Tinoj Joseph | dd1fd9d | 2022-08-01 23:59:26 +0530 | [diff] [blame^] | 1 | # Copyright 2022-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | {{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }} |
| 16 | apiVersion: apps/v1 |
| 17 | kind: StatefulSet |
| 18 | metadata: |
| 19 | name: {{ template "redis.fullname" . }}-slave |
| 20 | namespace: {{ .Release.Namespace | quote }} |
| 21 | labels: |
| 22 | app: {{ template "redis.name" . }} |
| 23 | chart: {{ template "redis.chart" . }} |
| 24 | release: {{ .Release.Name }} |
| 25 | heritage: {{ .Release.Service }} |
| 26 | {{- if .Values.slave.statefulset.labels }} |
| 27 | {{- toYaml .Values.slave.statefulset.labels | nindent 4 }} |
| 28 | {{- end }} |
| 29 | {{- if .Values.slave.statefulset.annotations }} |
| 30 | annotations: |
| 31 | {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }} |
| 32 | {{- end }} |
| 33 | spec: |
| 34 | {{- if .Values.slave.updateStrategy }} |
| 35 | strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }} |
| 36 | {{- end }} |
| 37 | replicas: {{ .Values.cluster.slaveCount }} |
| 38 | serviceName: {{ template "redis.fullname" . }}-headless |
| 39 | selector: |
| 40 | matchLabels: |
| 41 | app: {{ template "redis.name" . }} |
| 42 | release: {{ .Release.Name }} |
| 43 | role: slave |
| 44 | template: |
| 45 | metadata: |
| 46 | labels: |
| 47 | app: {{ template "redis.name" . }} |
| 48 | release: {{ .Release.Name }} |
| 49 | chart: {{ template "redis.chart" . }} |
| 50 | role: slave |
| 51 | {{- if .Values.slave.podLabels }} |
| 52 | {{- toYaml .Values.slave.podLabels | nindent 8 }} |
| 53 | {{- end }} |
| 54 | {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} |
| 55 | {{- toYaml .Values.metrics.podLabels | nindent 8 }} |
| 56 | {{- end }} |
| 57 | annotations: |
| 58 | checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} |
| 59 | checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} |
| 60 | checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} |
| 61 | {{- if .Values.slave.podAnnotations }} |
| 62 | {{- toYaml .Values.slave.podAnnotations | nindent 8 }} |
| 63 | {{- end }} |
| 64 | {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} |
| 65 | {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} |
| 66 | {{- end }} |
| 67 | spec: |
| 68 | {{- include "redis.imagePullSecrets" . | nindent 6 }} |
| 69 | {{- if .Values.slave.hostAliases }} |
| 70 | hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }} |
| 71 | {{- end }} |
| 72 | {{- if .Values.securityContext.enabled }} |
| 73 | securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} |
| 74 | {{- end }} |
| 75 | serviceAccountName: {{ template "redis.serviceAccountName" . }} |
| 76 | {{- if .Values.slave.priorityClassName }} |
| 77 | priorityClassName: {{ .Values.slave.priorityClassName | quote }} |
| 78 | {{- end }} |
| 79 | {{- if .Values.slave.nodeSelector }} |
| 80 | nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }} |
| 81 | {{- end }} |
| 82 | {{- if .Values.slave.tolerations }} |
| 83 | tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }} |
| 84 | {{- end }} |
| 85 | {{- if .Values.slave.shareProcessNamespace }} |
| 86 | shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }} |
| 87 | {{- end }} |
| 88 | {{- if .Values.slave.schedulerName }} |
| 89 | schedulerName: {{ .Values.slave.schedulerName }} |
| 90 | {{- end }} |
| 91 | {{- if .Values.master.spreadConstraints }} |
| 92 | topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }} |
| 93 | {{- end }} |
| 94 | {{- with .Values.slave.affinity }} |
| 95 | affinity: {{- tpl (toYaml .) $ | nindent 8 }} |
| 96 | {{- end }} |
| 97 | containers: |
| 98 | - name: {{ template "redis.name" . }} |
| 99 | image: {{ template "redis.image" . }} |
| 100 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} |
| 101 | {{- if .Values.containerSecurityContext.enabled }} |
| 102 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 103 | {{- end }} |
| 104 | command: |
| 105 | - /bin/bash |
| 106 | - -c |
| 107 | - /opt/bitnami/scripts/start-scripts/start-slave.sh |
| 108 | env: |
| 109 | - name: REDIS_REPLICATION_MODE |
| 110 | value: slave |
| 111 | - name: REDIS_MASTER_HOST |
| 112 | value: {{ template "redis.fullname" . }}-master-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} |
| 113 | - name: REDIS_MASTER_PORT_NUMBER |
| 114 | value: {{ .Values.redisPort | quote }} |
| 115 | {{- if .Values.usePassword }} |
| 116 | {{- if .Values.usePasswordFile }} |
| 117 | - name: REDIS_PASSWORD_FILE |
| 118 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 119 | - name: REDIS_MASTER_PASSWORD_FILE |
| 120 | value: "/opt/bitnami/redis/secrets/redis-password" |
| 121 | {{- else }} |
| 122 | - name: REDIS_PASSWORD |
| 123 | valueFrom: |
| 124 | secretKeyRef: |
| 125 | name: {{ template "redis.secretName" . }} |
| 126 | key: {{ template "redis.secretPasswordKey" . }} |
| 127 | - name: REDIS_MASTER_PASSWORD |
| 128 | valueFrom: |
| 129 | secretKeyRef: |
| 130 | name: {{ template "redis.secretName" . }} |
| 131 | key: {{ template "redis.secretPasswordKey" . }} |
| 132 | {{- end }} |
| 133 | {{- else }} |
| 134 | - name: ALLOW_EMPTY_PASSWORD |
| 135 | value: "yes" |
| 136 | {{- end }} |
| 137 | - name: REDIS_TLS_ENABLED |
| 138 | value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} |
| 139 | {{- if .Values.tls.enabled }} |
| 140 | - name: REDIS_TLS_PORT |
| 141 | value: {{ .Values.redisPort | quote }} |
| 142 | - name: REDIS_TLS_AUTH_CLIENTS |
| 143 | value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} |
| 144 | - name: REDIS_TLS_CERT_FILE |
| 145 | value: {{ template "redis.tlsCert" . }} |
| 146 | - name: REDIS_TLS_KEY_FILE |
| 147 | value: {{ template "redis.tlsCertKey" . }} |
| 148 | - name: REDIS_TLS_CA_FILE |
| 149 | value: {{ template "redis.tlsCACert" . }} |
| 150 | {{- if .Values.tls.dhParamsFilename }} |
| 151 | - name: REDIS_TLS_DH_PARAMS_FILE |
| 152 | value: {{ template "redis.tlsDHParams" . }} |
| 153 | {{- end }} |
| 154 | {{- else }} |
| 155 | - name: REDIS_PORT |
| 156 | value: {{ .Values.redisPort | quote }} |
| 157 | {{- end }} |
| 158 | {{- if .Values.slave.extraEnvVars }} |
| 159 | {{- include "redis.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }} |
| 160 | {{- end }} |
| 161 | {{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }} |
| 162 | envFrom: |
| 163 | {{- if .Values.slave.extraEnvVarsCM }} |
| 164 | - configMapRef: |
| 165 | name: {{ .Values.slave.extraEnvVarsCM }} |
| 166 | {{- end }} |
| 167 | {{- if .Values.slave.extraEnvVarsSecret }} |
| 168 | - secretRef: |
| 169 | name: {{ .Values.slave.extraEnvVarsSecret }} |
| 170 | {{- end }} |
| 171 | {{- end }} |
| 172 | ports: |
| 173 | - name: redis |
| 174 | containerPort: {{ .Values.redisPort }} |
| 175 | {{- if .Values.slave.livenessProbe.enabled }} |
| 176 | livenessProbe: |
| 177 | initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }} |
| 178 | periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }} |
| 179 | timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }} |
| 180 | successThreshold: {{ .Values.slave.livenessProbe.successThreshold }} |
| 181 | failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}} |
| 182 | exec: |
| 183 | command: |
| 184 | - sh |
| 185 | - -c |
| 186 | - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} |
| 187 | {{- else if .Values.slave.customLivenessProbe }} |
| 188 | livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }} |
| 189 | {{- end }} |
| 190 | {{- if .Values.slave.readinessProbe.enabled }} |
| 191 | readinessProbe: |
| 192 | initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }} |
| 193 | periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }} |
| 194 | timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }} |
| 195 | successThreshold: {{ .Values.slave.readinessProbe.successThreshold }} |
| 196 | failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }} |
| 197 | exec: |
| 198 | command: |
| 199 | - sh |
| 200 | - -c |
| 201 | - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }} |
| 202 | {{- else if .Values.slave.customReadinessProbe }} |
| 203 | readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }} |
| 204 | {{- end }} |
| 205 | resources: {{- toYaml .Values.slave.resources | nindent 12 }} |
| 206 | volumeMounts: |
| 207 | - name: start-scripts |
| 208 | mountPath: /opt/bitnami/scripts/start-scripts |
| 209 | - name: health |
| 210 | mountPath: /health |
| 211 | {{- if .Values.usePasswordFile }} |
| 212 | - name: redis-password |
| 213 | mountPath: /opt/bitnami/redis/secrets/ |
| 214 | {{- end }} |
| 215 | - name: redis-data |
| 216 | mountPath: /data |
| 217 | - name: config |
| 218 | mountPath: /opt/bitnami/redis/mounted-etc |
| 219 | - name: redis-tmp-conf |
| 220 | mountPath: /opt/bitnami/redis/etc |
| 221 | {{- if .Values.tls.enabled }} |
| 222 | - name: redis-certificates |
| 223 | mountPath: /opt/bitnami/redis/certs |
| 224 | readOnly: true |
| 225 | {{- end }} |
| 226 | {{- if .Values.metrics.enabled }} |
| 227 | - name: metrics |
| 228 | image: {{ template "redis.metrics.image" . }} |
| 229 | imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} |
| 230 | {{- if .Values.containerSecurityContext.enabled }} |
| 231 | securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| 232 | {{- end }} |
| 233 | command: |
| 234 | - /bin/bash |
| 235 | - -c |
| 236 | - | |
| 237 | if [[ -f '/secrets/redis-password' ]]; then |
| 238 | export REDIS_PASSWORD=$(cat /secrets/redis-password) |
| 239 | fi |
| 240 | redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} |
| 241 | env: |
| 242 | - name: REDIS_ALIAS |
| 243 | value: {{ template "redis.fullname" . }} |
| 244 | {{- if and .Values.usePassword (not .Values.usePasswordFile) }} |
| 245 | - name: REDIS_PASSWORD |
| 246 | valueFrom: |
| 247 | secretKeyRef: |
| 248 | name: {{ template "redis.secretName" . }} |
| 249 | key: {{ template "redis.secretPasswordKey" . }} |
| 250 | {{- end }} |
| 251 | {{- if .Values.tls.enabled }} |
| 252 | - name: REDIS_ADDR |
| 253 | value: rediss://localhost:{{ .Values.redisPort }} |
| 254 | - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE |
| 255 | value: {{ template "redis.tlsCertKey" . }} |
| 256 | - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE |
| 257 | value: {{ template "redis.tlsCert" . }} |
| 258 | - name: REDIS_EXPORTER_TLS_CA_CERT_FILE |
| 259 | value: {{ template "redis.tlsCACert" . }} |
| 260 | {{- end }} |
| 261 | volumeMounts: |
| 262 | {{- if .Values.usePasswordFile }} |
| 263 | - name: redis-password |
| 264 | mountPath: /secrets/ |
| 265 | {{- end }} |
| 266 | {{- if .Values.tls.enabled }} |
| 267 | - name: redis-certificates |
| 268 | mountPath: /opt/bitnami/redis/certs |
| 269 | readOnly: true |
| 270 | {{- end }} |
| 271 | ports: |
| 272 | - name: metrics |
| 273 | containerPort: 9121 |
| 274 | resources: {{- toYaml .Values.metrics.resources | nindent 12 }} |
| 275 | {{- end }} |
| 276 | {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }} |
| 277 | {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }} |
| 278 | initContainers: |
| 279 | {{- if $needsVolumePermissions }} |
| 280 | - name: volume-permissions |
| 281 | image: {{ template "redis.volumePermissions.image" . }} |
| 282 | imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} |
| 283 | command: |
| 284 | - /bin/bash |
| 285 | - -ec |
| 286 | - | |
| 287 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} |
| 288 | chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }} |
| 289 | {{- else }} |
| 290 | chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }} |
| 291 | {{- end }} |
| 292 | {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}} |
| 293 | securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} |
| 294 | {{- else }} |
| 295 | securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} |
| 296 | {{- end }} |
| 297 | resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} |
| 298 | volumeMounts: |
| 299 | - name: redis-data |
| 300 | mountPath: {{ .Values.slave.persistence.path }} |
| 301 | subPath: {{ .Values.slave.persistence.subPath }} |
| 302 | {{- end }} |
| 303 | {{- if .Values.sysctlImage.enabled }} |
| 304 | - name: init-sysctl |
| 305 | image: {{ template "redis.sysctl.image" . }} |
| 306 | imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }} |
| 307 | resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} |
| 308 | {{- if .Values.sysctlImage.mountHostSys }} |
| 309 | volumeMounts: |
| 310 | - name: host-sys |
| 311 | mountPath: /host-sys |
| 312 | {{- end }} |
| 313 | command: {{- toYaml .Values.sysctlImage.command | nindent 12 }} |
| 314 | securityContext: |
| 315 | privileged: true |
| 316 | runAsUser: 0 |
| 317 | {{- end }} |
| 318 | {{- end }} |
| 319 | volumes: |
| 320 | - name: start-scripts |
| 321 | configMap: |
| 322 | name: {{ include "redis.fullname" . }}-scripts |
| 323 | defaultMode: 0755 |
| 324 | - name: health |
| 325 | configMap: |
| 326 | name: {{ template "redis.fullname" . }}-health |
| 327 | defaultMode: 0755 |
| 328 | {{- if .Values.usePasswordFile }} |
| 329 | - name: redis-password |
| 330 | secret: |
| 331 | secretName: {{ template "redis.secretName" . }} |
| 332 | items: |
| 333 | - key: {{ template "redis.secretPasswordKey" . }} |
| 334 | path: redis-password |
| 335 | {{- end }} |
| 336 | - name: config |
| 337 | configMap: |
| 338 | name: {{ template "redis.fullname" . }} |
| 339 | {{- if .Values.sysctlImage.mountHostSys }} |
| 340 | - name: host-sys |
| 341 | hostPath: |
| 342 | path: /sys |
| 343 | {{- end }} |
| 344 | - name: redis-tmp-conf |
| 345 | emptyDir: {} |
| 346 | {{- if .Values.tls.enabled }} |
| 347 | - name: redis-certificates |
| 348 | secret: |
| 349 | secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }} |
| 350 | defaultMode: 256 |
| 351 | {{- end }} |
| 352 | {{- if not .Values.slave.persistence.enabled }} |
| 353 | - name: redis-data |
| 354 | emptyDir: {} |
| 355 | {{- else }} |
| 356 | volumeClaimTemplates: |
| 357 | - metadata: |
| 358 | name: redis-data |
| 359 | labels: |
| 360 | app: {{ template "redis.name" . }} |
| 361 | release: {{ .Release.Name }} |
| 362 | heritage: {{ .Release.Service }} |
| 363 | component: slave |
| 364 | {{- if .Values.slave.statefulset.volumeClaimTemplates }} |
| 365 | {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }} |
| 366 | {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }} |
| 367 | {{- end }} |
| 368 | {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }} |
| 369 | annotations: |
| 370 | {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }} |
| 371 | {{- end }} |
| 372 | {{- end }} |
| 373 | spec: |
| 374 | accessModes: |
| 375 | {{- range .Values.slave.persistence.accessModes }} |
| 376 | - {{ . | quote }} |
| 377 | {{- end }} |
| 378 | resources: |
| 379 | requests: |
| 380 | storage: {{ .Values.slave.persistence.size | quote }} |
| 381 | {{ include "redis.slave.storageClass" . }} |
| 382 | selector: |
| 383 | {{- if .Values.slave.persistence.matchLabels }} |
| 384 | matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }} |
| 385 | {{- end -}} |
| 386 | {{- if .Values.slave.persistence.matchExpressions }} |
| 387 | matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }} |
| 388 | {{- end -}} |
| 389 | {{- end }} |
| 390 | updateStrategy: |
| 391 | type: {{ .Values.slave.statefulset.updateStrategy }} |
| 392 | {{- if .Values.slave.statefulset.rollingUpdatePartition }} |
| 393 | {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }} |
| 394 | rollingUpdate: null |
| 395 | {{- else }} |
| 396 | rollingUpdate: |
| 397 | partition: {{ .Values.slave.statefulset.rollingUpdatePartition }} |
| 398 | {{- end }} |
| 399 | {{- end }} |
| 400 | {{- end }} |