Gitiles
Code Review Sign In
gerrit.opencord.org / voltha-helm-charts / dd1fd9d86e0b375192958a115d34070c04a6f1a6 / . / redis / templates / redis-slave-statefulset.yaml
blob: b04b0371e6175962baf9f932a23e4081123b1db3 [file] [log] [blame]
Tinoj Josephdd1fd9d2022-08-01 23:59:26 +0530[diff] [blame^]1# Copyright 2022-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15{{- if and .Values.global.redis.cluster.enabled (not .Values.global.redis.sentinel.enabled) }}
16apiVersion: apps/v1
17kind: StatefulSet
18metadata:
19 name: {{ template "redis.fullname" . }}-slave
20 namespace: {{ .Release.Namespace | quote }}
21 labels:
22 app: {{ template "redis.name" . }}
23 chart: {{ template "redis.chart" . }}
24 release: {{ .Release.Name }}
25 heritage: {{ .Release.Service }}
26 {{- if .Values.slave.statefulset.labels }}
27 {{- toYaml .Values.slave.statefulset.labels | nindent 4 }}
28 {{- end }}
29{{- if .Values.slave.statefulset.annotations }}
30 annotations:
31 {{- toYaml .Values.slave.statefulset.annotations | nindent 4 }}
32{{- end }}
33spec:
34{{- if .Values.slave.updateStrategy }}
35 strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
36{{- end }}
37 replicas: {{ .Values.cluster.slaveCount }}
38 serviceName: {{ template "redis.fullname" . }}-headless
39 selector:
40 matchLabels:
41 app: {{ template "redis.name" . }}
42 release: {{ .Release.Name }}
43 role: slave
44 template:
45 metadata:
46 labels:
47 app: {{ template "redis.name" . }}
48 release: {{ .Release.Name }}
49 chart: {{ template "redis.chart" . }}
50 role: slave
51 {{- if .Values.slave.podLabels }}
52 {{- toYaml .Values.slave.podLabels | nindent 8 }}
53 {{- end }}
54 {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
55 {{- toYaml .Values.metrics.podLabels | nindent 8 }}
56 {{- end }}
57 annotations:
58 checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
59 checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
60 checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
61 {{- if .Values.slave.podAnnotations }}
62 {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
63 {{- end }}
64 {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
65 {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
66 {{- end }}
67 spec:
68 {{- include "redis.imagePullSecrets" . | nindent 6 }}
69 {{- if .Values.slave.hostAliases }}
70 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.slave.hostAliases "context" $) | nindent 8 }}
71 {{- end }}
72 {{- if .Values.securityContext.enabled }}
73 securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
74 {{- end }}
75 serviceAccountName: {{ template "redis.serviceAccountName" . }}
76 {{- if .Values.slave.priorityClassName }}
77 priorityClassName: {{ .Values.slave.priorityClassName | quote }}
78 {{- end }}
79 {{- if .Values.slave.nodeSelector }}
80 nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
81 {{- end }}
82 {{- if .Values.slave.tolerations }}
83 tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
84 {{- end }}
85 {{- if .Values.slave.shareProcessNamespace }}
86 shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }}
87 {{- end }}
88 {{- if .Values.slave.schedulerName }}
89 schedulerName: {{ .Values.slave.schedulerName }}
90 {{- end }}
91 {{- if .Values.master.spreadConstraints }}
92 topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
93 {{- end }}
94 {{- with .Values.slave.affinity }}
95 affinity: {{- tpl (toYaml .) $ | nindent 8 }}
96 {{- end }}
97 containers:
98 - name: {{ template "redis.name" . }}
99 image: {{ template "redis.image" . }}
100 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
101 {{- if .Values.containerSecurityContext.enabled }}
102 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
103 {{- end }}
104 command:
105 - /bin/bash
106 - -c
107 - /opt/bitnami/scripts/start-scripts/start-slave.sh
108 env:
109 - name: REDIS_REPLICATION_MODE
110 value: slave
111 - name: REDIS_MASTER_HOST
112 value: {{ template "redis.fullname" . }}-master-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
113 - name: REDIS_MASTER_PORT_NUMBER
114 value: {{ .Values.redisPort | quote }}
115 {{- if .Values.usePassword }}
116 {{- if .Values.usePasswordFile }}
117 - name: REDIS_PASSWORD_FILE
118 value: "/opt/bitnami/redis/secrets/redis-password"
119 - name: REDIS_MASTER_PASSWORD_FILE
120 value: "/opt/bitnami/redis/secrets/redis-password"
121 {{- else }}
122 - name: REDIS_PASSWORD
123 valueFrom:
124 secretKeyRef:
125 name: {{ template "redis.secretName" . }}
126 key: {{ template "redis.secretPasswordKey" . }}
127 - name: REDIS_MASTER_PASSWORD
128 valueFrom:
129 secretKeyRef:
130 name: {{ template "redis.secretName" . }}
131 key: {{ template "redis.secretPasswordKey" . }}
132 {{- end }}
133 {{- else }}
134 - name: ALLOW_EMPTY_PASSWORD
135 value: "yes"
136 {{- end }}
137 - name: REDIS_TLS_ENABLED
138 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
139 {{- if .Values.tls.enabled }}
140 - name: REDIS_TLS_PORT
141 value: {{ .Values.redisPort | quote }}
142 - name: REDIS_TLS_AUTH_CLIENTS
143 value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
144 - name: REDIS_TLS_CERT_FILE
145 value: {{ template "redis.tlsCert" . }}
146 - name: REDIS_TLS_KEY_FILE
147 value: {{ template "redis.tlsCertKey" . }}
148 - name: REDIS_TLS_CA_FILE
149 value: {{ template "redis.tlsCACert" . }}
150 {{- if .Values.tls.dhParamsFilename }}
151 - name: REDIS_TLS_DH_PARAMS_FILE
152 value: {{ template "redis.tlsDHParams" . }}
153 {{- end }}
154 {{- else }}
155 - name: REDIS_PORT
156 value: {{ .Values.redisPort | quote }}
157 {{- end }}
158 {{- if .Values.slave.extraEnvVars }}
159 {{- include "redis.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }}
160 {{- end }}
161 {{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }}
162 envFrom:
163 {{- if .Values.slave.extraEnvVarsCM }}
164 - configMapRef:
165 name: {{ .Values.slave.extraEnvVarsCM }}
166 {{- end }}
167 {{- if .Values.slave.extraEnvVarsSecret }}
168 - secretRef:
169 name: {{ .Values.slave.extraEnvVarsSecret }}
170 {{- end }}
171 {{- end }}
172 ports:
173 - name: redis
174 containerPort: {{ .Values.redisPort }}
175 {{- if .Values.slave.livenessProbe.enabled }}
176 livenessProbe:
177 initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
178 periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
179 timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }}
180 successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
181 failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
182 exec:
183 command:
184 - sh
185 - -c
186 - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
187 {{- else if .Values.slave.customLivenessProbe }}
188 livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
189 {{- end }}
190 {{- if .Values.slave.readinessProbe.enabled }}
191 readinessProbe:
192 initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
193 periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
194 timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }}
195 successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
196 failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
197 exec:
198 command:
199 - sh
200 - -c
201 - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
202 {{- else if .Values.slave.customReadinessProbe }}
203 readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
204 {{- end }}
205 resources: {{- toYaml .Values.slave.resources | nindent 12 }}
206 volumeMounts:
207 - name: start-scripts
208 mountPath: /opt/bitnami/scripts/start-scripts
209 - name: health
210 mountPath: /health
211 {{- if .Values.usePasswordFile }}
212 - name: redis-password
213 mountPath: /opt/bitnami/redis/secrets/
214 {{- end }}
215 - name: redis-data
216 mountPath: /data
217 - name: config
218 mountPath: /opt/bitnami/redis/mounted-etc
219 - name: redis-tmp-conf
220 mountPath: /opt/bitnami/redis/etc
221 {{- if .Values.tls.enabled }}
222 - name: redis-certificates
223 mountPath: /opt/bitnami/redis/certs
224 readOnly: true
225 {{- end }}
226 {{- if .Values.metrics.enabled }}
227 - name: metrics
228 image: {{ template "redis.metrics.image" . }}
229 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
230 {{- if .Values.containerSecurityContext.enabled }}
231 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
232 {{- end }}
233 command:
234 - /bin/bash
235 - -c
236 - |
237 if [[ -f '/secrets/redis-password' ]]; then
238 export REDIS_PASSWORD=$(cat /secrets/redis-password)
239 fi
240 redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
241 env:
242 - name: REDIS_ALIAS
243 value: {{ template "redis.fullname" . }}
244 {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
245 - name: REDIS_PASSWORD
246 valueFrom:
247 secretKeyRef:
248 name: {{ template "redis.secretName" . }}
249 key: {{ template "redis.secretPasswordKey" . }}
250 {{- end }}
251 {{- if .Values.tls.enabled }}
252 - name: REDIS_ADDR
253 value: rediss://localhost:{{ .Values.redisPort }}
254 - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
255 value: {{ template "redis.tlsCertKey" . }}
256 - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
257 value: {{ template "redis.tlsCert" . }}
258 - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
259 value: {{ template "redis.tlsCACert" . }}
260 {{- end }}
261 volumeMounts:
262 {{- if .Values.usePasswordFile }}
263 - name: redis-password
264 mountPath: /secrets/
265 {{- end }}
266 {{- if .Values.tls.enabled }}
267 - name: redis-certificates
268 mountPath: /opt/bitnami/redis/certs
269 readOnly: true
270 {{- end }}
271 ports:
272 - name: metrics
273 containerPort: 9121
274 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
275 {{- end }}
276 {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.slave.persistence.enabled .Values.securityContext.enabled .Values.containerSecurityContext.enabled }}
277 {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
278 initContainers:
279 {{- if $needsVolumePermissions }}
280 - name: volume-permissions
281 image: {{ template "redis.volumePermissions.image" . }}
282 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
283 command:
284 - /bin/bash
285 - -ec
286 - |
287 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
288 chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.slave.persistence.path }}
289 {{- else }}
290 chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.slave.persistence.path }}
291 {{- end }}
292 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}}
293 securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
294 {{- else }}
295 securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
296 {{- end }}
297 resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
298 volumeMounts:
299 - name: redis-data
300 mountPath: {{ .Values.slave.persistence.path }}
301 subPath: {{ .Values.slave.persistence.subPath }}
302 {{- end }}
303 {{- if .Values.sysctlImage.enabled }}
304 - name: init-sysctl
305 image: {{ template "redis.sysctl.image" . }}
306 imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
307 resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
308 {{- if .Values.sysctlImage.mountHostSys }}
309 volumeMounts:
310 - name: host-sys
311 mountPath: /host-sys
312 {{- end }}
313 command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
314 securityContext:
315 privileged: true
316 runAsUser: 0
317 {{- end }}
318 {{- end }}
319 volumes:
320 - name: start-scripts
321 configMap:
322 name: {{ include "redis.fullname" . }}-scripts
323 defaultMode: 0755
324 - name: health
325 configMap:
326 name: {{ template "redis.fullname" . }}-health
327 defaultMode: 0755
328 {{- if .Values.usePasswordFile }}
329 - name: redis-password
330 secret:
331 secretName: {{ template "redis.secretName" . }}
332 items:
333 - key: {{ template "redis.secretPasswordKey" . }}
334 path: redis-password
335 {{- end }}
336 - name: config
337 configMap:
338 name: {{ template "redis.fullname" . }}
339 {{- if .Values.sysctlImage.mountHostSys }}
340 - name: host-sys
341 hostPath:
342 path: /sys
343 {{- end }}
344 - name: redis-tmp-conf
345 emptyDir: {}
346 {{- if .Values.tls.enabled }}
347 - name: redis-certificates
348 secret:
349 secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
350 defaultMode: 256
351 {{- end }}
352 {{- if not .Values.slave.persistence.enabled }}
353 - name: redis-data
354 emptyDir: {}
355 {{- else }}
356 volumeClaimTemplates:
357 - metadata:
358 name: redis-data
359 labels:
360 app: {{ template "redis.name" . }}
361 release: {{ .Release.Name }}
362 heritage: {{ .Release.Service }}
363 component: slave
364 {{- if .Values.slave.statefulset.volumeClaimTemplates }}
365 {{- if .Values.slave.statefulset.volumeClaimTemplates.labels }}
366 {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.labels | nindent 10 }}
367 {{- end }}
368 {{- if .Values.slave.statefulset.volumeClaimTemplates.annotations }}
369 annotations:
370 {{- toYaml .Values.slave.statefulset.volumeClaimTemplates.annotations | nindent 10 }}
371 {{- end }}
372 {{- end }}
373 spec:
374 accessModes:
375 {{- range .Values.slave.persistence.accessModes }}
376 - {{ . | quote }}
377 {{- end }}
378 resources:
379 requests:
380 storage: {{ .Values.slave.persistence.size | quote }}
381 {{ include "redis.slave.storageClass" . }}
382 selector:
383 {{- if .Values.slave.persistence.matchLabels }}
384 matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
385 {{- end -}}
386 {{- if .Values.slave.persistence.matchExpressions }}
387 matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
388 {{- end -}}
389 {{- end }}
390 updateStrategy:
391 type: {{ .Values.slave.statefulset.updateStrategy }}
392 {{- if .Values.slave.statefulset.rollingUpdatePartition }}
393 {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
394 rollingUpdate: null
395 {{- else }}
396 rollingUpdate:
397 partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
398 {{- end }}
399 {{- end }}
400{{- end }}