Gitiles
Code Review Sign In
gerrit.opencord.org / voltha-helm-charts / dd1fd9d86e0b375192958a115d34070c04a6f1a6 / . / redis / templates / redis-node-statefulset.yaml
blob: 22bb25248de520f426241ec7ddc0a167bb44d2a2 [file] [log] [blame]
Tinoj Josephdd1fd9d2022-08-01 23:59:26 +0530[diff] [blame^]1# Copyright 2022-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15{{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
16apiVersion: apps/v1
17kind: StatefulSet
18metadata:
19 name: {{ template "redis.fullname" . }}-node
20 namespace: {{ .Release.Namespace | quote }}
21 labels:
22 app: {{ template "redis.name" . }}
23 chart: {{ template "redis.chart" . }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
26 {{- if .Values.slave.statefulset.labels }}
27 {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
28 {{- end }}
29{{- if .Values.slave.statefulset.annotations }}
30 annotations:
31 {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
32{{- end }}
33spec:
34{{- if .Values.slave.updateStrategy }}
35 strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
36{{- end }}
37 replicas: {{ .Values.cluster.slaveCount }}
38 serviceName: {{ template "redis.fullname" . }}-headless
39 selector:
40 matchLabels:
41 app: {{ template "redis.name" . }}
42 release: {{ .Release.Name }}
43 role: node
44 template:
45 metadata:
46 labels:
47 app: {{ template "redis.name" . }}
48 release: {{ .Release.Name }}
49 chart: {{ template "redis.chart" . }}
50 role: node
51 {{- if .Values.slave.podLabels }}
52 {{- toYaml .Values.slave.podLabels | nindent 8 }}
53 {{- end }}
54 {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
55 {{- toYaml .Values.metrics.podLabels | nindent 8 }}
56 {{- end }}
57 annotations:
58 checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
59 checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
60 checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
61 {{- if .Values.slave.podAnnotations }}
62 {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
63 {{- end }}
64 {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
65 {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
66 {{- end }}
67 spec:
68 {{- include "redis.imagePullSecrets" . | nindent 6 }}
69 {{- if .Values.slave.hostAliases }}
70 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
71 {{- end }}
72 {{- if .Values.securityContext.enabled }}
73 securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
74 {{- end }}
75 serviceAccountName: {{ template "redis.serviceAccountName" . }}
76 {{- if .Values.slave.priorityClassName }}
77 priorityClassName: "{{ .Values.slave.priorityClassName }}"
78 {{- end }}
79 {{- if .Values.slave.nodeSelector }}
80 nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
81 {{- end }}
82 {{- if .Values.slave.tolerations }}
83 tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
84 {{- end }}
85 {{- if .Values.slave.schedulerName }}
86 schedulerName: {{ .Values.slave.schedulerName }}
87 {{- end }}
88 {{- if .Values.master.spreadConstraints }}
89 topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
90 {{- end }}
91 {{- with .Values.slave.affinity }}
92 affinity: {{- tpl (toYaml .) $ | nindent 8 }}
93 {{- end }}
94 containers:
95 - name: {{ template "redis.name" . }}
96 image: {{ template "redis.image" . }}
97 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
98 {{- if .Values.containerSecurityContext.enabled }}
99 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
100 {{- end }}
101 command:
102 - /bin/bash
103 - -c
104 - /opt/bitnami/scripts/start-scripts/start-node.sh
105 env:
106 - name: REDIS_MASTER_PORT_NUMBER
107 value: {{ .Values.redisPort | quote }}
108 {{- if .Values.usePassword }}
109 {{- if .Values.usePasswordFile }}
110 - name: REDIS_PASSWORD_FILE
111 value: "/opt/bitnami/redis/secrets/redis-password"
112 - name: REDIS_MASTER_PASSWORD_FILE
113 value: "/opt/bitnami/redis/secrets/redis-password"
114 {{- else }}
115 - name: REDIS_PASSWORD
116 valueFrom:
117 secretKeyRef:
118 name: {{ template "redis.secretName" . }}
119 key: {{ template "redis.secretPasswordKey" . }}
120 - name: REDIS_MASTER_PASSWORD
121 valueFrom:
122 secretKeyRef:
123 name: {{ template "redis.secretName" . }}
124 key: {{ template "redis.secretPasswordKey" . }}
125 {{- end }}
126 {{- else }}
127 - name: ALLOW_EMPTY_PASSWORD
128 value: "yes"
129 {{- end }}
130 - name: REDIS_TLS_ENABLED
131 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
132 {{- if .Values.tls.enabled }}
133 - name: REDIS_TLS_PORT
134 value: {{ .Values.redisPort | quote }}
135 - name: REDIS_TLS_AUTH_CLIENTS
136 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
137 - name: REDIS_TLS_CERT_FILE
138 value: {{ template "redis.tlsCert" . }}
139 - name: REDIS_TLS_KEY_FILE
140 value: {{ template "redis.tlsCertKey" . }}
141 - name: REDIS_TLS_CA_FILE
142 value: {{ template "redis.tlsCACert" . }}
143 {{- if .Values.tls.dhParamsFilename }}
144 - name: REDIS_TLS_DH_PARAMS_FILE
145 value: {{ template "redis.tlsDHParams" . }}
146 {{- end }}
147 {{- else }}
148 - name: REDIS_PORT
149 value: {{ .Values.redisPort | quote }}
150 {{- end }}
151 - name: REDIS_DATA_DIR
152 value: {{ .Values.slave.persistence.path }}
153 {{- if .Values.sentinel.extraEnvVars }}
154 {{- include "redis.tplValue" (dict "value" .Values.sentinel.extraEnvVars "context" $) | nindent 12 }}
155 {{- end }}
156 {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }}
157 envFrom:
158 {{- if .Values.sentinel.extraEnvVarsCM }}
159 - configMapRef:
160 name: {{ .Values.sentinel.extraEnvVarsCM }}
161 {{- end }}
162 {{- if .Values.sentinel.extraEnvVarsSecret }}
163 - secretRef:
164 name: {{ .Values.sentinel.extraEnvVarsSecret }}
165 {{- end }}
166 {{- end }}
167 ports:
168 - name: redis
169 containerPort: {{ .Values.redisPort }}
170 {{- if .Values.slave.livenessProbe.enabled }}
171 livenessProbe:
172 initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
173 periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
174 timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }}
175 successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
176 failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
177 exec:
178 command:
179 - sh
180 - -c
181 {{- if .Values.global.redis.sentinel.enabled }}
182 - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
183 {{- else }}
184 - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
185 {{- end }}
186 {{- else if .Values.slave.customLivenessProbe }}
187 livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
188 {{- end }}
189 {{- if .Values.slave.readinessProbe.enabled }}
190 readinessProbe:
191 initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
192 periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
193 timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }}
194 successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
195 failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
196 exec:
197 command:
198 - sh
199 - -c
200 {{- if .Values.global.redis.sentinel.enabled }}
201 - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
202 {{- else }}
203 - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
204 {{- end }}
205 {{- else if .Values.slave.customReadinessProbe }}
206 readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
207 {{- end }}
208 resources: {{- toYaml .Values.slave.resources | nindent 12 }}
209 volumeMounts:
210 - name: start-scripts
211 mountPath: /opt/bitnami/scripts/start-scripts
212 - name: health
213 mountPath: /health
214 {{- if .Values.usePasswordFile }}
215 - name: redis-password
216 mountPath: /opt/bitnami/redis/secrets/
217 {{- end }}
218 - name: redis-data
219 mountPath: {{ .Values.slave.persistence.path }}
220 subPath: {{ .Values.slave.persistence.subPath }}
221 - name: config
222 mountPath: /opt/bitnami/redis/mounted-etc
223 - name: redis-tmp-conf
224 mountPath: /opt/bitnami/redis/etc
225 {{- if .Values.tls.enabled }}
226 - name: redis-certificates
227 mountPath: /opt/bitnami/redis/certs
228 readOnly: true
229 {{- end }}
230 {{- if and .Values.global.redis.cluster.enabled .Values.global.redis.sentinel.enabled }}
231 - name: sentinel
232 image: {{ template "sentinel.image" . }}
233 imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
234 {{- if .Values.containerSecurityContext.enabled }}
235 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
236 {{- end }}
237 command:
238 - /bin/bash
239 - -c
240 - /opt/bitnami/scripts/start-scripts/start-sentinel.sh
241 env:
242 {{- if .Values.usePassword }}
243 {{- if .Values.usePasswordFile }}
244 - name: REDIS_PASSWORD_FILE
245 value: "/opt/bitnami/redis/secrets/redis-password"
246 {{- else }}
247 - name: REDIS_PASSWORD
248 valueFrom:
249 secretKeyRef:
250 name: {{ template "redis.secretName" . }}
251 key: {{ template "redis.secretPasswordKey" . }}
252 {{- end }}
253 {{- else }}
254 - name: ALLOW_EMPTY_PASSWORD
255 value: "yes"
256 {{- end }}
257 - name: REDIS_SENTINEL_TLS_ENABLED
258 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
259 {{- if .Values.tls.enabled }}
260 - name: REDIS_SENTINEL_TLS_PORT_NUMBER
261 value: {{ .Values.sentinel.port | quote }}
262 - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS
263 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
264 - name: REDIS_SENTINEL_TLS_CERT_FILE
265 value: {{ template "redis.tlsCert" . }}
266 - name: REDIS_SENTINEL_TLS_KEY_FILE
267 value: {{ template "redis.tlsCertKey" . }}
268 - name: REDIS_SENTINEL_TLS_CA_FILE
269 value: {{ template "redis.tlsCACert" . }}
270 {{- if .Values.tls.dhParamsFilename }}
271 - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE
272 value: {{ template "redis.dhParams" . }}
273 {{- end }}
274 {{- else }}
275 - name: REDIS_SENTINEL_PORT
276 value: {{ .Values.sentinel.port | quote }}
277 {{- end }}
278 ports:
279 - name: redis-sentinel
280 containerPort: {{ .Values.sentinel.port }}
281 {{- if .Values.sentinel.livenessProbe.enabled }}
282 livenessProbe:
283 initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
284 periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
285 timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
286 successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
287 failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
288 exec:
289 command:
290 - sh
291 - -c
292 - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
293 {{- else if .Values.sentinel.customLivenessProbe }}
294 livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
295 {{- end }}
296 {{- if .Values.sentinel.readinessProbe.enabled}}
297 readinessProbe:
298 initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
299 periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
300 timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
301 successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
302 failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
303 exec:
304 command:
305 - sh
306 - -c
307 - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
308 {{- else if .Values.sentinel.customReadinessProbe }}
309 readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
310 {{- end }}
311 resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
312 volumeMounts:
313 - name: start-scripts
314 mountPath: /opt/bitnami/scripts/start-scripts
315 - name: health
316 mountPath: /health
317 {{- if .Values.usePasswordFile }}
318 - name: redis-password
319 mountPath: /opt/bitnami/redis/secrets/
320 {{- end }}
321 - name: redis-data
322 mountPath: {{ .Values.slave.persistence.path }}
323 subPath: {{ .Values.slave.persistence.subPath }}
324 - name: config
325 mountPath: /opt/bitnami/redis-sentinel/mounted-etc
326 - name: sentinel-tmp-conf
327 mountPath: /opt/bitnami/redis-sentinel/etc
328 {{- if .Values.tls.enabled }}
329 - name: redis-certificates
330 mountPath: /opt/bitnami/redis/certs
331 readOnly: true
332 {{- end }}
333 {{- end }}
334 {{- if .Values.metrics.enabled }}
335 - name: metrics
336 image: {{ template "redis.metrics.image" . }}
337 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
338 {{- if .Values.containerSecurityContext.enabled }}
339 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
340 {{- end }}
341 command:
342 - /bin/bash
343 - -c
344 - |
345 if [[ -f '/secrets/redis-password' ]]; then
346 export REDIS_PASSWORD=$(cat /secrets/redis-password)
347 fi
348 redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
349 env:
350 - name: REDIS_ALIAS
351 value: {{ template "redis.fullname" . }}
352 {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
353 - name: REDIS_PASSWORD
354 valueFrom:
355 secretKeyRef:
356 name: {{ template "redis.secretName" . }}
357 key: {{ template "redis.secretPasswordKey" . }}
358 {{- end }}
359 {{- if .Values.tls.enabled }}
360 - name: REDIS_ADDR
361 value: rediss://localhost:{{ .Values.redisPort }}
362 - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
363 value: {{ template "redis.tlsCertKey" . }}
364 - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
365 value: {{ template "redis.tlsCert" . }}
366 - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
367 value: {{ template "redis.tlsCACert" . }}
368 {{- end }}
369 volumeMounts:
370 {{- if .Values.usePasswordFile }}
371 - name: redis-password
372 mountPath: /secrets/
373 {{- end }}
374 {{- if .Values.tls.enabled }}
375 - name: redis-certificates
376 mountPath: /opt/bitnami/redis/certs
377 readOnly: true
378 {{- end }}
379 ports:
380 - name: metrics
381 containerPort: 9121
382 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
383 {{- end }}
384 {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
385 {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
386 initContainers:
387 {{- if $needsVolumePermissions }}
388 - name: volume-permissions
389 image: {{ template "redis.volumePermissions.image" . }}
390 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
391 command:
392 - /bin/bash
393 - -ec
394 - |
395 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
396 chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
397 {{- else }}
398 chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
399 {{- end }}
400 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
401 securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
402 {{- else }}
403 securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
404 {{- end }}
405 resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
406 volumeMounts:
407 - name: redis-data
408 mountPath: {{ .Values.slave.persistence.path }}
409 subPath: {{ .Values.slave.persistence.subPath }}
410 {{- end }}
411 {{- if .Values.sysctlImage.enabled }}
412 - name: init-sysctl
413 image: {{ template "redis.sysctl.image" . }}
414 imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
415 resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
416 {{- if .Values.sysctlImage.mountHostSys }}
417 volumeMounts:
418 - name: host-sys
419 mountPath: /host-sys
420 {{- end }}
421 command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
422 securityContext:
423 privileged: true
424 runAsUser: 0
425 {{- end }}
426 {{- end }}
427 volumes:
428 - name: start-scripts
429 configMap:
430 name: {{ include "redis.fullname" . }}-scripts
431 defaultMode: 0755
432 - name: health
433 configMap:
434 name: {{ template "redis.fullname" . }}-health
435 defaultMode: 0755
436 {{- if .Values.usePasswordFile }}
437 - name: redis-password
438 secret:
439 secretName: {{ template "redis.secretName" . }}
440 items:
441 - key: {{ template "redis.secretPasswordKey" . }}
442 path: redis-password
443 {{- end }}
444 - name: config
445 configMap:
446 name: {{ template "redis.fullname" . }}
447 {{- if .Values.sysctlImage.mountHostSys }}
448 - name: host-sys
449 hostPath:
450 path: /sys
451 {{- end }}
452 - name: sentinel-tmp-conf
453 emptyDir: {}
454 - name: redis-tmp-conf
455 emptyDir: {}
456 {{- if .Values.tls.enabled }}
457 - name: redis-certificates
458 secret:
459 secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
460 defaultMode: 256
461 {{- end }}
462 {{- if not .Values.slave.persistence.enabled }}
463 - name: redis-data
464 emptyDir: {}
465 {{- else }}
466 volumeClaimTemplates:
467 - metadata:
468 name: redis-data
469 labels:
470 app: {{ template "redis.name" . }}
471 release: {{ .Release.Name }}
472 heritage: {{ .Release.Service }}
473 component: slave
474 {{- if .Values.slave.statefulset.volumeClaimTemplates }}
475 {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
476 {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
477 {{- end }}
478 {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
479 annotations:
480 {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
481 {{- end }}
482 {{- end }}
483 spec:
484 accessModes:
485 {{- range .Values.slave.persistence.accessModes }}
486 - {{ . | quote }}
487 {{- end }}
488 resources:
489 requests:
490 storage: {{ .Values.slave.persistence.size | quote }}
491 {{ include "redis.slave.storageClass" . }}
492 selector:
493 {{- if .Values.slave.persistence.matchLabels }}
494 matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
495 {{- end -}}
496 {{- if .Values.slave.persistence.matchExpressions }}
497 matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
498 {{- end -}}
499 {{- end }}
500 updateStrategy:
501 type: {{ .Values.slave.statefulset.updateStrategy }}
502 {{- if .Values.slave.statefulset.rollingUpdatePartition }}
503 {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
504 rollingUpdate: null
505 {{- else }}
506 rollingUpdate:
507 partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
508 {{- end }}
509 {{- end }}
510{{- end }}