Tinoj Joseph | dd1fd9d | 2022-08-01 23:59:26 +0530 | [diff] [blame^] | 1 | # Copyright 2022-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | ## Global Docker image parameters |
| 16 | ## Please, note that this will override the image parameters, including dependencies, configured to use the global value |
| 17 | ## Current available global Docker image parameters: imageRegistry and imagePullSecrets |
| 18 | ## |
| 19 | #global: |
| 20 | # imageRegistry: myRegistryName |
| 21 | # imagePullSecrets: |
| 22 | # - myRegistryKeySecretName |
| 23 | # storageClass: myStorageClass |
| 24 | # redis: {} |
| 25 | |
| 26 | ## Bitnami Redis(TM) image version |
| 27 | ## ref: https://hub.docker.com/r/bitnami/redis/tags/ |
| 28 | |
| 29 | ## |
| 30 | global: |
| 31 | image_registry: '' |
| 32 | image_org: "voltha/" |
| 33 | image_tag: ~ |
| 34 | image_pullPolicy: "Always" |
| 35 | redisPort: 6379 |
| 36 | redis: |
| 37 | volumePath: "/kafka_zookeeper" |
| 38 | cluster: |
| 39 | enabled: false |
| 40 | sentinel: |
| 41 | enabled: false |
| 42 | |
| 43 | image: |
| 44 | registry: "docker-registry.com:5000" |
| 45 | repository: bitnami/redis |
| 46 | ## Bitnami Redis(TM) image tag |
| 47 | ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links |
| 48 | ## |
| 49 | tag: 6.0.10-debian-10-r19 |
| 50 | ## Specify a imagePullPolicy |
| 51 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' |
| 52 | ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images |
| 53 | ## |
| 54 | pullPolicy: IfNotPresent |
| 55 | ## Optionally specify an array of imagePullSecrets. |
| 56 | ## Secrets must be manually created in the namespace. |
| 57 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 58 | ## |
| 59 | # pullSecrets: |
| 60 | # - myRegistryKeySecretName |
| 61 | |
| 62 | ## String to partially override redis.fullname template (will maintain the release name) |
| 63 | ## |
| 64 | # nameOverride: |
| 65 | |
| 66 | ## String to fully override redis.fullname template |
| 67 | ## |
| 68 | fullnameOverride: redis-master |
| 69 | |
| 70 | ## Cluster settings |
| 71 | ## |
| 72 | cluster: |
| 73 | enabled: true |
| 74 | slaveCount: 3 |
| 75 | |
| 76 | ## Use redis sentinel in the redis pod. This will disable the master and slave services and |
| 77 | ## create one redis service with ports to the sentinel and the redis instances |
| 78 | ## |
| 79 | sentinel: |
| 80 | enabled: true |
| 81 | ## Require password authentication on the sentinel itself |
| 82 | ## ref: https://redis.io/topics/sentinel |
| 83 | usePassword: false |
| 84 | ## Bitnami Redis Sentintel image version |
| 85 | ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ |
| 86 | ## |
| 87 | image: |
| 88 | registry: "docker-registry.com:5000" |
| 89 | repository: bitnami/redis-sentinel |
| 90 | ## Bitnami Redis(TM) image tag |
| 91 | ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links |
| 92 | ## |
| 93 | tag: 6.0.10-debian-10-r18 |
| 94 | ## Specify a imagePullPolicy |
| 95 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' |
| 96 | ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images |
| 97 | ## |
| 98 | pullPolicy: IfNotPresent |
| 99 | ## Optionally specify an array of imagePullSecrets. |
| 100 | ## Secrets must be manually created in the namespace. |
| 101 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 102 | ## |
| 103 | # pullSecrets: |
| 104 | # - myRegistryKeySecretName |
| 105 | masterSet: mymaster |
| 106 | initialCheckTimeout: 5 |
| 107 | quorum: 2 |
| 108 | downAfterMilliseconds: 60000 |
| 109 | failoverTimeout: 18000 |
| 110 | parallelSyncs: 1 |
| 111 | port: 26379 |
| 112 | ## Additional Redis(TM) configuration for the sentinel nodes |
| 113 | ## ref: https://redis.io/topics/config |
| 114 | ## |
| 115 | configmap: |
| 116 | ## Enable or disable static sentinel IDs for each replicas |
| 117 | ## If disabled each sentinel will generate a random id at startup |
| 118 | ## If enabled, each replicas will have a constant ID on each start-up |
| 119 | ## |
| 120 | staticID: false |
| 121 | ## Configure extra options for Redis(TM) Sentinel liveness and readiness probes |
| 122 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) |
| 123 | ## |
| 124 | livenessProbe: |
| 125 | enabled: true |
| 126 | initialDelaySeconds: 5 |
| 127 | periodSeconds: 5 |
| 128 | timeoutSeconds: 5 |
| 129 | successThreshold: 1 |
| 130 | failureThreshold: 5 |
| 131 | readinessProbe: |
| 132 | enabled: true |
| 133 | initialDelaySeconds: 5 |
| 134 | periodSeconds: 5 |
| 135 | timeoutSeconds: 1 |
| 136 | successThreshold: 1 |
| 137 | failureThreshold: 5 |
| 138 | customLivenessProbe: {} |
| 139 | customReadinessProbe: {} |
| 140 | ## Redis(TM) Sentinel resource requests and limits |
| 141 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ |
| 142 | # resources: |
| 143 | # requests: |
| 144 | # memory: 256Mi |
| 145 | # cpu: 100m |
| 146 | ## Redis(TM) Sentinel Service properties |
| 147 | ## |
| 148 | service: |
| 149 | ## Redis(TM) Sentinel Service type |
| 150 | ## |
| 151 | type: ClusterIP |
| 152 | sentinelPort: 26379 |
| 153 | redisPort: 6379 |
| 154 | |
| 155 | ## External traffic policy (when service type is LoadBalancer) |
| 156 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| 157 | ## |
| 158 | externalTrafficPolicy: Cluster |
| 159 | |
| 160 | ## Specify the nodePort value for the LoadBalancer and NodePort service types. |
| 161 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport |
| 162 | ## |
| 163 | # sentinelNodePort: |
| 164 | # redisNodePort: |
| 165 | |
| 166 | ## Provide any additional annotations which may be required. This can be used to |
| 167 | ## set the LoadBalancer service type to internal only. |
| 168 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| 169 | ## |
| 170 | annotations: {} |
| 171 | labels: {} |
| 172 | loadBalancerIP: |
| 173 | |
| 174 | ## Additional commands to run prior to starting Redis(TM) node with sentinel |
| 175 | ## |
| 176 | preExecCmds: "" |
| 177 | |
| 178 | ## An array to add extra env var to the sentinel node configurations |
| 179 | ## For example: |
| 180 | ## extraEnvVars: |
| 181 | ## - name: name |
| 182 | ## value: value |
| 183 | ## - name: other_name |
| 184 | ## valueFrom: |
| 185 | ## fieldRef: |
| 186 | ## fieldPath: fieldPath |
| 187 | ## |
| 188 | extraEnvVars: [] |
| 189 | |
| 190 | ## ConfigMap with extra env vars: |
| 191 | ## |
| 192 | extraEnvVarsCM: [] |
| 193 | |
| 194 | ## Secret with extra env vars: |
| 195 | ## |
| 196 | extraEnvVarsSecret: [] |
| 197 | |
| 198 | ## Specifies the Kubernetes Cluster's Domain Name. |
| 199 | ## |
| 200 | clusterDomain: cluster.local |
| 201 | |
| 202 | networkPolicy: |
| 203 | ## Specifies whether a NetworkPolicy should be created |
| 204 | ## |
| 205 | enabled: false |
| 206 | |
| 207 | ## The Policy model to apply. When set to false, only pods with the correct |
| 208 | ## client label will have network access to the port Redis(TM) is listening |
| 209 | ## on. When true, Redis(TM) will accept connections from any source |
| 210 | ## (with the correct destination port). |
| 211 | ## |
| 212 | # allowExternal: true |
| 213 | |
| 214 | ## Allow connections from other namespaces. Just set label for namespace and set label for pods (optional). |
| 215 | ## |
| 216 | ingressNSMatchLabels: {} |
| 217 | ingressNSPodMatchLabels: {} |
| 218 | |
| 219 | serviceAccount: |
| 220 | ## Specifies whether a ServiceAccount should be created |
| 221 | ## |
| 222 | create: false |
| 223 | ## The name of the ServiceAccount to use. |
| 224 | ## If not set and create is true, a name is generated using the fullname template |
| 225 | ## |
| 226 | name: |
| 227 | ## Add annotations to service account |
| 228 | # annotations: |
| 229 | # iam.gke.io/gcp-service-account: "sa@project.iam.gserviceaccount.com" |
| 230 | |
| 231 | rbac: |
| 232 | ## Specifies whether RBAC resources should be created |
| 233 | ## |
| 234 | create: false |
| 235 | |
| 236 | role: |
| 237 | ## Rules to create. It follows the role specification |
| 238 | # rules: |
| 239 | # - apiGroups: |
| 240 | # - extensions |
| 241 | # resources: |
| 242 | # - podsecuritypolicies |
| 243 | # verbs: |
| 244 | # - use |
| 245 | # resourceNames: |
| 246 | # - gce.unprivileged |
| 247 | rules: [] |
| 248 | |
| 249 | ## Redis(TM) pod Security Context |
| 250 | ## |
| 251 | securityContext: |
| 252 | enabled: true |
| 253 | fsGroup: 1001 |
| 254 | ## sysctl settings for master and slave pods |
| 255 | ## |
| 256 | ## Uncomment the setting below to increase the net.core.somaxconn value |
| 257 | ## |
| 258 | # sysctls: |
| 259 | # - name: net.core.somaxconn |
| 260 | # value: "10000" |
| 261 | |
| 262 | ## Container Security Context |
| 263 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
| 264 | ## |
| 265 | containerSecurityContext: |
| 266 | enabled: true |
| 267 | runAsUser: 0 |
| 268 | |
| 269 | ## Use password authentication |
| 270 | usePassword: false |
| 271 | ## Redis password (both master and slave) |
| 272 | ## Defaults to a random 10-character alphanumeric string if not set and usePassword is true |
| 273 | ## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run |
| 274 | ## |
| 275 | password: |
| 276 | ## Use existing secret (ignores previous password) |
| 277 | # existingSecret: |
| 278 | ## Password key to be retrieved from Redis(TM) secret |
| 279 | ## |
| 280 | # existingSecretPasswordKey: |
| 281 | |
| 282 | ## Mount secrets as files instead of environment variables |
| 283 | ## |
| 284 | usePasswordFile: false |
| 285 | |
| 286 | ## Persist data to a persistent volume (Redis(TM) Master) |
| 287 | ## |
| 288 | persistence: |
| 289 | ## A manually managed Persistent Volume and Claim |
| 290 | ## Requires persistence.enabled: true |
| 291 | ## If defined, PVC must be created manually before volume will be bound |
| 292 | ## |
| 293 | existingClaim: |
| 294 | |
| 295 | # Redis(TM) port |
| 296 | redisPort: 6379 |
| 297 | |
| 298 | ## |
| 299 | ## TLS configuration |
| 300 | ## |
| 301 | tls: |
| 302 | # Enable TLS traffic |
| 303 | enabled: false |
| 304 | # |
| 305 | # Whether to require clients to authenticate or not. |
| 306 | authClients: true |
| 307 | # |
| 308 | # Name of the Secret that contains the certificates |
| 309 | certificatesSecret: |
| 310 | # |
| 311 | # Certificate filename |
| 312 | certFilename: |
| 313 | # |
| 314 | # Certificate Key filename |
| 315 | certKeyFilename: |
| 316 | # |
| 317 | # CA Certificate filename |
| 318 | certCAFilename: |
| 319 | # |
| 320 | # File containing DH params (in order to support DH based ciphers) |
| 321 | # dhParamsFilename: |
| 322 | |
| 323 | ## |
| 324 | ## Redis(TM) Master parameters |
| 325 | ## |
| 326 | master: |
| 327 | ## Redis(TM) command arguments |
| 328 | ## |
| 329 | ## Can be used to specify command line arguments, for example: |
| 330 | ## Note `exec` is prepended to command |
| 331 | ## |
| 332 | #command: "/run.sh" |
| 333 | ## Additional commands to run prior to starting Redis |
| 334 | ## |
| 335 | command: "redis-server" |
| 336 | ## Additional Redis configuration for the master nodes |
| 337 | ## ref: https://redis.io/topics/config |
| 338 | preExecCmds: "" |
| 339 | ## Additional Redis(TM) configuration for the master nodes |
| 340 | ## ref: https://redis.io/topics/config |
| 341 | ## |
| 342 | configmap: |
| 343 | ## Deployment pod host aliases |
| 344 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ |
| 345 | ## |
| 346 | hostAliases: [] |
| 347 | ## Redis(TM) additional command line flags |
| 348 | ## |
| 349 | ## Can be used to specify command line flags, for example: |
| 350 | ## extraFlags: |
| 351 | ## - "--maxmemory-policy volatile-ttl" |
| 352 | ## - "--repl-backlog-size 1024mb" |
| 353 | ## |
| 354 | extraFlags: [] |
| 355 | ## Comma-separated list of Redis(TM) commands to disable |
| 356 | ## |
| 357 | ## Can be used to disable Redis(TM) commands for security reasons. |
| 358 | ## Commands will be completely disabled by renaming each to an empty string. |
| 359 | ## ref: https://redis.io/topics/security#disabling-of-specific-commands |
| 360 | ## |
| 361 | disableCommands: |
| 362 | # - FLUSHDB |
| 363 | # - FLUSHALL |
| 364 | |
| 365 | ## Redis(TM) Master additional pod labels and annotations |
| 366 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
| 367 | ## |
| 368 | podLabels: {} |
| 369 | podAnnotations: {} |
| 370 | |
| 371 | ## Redis(TM) Master resource requests and limits |
| 372 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ |
| 373 | # resources: |
| 374 | # requests: |
| 375 | # memory: 256Mi |
| 376 | # cpu: 100m |
| 377 | ## Use an alternate scheduler, e.g. "stork". |
| 378 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ |
| 379 | ## |
| 380 | # schedulerName: |
| 381 | |
| 382 | # Enable shared process namespace in a pod. |
| 383 | # If set to false (default), each container will run in separate namespace, redis will have PID=1. |
| 384 | # If set to true, the /pause will run as init process and will reap any zombie PIDs, |
| 385 | # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. |
| 386 | # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. |
| 387 | # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ |
| 388 | shareProcessNamespace: false |
| 389 | ## Configure extra options for Redis(TM) Master liveness and readiness probes |
| 390 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) |
| 391 | ## |
| 392 | livenessProbe: |
| 393 | enabled: true |
| 394 | initialDelaySeconds: 5 |
| 395 | periodSeconds: 5 |
| 396 | timeoutSeconds: 5 |
| 397 | successThreshold: 1 |
| 398 | failureThreshold: 5 |
| 399 | readinessProbe: |
| 400 | enabled: true |
| 401 | initialDelaySeconds: 5 |
| 402 | periodSeconds: 5 |
| 403 | timeoutSeconds: 1 |
| 404 | successThreshold: 1 |
| 405 | failureThreshold: 5 |
| 406 | |
| 407 | ## Configure custom probes for images other images like |
| 408 | ## rhscl/redis-32-rhel7 rhscl/redis-5-rhel7 |
| 409 | ## Only used if readinessProbe.enabled: false / livenessProbe.enabled: false |
| 410 | ## |
| 411 | # customLivenessProbe: |
| 412 | # tcpSocket: |
| 413 | # port: 6379 |
| 414 | # initialDelaySeconds: 10 |
| 415 | # periodSeconds: 5 |
| 416 | # customReadinessProbe: |
| 417 | # initialDelaySeconds: 30 |
| 418 | # periodSeconds: 10 |
| 419 | # timeoutSeconds: 5 |
| 420 | # exec: |
| 421 | # command: |
| 422 | # - "container-entrypoint" |
| 423 | # - "bash" |
| 424 | # - "-c" |
| 425 | # - "redis-cli set liveness-probe \"`date`\" | grep OK" |
| 426 | customLivenessProbe: {} |
| 427 | customReadinessProbe: {} |
| 428 | |
| 429 | ## Redis(TM) Master Node selectors and tolerations for pod assignment |
| 430 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
| 431 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature |
| 432 | ## |
| 433 | # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} |
| 434 | # tolerations: [] |
| 435 | ## Redis(TM) Master pod/node affinity/anti-affinity |
| 436 | ## |
| 437 | affinity: {} |
| 438 | |
| 439 | ## Redis(TM) Master Service properties |
| 440 | ## |
| 441 | service: |
| 442 | ## Redis(TM) Master Service type |
| 443 | ## |
| 444 | type: ClusterIP |
| 445 | port: 6379 |
| 446 | |
| 447 | ## External traffic policy (when service type is LoadBalancer) |
| 448 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| 449 | ## |
| 450 | externalTrafficPolicy: Cluster |
| 451 | |
| 452 | ## Specify the nodePort value for the LoadBalancer and NodePort service types. |
| 453 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport |
| 454 | ## |
| 455 | # nodePort: |
| 456 | |
| 457 | ## Provide any additional annotations which may be required. This can be used to |
| 458 | ## set the LoadBalancer service type to internal only. |
| 459 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| 460 | ## |
| 461 | annotations: {} |
| 462 | labels: {} |
| 463 | loadBalancerIP: |
| 464 | # loadBalancerSourceRanges: ["10.0.0.0/8"] |
| 465 | |
| 466 | ## Enable persistence using Persistent Volume Claims |
| 467 | ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| 468 | ## |
| 469 | persistence: |
| 470 | enabled: true |
| 471 | ## The path the volume will be mounted at, useful when using different |
| 472 | ## Redis(TM) images. |
| 473 | ## |
| 474 | path: /data |
| 475 | ## The subdirectory of the volume to mount to, useful in dev environments |
| 476 | ## and one PV for multiple services. |
| 477 | ## |
| 478 | subPath: "" |
| 479 | ## redis data Persistent Volume Storage Class |
| 480 | ## If defined, storageClassName: <storageClass> |
| 481 | ## If set to "-", storageClassName: "", which disables dynamic provisioning |
| 482 | ## If undefined (the default) or set to null, no storageClassName spec is |
| 483 | ## set, choosing the default provisioner. (gp2 on AWS, standard on |
| 484 | ## GKE, AWS & OpenStack) |
| 485 | ## |
| 486 | # storageClass: "-" |
| 487 | accessModes: |
| 488 | - ReadWriteOnce |
| 489 | size: 8Gi |
| 490 | ## Persistent Volume selectors |
| 491 | ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector |
| 492 | ## |
| 493 | matchLabels: {} |
| 494 | matchExpressions: {} |
| 495 | volumes: |
| 496 | # - name: volume_name |
| 497 | # emptyDir: {} |
| 498 | |
| 499 | ## Update strategy, can be set to RollingUpdate or onDelete by default. |
| 500 | ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets |
| 501 | ## |
| 502 | statefulset: |
| 503 | labels: {} |
| 504 | annotations: {} |
| 505 | updateStrategy: RollingUpdate |
| 506 | ## Partition update strategy |
| 507 | ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions |
| 508 | # rollingUpdatePartition: |
| 509 | volumeClaimTemplates: |
| 510 | labels: {} |
| 511 | annotations: {} |
| 512 | |
| 513 | ## Redis(TM) Master pod priorityClassName |
| 514 | ## |
| 515 | priorityClassName: {} |
| 516 | |
| 517 | ## An array to add extra env vars |
| 518 | ## For example: |
| 519 | ## extraEnvVars: |
| 520 | ## - name: name |
| 521 | ## value: value |
| 522 | ## - name: other_name |
| 523 | ## valueFrom: |
| 524 | ## fieldRef: |
| 525 | ## fieldPath: fieldPath |
| 526 | ## |
| 527 | extraEnvVars: [] |
| 528 | |
| 529 | ## ConfigMap with extra env vars: |
| 530 | ## |
| 531 | extraEnvVarsCM: [] |
| 532 | |
| 533 | ## Secret with extra env vars: |
| 534 | ## |
| 535 | extraEnvVarsSecret: [] |
| 536 | |
| 537 | ## |
| 538 | ## Redis(TM) Slave properties |
| 539 | ## Note: service.type is a mandatory parameter |
| 540 | ## The rest of the parameters are either optional or, if undefined, will inherit those declared in Redis(TM) Master |
| 541 | ## |
| 542 | slave: |
| 543 | ## Slave Service properties |
| 544 | ## |
| 545 | service: |
| 546 | ## Redis(TM) Slave Service type |
| 547 | ## |
| 548 | type: ClusterIP |
| 549 | ## Redis(TM) port |
| 550 | ## |
| 551 | port: 6379 |
| 552 | |
| 553 | ## External traffic policy (when service type is LoadBalancer) |
| 554 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| 555 | ## |
| 556 | externalTrafficPolicy: Cluster |
| 557 | |
| 558 | ## Specify the nodePort value for the LoadBalancer and NodePort service types. |
| 559 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport |
| 560 | ## |
| 561 | # nodePort: |
| 562 | |
| 563 | ## Provide any additional annotations which may be required. This can be used to |
| 564 | ## set the LoadBalancer service type to internal only. |
| 565 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer |
| 566 | ## |
| 567 | annotations: {} |
| 568 | labels: {} |
| 569 | loadBalancerIP: |
| 570 | # loadBalancerSourceRanges: ["10.0.0.0/8"] |
| 571 | |
| 572 | ## Redis(TM) slave port |
| 573 | ## |
| 574 | port: 6379 |
| 575 | ## Deployment pod host aliases |
| 576 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ |
| 577 | ## |
| 578 | hostAliases: [] |
| 579 | ## Can be used to specify command line arguments, for example: |
| 580 | ## Note `exec` is prepended to command |
| 581 | ## |
| 582 | #command: "/run.sh" |
| 583 | ## Additional commands to run prior to starting Redis |
| 584 | ## |
| 585 | command: "redis-server" |
| 586 | ## Additional Redis configuration for the slave nodes |
| 587 | preExecCmds: "" |
| 588 | ## Additional Redis(TM) configuration for the slave nodes |
| 589 | ## ref: https://redis.io/topics/config |
| 590 | ## |
| 591 | configmap: |
| 592 | ## Redis(TM) extra flags |
| 593 | ## |
| 594 | extraFlags: [] |
| 595 | ## List of Redis(TM) commands to disable |
| 596 | ## |
| 597 | disableCommands: |
| 598 | - FLUSHDB |
| 599 | - FLUSHALL |
| 600 | |
| 601 | ## Redis(TM) Slave pod/node affinity/anti-affinity |
| 602 | ## |
| 603 | affinity: {} |
| 604 | |
| 605 | ## Kubernetes Spread Constraints for pod assignment |
| 606 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| 607 | ## |
| 608 | # - maxSkew: 1 |
| 609 | # topologyKey: node |
| 610 | # whenUnsatisfiable: DoNotSchedule |
| 611 | spreadConstraints: {} |
| 612 | |
| 613 | # Enable shared process namespace in a pod. |
| 614 | # If set to false (default), each container will run in separate namespace, redis will have PID=1. |
| 615 | # If set to true, the /pause will run as init process and will reap any zombie PIDs, |
| 616 | # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. |
| 617 | # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. |
| 618 | # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ |
| 619 | shareProcessNamespace: false |
| 620 | ## Configure extra options for Redis(TM) Slave liveness and readiness probes |
| 621 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) |
| 622 | ## |
| 623 | livenessProbe: |
| 624 | enabled: true |
| 625 | initialDelaySeconds: 30 |
| 626 | periodSeconds: 10 |
| 627 | timeoutSeconds: 5 |
| 628 | successThreshold: 1 |
| 629 | failureThreshold: 5 |
| 630 | readinessProbe: |
| 631 | enabled: true |
| 632 | initialDelaySeconds: 5 |
| 633 | periodSeconds: 10 |
| 634 | timeoutSeconds: 10 |
| 635 | successThreshold: 1 |
| 636 | failureThreshold: 5 |
| 637 | |
| 638 | ## Configure custom probes for images other images like |
| 639 | ## rhscl/redis-32-rhel7 rhscl/redis-5-rhel7 |
| 640 | ## Only used if readinessProbe.enabled: false / livenessProbe.enabled: false |
| 641 | ## |
| 642 | # customLivenessProbe: |
| 643 | # tcpSocket: |
| 644 | # port: 6379 |
| 645 | # initialDelaySeconds: 10 |
| 646 | # periodSeconds: 5 |
| 647 | # customReadinessProbe: |
| 648 | # initialDelaySeconds: 30 |
| 649 | # periodSeconds: 10 |
| 650 | # timeoutSeconds: 5 |
| 651 | # exec: |
| 652 | # command: |
| 653 | # - "container-entrypoint" |
| 654 | # - "bash" |
| 655 | # - "-c" |
| 656 | # - "redis-cli set liveness-probe \"`date`\" | grep OK" |
| 657 | customLivenessProbe: {} |
| 658 | customReadinessProbe: {} |
| 659 | |
| 660 | ## Redis(TM) slave Resource |
| 661 | # resources: |
| 662 | # requests: |
| 663 | # memory: 256Mi |
| 664 | # cpu: 100m |
| 665 | |
| 666 | ## Redis(TM) slave selectors and tolerations for pod assignment |
| 667 | # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} |
| 668 | # tolerations: [] |
| 669 | |
| 670 | ## Use an alternate scheduler, e.g. "stork". |
| 671 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ |
| 672 | ## |
| 673 | # schedulerName: |
| 674 | |
| 675 | ## Redis(TM) slave pod Annotation and Labels |
| 676 | ## |
| 677 | podLabels: {} |
| 678 | podAnnotations: {} |
| 679 | |
| 680 | ## Redis slave pod priorityClassName |
| 681 | # priorityClassName: {} |
| 682 | |
| 683 | ## Enable persistence using Persistent Volume Claims |
| 684 | ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| 685 | ## |
| 686 | persistence: |
| 687 | enabled: true |
| 688 | ## The path the volume will be mounted at, useful when using different |
| 689 | ## Redis(TM) images. |
| 690 | ## |
| 691 | path: /data |
| 692 | ## The subdirectory of the volume to mount to, useful in dev environments |
| 693 | ## and one PV for multiple services. |
| 694 | ## |
| 695 | subPath: "" |
| 696 | ## redis data Persistent Volume Storage Class |
| 697 | ## If defined, storageClassName: <storageClass> |
| 698 | ## If set to "-", storageClassName: "", which disables dynamic provisioning |
| 699 | ## If undefined (the default) or set to null, no storageClassName spec is |
| 700 | ## set, choosing the default provisioner. (gp2 on AWS, standard on |
| 701 | ## GKE, AWS & OpenStack) |
| 702 | ## |
| 703 | # storageClass: "-" |
| 704 | accessModes: |
| 705 | - ReadWriteOnce |
| 706 | size: 8Gi |
| 707 | ## Persistent Volume selectors |
| 708 | ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector |
| 709 | ## |
| 710 | matchLabels: {} |
| 711 | matchExpressions: {} |
| 712 | |
| 713 | ## Update strategy, can be set to RollingUpdate or onDelete by default. |
| 714 | ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets |
| 715 | ## |
| 716 | statefulset: |
| 717 | labels: {} |
| 718 | annotations: {} |
| 719 | updateStrategy: RollingUpdate |
| 720 | ## Partition update strategy |
| 721 | ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions |
| 722 | # rollingUpdatePartition: |
| 723 | volumeClaimTemplates: |
| 724 | labels: {} |
| 725 | annotations: {} |
| 726 | |
| 727 | ## An array to add extra env vars |
| 728 | ## For example: |
| 729 | ## extraEnvVars: |
| 730 | ## - name: name |
| 731 | ## value: value |
| 732 | ## - name: other_name |
| 733 | ## valueFrom: |
| 734 | ## fieldRef: |
| 735 | ## fieldPath: fieldPath |
| 736 | ## |
| 737 | extraEnvVars: [] |
| 738 | |
| 739 | ## ConfigMap with extra env vars: |
| 740 | ## |
| 741 | extraEnvVarsCM: [] |
| 742 | |
| 743 | ## Secret with extra env vars: |
| 744 | ## |
| 745 | extraEnvVarsSecret: [] |
| 746 | |
| 747 | ## Prometheus Exporter / Metrics |
| 748 | ## |
| 749 | metrics: |
| 750 | enabled: false |
| 751 | |
| 752 | image: |
| 753 | registry: docker.io |
| 754 | repository: bitnami/redis-exporter |
| 755 | tag: 1.16.0-debian-10-r7 |
| 756 | pullPolicy: IfNotPresent |
| 757 | ## Optionally specify an array of imagePullSecrets. |
| 758 | ## Secrets must be manually created in the namespace. |
| 759 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 760 | ## |
| 761 | # pullSecrets: |
| 762 | # - myRegistryKeySecretName |
| 763 | |
| 764 | ## Metrics exporter resource requests and limits |
| 765 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ |
| 766 | ## |
| 767 | # resources: {} |
| 768 | |
| 769 | ## Extra arguments for Metrics exporter, for example: |
| 770 | ## extraArgs: |
| 771 | ## check-keys: myKey,myOtherKey |
| 772 | # extraArgs: {} |
| 773 | |
| 774 | ## Metrics exporter pod Annotation and Labels |
| 775 | ## |
| 776 | podAnnotations: |
| 777 | prometheus.io/scrape: "true" |
| 778 | prometheus.io/port: "9121" |
| 779 | # podLabels: {} |
| 780 | |
| 781 | # Enable this if you're using https://github.com/coreos/prometheus-operator |
| 782 | serviceMonitor: |
| 783 | enabled: false |
| 784 | ## Specify a namespace if needed |
| 785 | # namespace: monitoring |
| 786 | # fallback to the prometheus default unless specified |
| 787 | # interval: 10s |
| 788 | ## Defaults to what's used if you follow CoreOS [Prometheus Install Instructions](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#tldr) |
| 789 | ## [Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-operator-1) |
| 790 | ## [Kube Prometheus Selector Label](https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#exporters) |
| 791 | ## |
| 792 | selector: |
| 793 | prometheus: kube-prometheus |
| 794 | |
| 795 | ## RelabelConfigs to apply to samples before scraping |
| 796 | ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig |
| 797 | ## Value is evalued as a template |
| 798 | ## |
| 799 | relabelings: [] |
| 800 | |
| 801 | ## MetricRelabelConfigs to apply to samples before ingestion |
| 802 | ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig |
| 803 | ## Value is evalued as a template |
| 804 | ## |
| 805 | metricRelabelings: [] |
| 806 | # - sourceLabels: |
| 807 | # - "__name__" |
| 808 | # targetLabel: "__name__" |
| 809 | # action: replace |
| 810 | # regex: '(.*)' |
| 811 | # replacement: 'example_prefix_$1' |
| 812 | |
| 813 | ## Custom PrometheusRule to be defined |
| 814 | ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart |
| 815 | ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions |
| 816 | ## |
| 817 | prometheusRule: |
| 818 | enabled: false |
| 819 | additionalLabels: {} |
| 820 | namespace: "" |
| 821 | ## Redis(TM) prometheus rules |
| 822 | ## These are just examples rules, please adapt them to your needs. |
| 823 | ## Make sure to constraint the rules to the current redis service. |
| 824 | # rules: |
| 825 | # - alert: RedisDown |
| 826 | # expr: redis_up{service="{{ template "redis.fullname" . }}-metrics"} == 0 |
| 827 | # for: 2m |
| 828 | # labels: |
| 829 | # severity: error |
| 830 | # annotations: |
| 831 | # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} down |
| 832 | # description: Redis(TM) instance {{ "{{ $labels.instance }}" }} is down |
| 833 | # - alert: RedisMemoryHigh |
| 834 | # expr: > |
| 835 | # redis_memory_used_bytes{service="{{ template "redis.fullname" . }}-metrics"} * 100 |
| 836 | # / |
| 837 | # redis_memory_max_bytes{service="{{ template "redis.fullname" . }}-metrics"} |
| 838 | # > 90 |
| 839 | # for: 2m |
| 840 | # labels: |
| 841 | # severity: error |
| 842 | # annotations: |
| 843 | # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} is using too much memory |
| 844 | # description: | |
| 845 | # Redis(TM) instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. |
| 846 | # - alert: RedisKeyEviction |
| 847 | # expr: | |
| 848 | # increase(redis_evicted_keys_total{service="{{ template "redis.fullname" . }}-metrics"}[5m]) > 0 |
| 849 | # for: 1s |
| 850 | # labels: |
| 851 | # severity: error |
| 852 | # annotations: |
| 853 | # summary: Redis(TM) instance {{ "{{ $labels.instance }}" }} has evicted keys |
| 854 | # description: | |
| 855 | # Redis(TM) instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. |
| 856 | rules: [] |
| 857 | |
| 858 | ## Metrics exporter pod priorityClassName |
| 859 | # priorityClassName: {} |
| 860 | service: |
| 861 | type: ClusterIP |
| 862 | |
| 863 | ## External traffic policy (when service type is LoadBalancer) |
| 864 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
| 865 | ## |
| 866 | externalTrafficPolicy: Cluster |
| 867 | |
| 868 | ## Use serviceLoadBalancerIP to request a specific static IP, |
| 869 | ## otherwise leave blank |
| 870 | # loadBalancerIP: |
| 871 | annotations: {} |
| 872 | labels: {} |
| 873 | |
| 874 | ## |
| 875 | ## Init containers parameters: |
| 876 | ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup |
| 877 | ## |
| 878 | volumePermissions: |
| 879 | enabled: false |
| 880 | image: |
| 881 | registry: docker.io |
| 882 | repository: bitnami/minideb |
| 883 | tag: buster |
| 884 | pullPolicy: Always |
| 885 | ## Optionally specify an array of imagePullSecrets. |
| 886 | ## Secrets must be manually created in the namespace. |
| 887 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 888 | ## |
| 889 | # pullSecrets: |
| 890 | # - myRegistryKeySecretName |
| 891 | resources: {} |
| 892 | # resources: |
| 893 | # requests: |
| 894 | # memory: 128Mi |
| 895 | # cpu: 100m |
| 896 | |
| 897 | ## Init container Security Context |
| 898 | ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser |
| 899 | ## and not the below volumePermissions.securityContext.runAsUser |
| 900 | ## When runAsUser is set to special value "auto", init container will try to chwon the |
| 901 | ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` |
| 902 | ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). |
| 903 | ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with |
| 904 | ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false |
| 905 | ## |
| 906 | securityContext: |
| 907 | runAsUser: 0 |
| 908 | |
| 909 | ## Redis(TM) config file |
| 910 | ## ref: https://redis.io/topics/config |
| 911 | ## |
| 912 | configmap: |- |
| 913 | # Enable AOF https://redis.io/topics/persistence#append-only-file |
| 914 | appendonly yes |
| 915 | appendfsync everysec |
| 916 | #no-appendfsync-on-rewrite no |
| 917 | #save 900 1 |
| 918 | #save 300 10 |
| 919 | #save 60 10000 |
| 920 | # Disable RDB persistence, AOF persistence already enabled. |
| 921 | save "" |
| 922 | |
| 923 | ## Sysctl InitContainer |
| 924 | ## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) |
| 925 | ## |
| 926 | sysctlImage: |
| 927 | enabled: false |
| 928 | command: [] |
| 929 | registry: docker.io |
| 930 | repository: bitnami/minideb |
| 931 | tag: buster |
| 932 | pullPolicy: Always |
| 933 | ## Optionally specify an array of imagePullSecrets. |
| 934 | ## Secrets must be manually created in the namespace. |
| 935 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 936 | ## |
| 937 | # pullSecrets: |
| 938 | # - myRegistryKeySecretName |
| 939 | mountHostSys: false |
| 940 | resources: {} |
| 941 | # resources: |
| 942 | # requests: |
| 943 | # memory: 128Mi |
| 944 | # cpu: 100m |
| 945 | |
| 946 | ## PodSecurityPolicy configuration |
| 947 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ |
| 948 | ## |
| 949 | podSecurityPolicy: |
| 950 | ## Specifies whether a PodSecurityPolicy should be created |
| 951 | ## |
| 952 | create: false |
| 953 | |
| 954 | ## Define a disruption budget |
| 955 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| 956 | ## |
| 957 | podDisruptionBudget: |
| 958 | enabled: false |
| 959 | minAvailable: 1 |
| 960 | # maxUnavailable: 1 |