContext: |
| 423 | privileged: true |
| 424 | runAsUser: 0 |
| 425 | {{- end }} |
| 426 | {{- end }} |
| 427 | volumes: |
| 428 | - name: start-scripts |
| 429 | configMap: |
| 430 | name: {{ include "redis.fullname" . }}-scripts |
| 431 | defaultMode: 0755 |
| 432 | - name: health |
| 433 | configMap: |
| 434 | name: {{ template "redis.fullname" . }}-health |
| 435 | defaultMode: 0755 |
| 436 | {{- if .Values.usePasswordFile }} |
| 437 | - name: redis-password |
| 438 | secret: |
| 439 | secretName: {{ template "redis.secretName" . }} |
| 440 | items: |
| 441 | - key: {{ template "redis.secretPasswordKey" . }} |
| 442 | path: redis-password |
| 443 | {{- end }} |
| 444 | - name: config |
| 445 | configMap: |
| 446 | name: {{ template "redis.fullname" . }} |
| 447 | {{- if .Values.sysctlImage.mountHostSys }} |
| 448 | - name: host-sys |
| 449 | hostPath: |
| 450 | path: /sys |
| 451 | {{- end }} |
| 452 | - name: sentinel-tmp-conf |
| 453 | emptyDir: {} |
| 454 | - name: redis-tmp-conf |
| 455 | emptyDir: {} |
| 456 | {{- if .Values.tls.enabled }} |
| 457 | - name: redis-certificates |
| 458 | secret: |
| 459 | secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }} |
| 460 | defaultMode: 256 |
| 461 | {{- end }} |
| 462 | {{- if not .Values.slave.persistence.enabled }} |
| 463 | - name: redis-data |
| 464 | emptyDir: {} |
| 465 | {{- else }} |
| 466 | volumeClaimTemplates: |
| 467 | - metadata: |
| 468 | name: redis-data |
| 469 | labels: |
| 470 | app: {{ template "redis.name" . }} |
| 471 | release: {{ .Release.Name }} |
| 472 | heritage: {{ .Release.Service }} |
| 473 | component: slave |
| 474 | {{- if .Values.slave.statefulset.volumeClaimTemplates }} |
| 475 | {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }} |
| 476 | {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }} |
| 477 | {{- end }} |
| 478 | {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }} |
| 479 | annotations: |
| 480 | {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }} |
| 481 | {{- end }} |
| 482 | {{- end }} |
| 483 | spec: |
| 484 | accessModes: |
| 485 | {{- range .Values.slave.persistence.accessModes }} |
| 486 | - {{ . | quote }} |
| 487 | {{- end }} |
| 488 | resources: |
| 489 | requests: |
| 490 | storage: {{ .Values.slave.persistence.size | quote }} |
| 491 | {{ include "redis.slave.storageClass" . }} |
| 492 | selector: |
| 493 | {{- if .Values.slave.persistence.matchLabels }} |
| 494 | matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }} |
| 495 | {{- end -}} |
| 496 | {{- if .Values.slave.persistence.matchExpressions }} |
| 497 | matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }} |
| 498 | {{- end -}} |
| 499 | {{- end }} |
| 500 | updateStrategy: |
| 501 | type: {{ .Values.slave.statefulset.updateStrategy }} |
| 502 | {{- if .Values.slave.statefulset.rollingUpdatePartition }} |
| 503 | {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }} |
| 504 | rollingUpdate: null |
| 505 | {{- else }} |
| 506 | rollingUpdate: |
| 507 | partition: {{ .Values.slave.statefulset.rollingUpdatePartition }} |
| 508 | {{- end }} |
| 509 | {{- end }} |
| 510 | {{- end }} |